go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-08 04:03:58 +02:00
Code Issues Releases Activity
946 Commits 28 Branches 34 Tags 82 MiB
7a6204c8fd
Commit Graph

82 Commits

Author SHA1 Message Date
Jakub Holy
7a6204c8fd
Fix #384 - link to sessions.md (#391) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-02-15 14:41:35 +00:00
Pavel Kirichenko
f2661c47ba
Support for client secret file. (#355) 
* added ClientSecretFile in ProviderData

* add documentation notes on client secret file

* added Changelog entry for Client Secret File PR

* fixing configuration.md

* addressing PR issue of ClientSecret property naming

* Update providers/provider_data.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* corrected changelog entry

* fixed typo in GetClientSecret

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-02-15 13:44:39 +00:00
Yan Yao
18d20364a8
Extension of Redis Session Store to Support Redis Cluster (#363) 
* Extend the redis session store to support redis cluster

* rename function newRedisClient to newRedisCmdable

* update docs about redis cluster as session store

* update autocomplete script with redis cluster options

* add check about conflict between option redis-use-sentinel and redis-use-cluster

* update change log

* Update docs/configuration/sessions.md

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/sessions/redis/redis_store.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* add the dropped option back

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-02-06 17:59:12 +00:00
Nick Watts
3ae261031e
Add sign_out endpoint to endpoint documentation page (#383) 2020-02-05 16:28:51 +00:00
Martin Campbell
d9362d3bb9 Add reverse proxy setting (#331) 
* Add reverse proxy setting (#321)
 2020-01-24 17:54:13 +00:00
dependabot[bot]
a7672c82bc
Bump rubyzip from 1.2.2 to 2.0.0 in /docs 
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 1.2.2 to 2.0.0.
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md)
- [Commits](https://github.com/rubyzip/rubyzip/compare/v1.2.2...v2.0.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-01-20 19:28:58 +00:00
Joel Speed
17d9961cb9
Merge branch 'master' into pgroudas/add-samesite-cookie-options 2020-01-20 19:21:51 +00:00
Dan Bond
11cc396059
Merge branch 'master' into kamal/whitelist-redirects-with-ports 2020-01-15 14:03:17 +00:00
Kamal Nasser
eee4b55e0f DigitalOcean Auth Provider (#351) 
* DigitalOcean provider

* documentation: digitalocean provider

* changelog: digitalocean provider

* codeowners: digitalocean provider
 2020-01-15 11:09:34 +00:00
Dan Bond
625909e445
Merge branch 'master' into kamal/whitelist-redirects-with-ports 2020-01-10 09:48:25 +00:00
sushiMix
f94dee6f0d Update keycloak provider configuration doc (#347) 
* update keycloak provider configuration doc

* Add changelog entry
 2020-01-10 09:41:08 +00:00
Kamal Nasser
5489d1624e
Merge branch 'master' into kamal/whitelist-redirects-with-ports 2020-01-08 22:24:56 +02:00
Paul Groudas
5d0827a028 Add configuration for cookie 'SameSite' value. 
Values of 'lax' and 'strict' can improve and mitigate
some categories of cross-site traffic tampering.

Given that the nature of this proxy is often to proxy
private tools, this is useful to take advantage of.

See: https://www.owasp.org/index.php/SameSite
 2020-01-06 12:21:52 -05:00
Casey Link
227ea5da44 Add Nextcloud provider (#179) 2019-11-25 18:47:21 +01:00
Felix Fontein
11205c7399 Allow to change provider's name (#296) 
* Allow to change provider's name.

* Add changelog entry.

* Linting.

* provider-name -> provider-display-name.

* Add flag in main.go.

* Update CHANGELOG.md
 2019-11-25 17:20:37 +00:00
Christian Groschupp
6d74a42e57
Merge branch 'master' into feat/static-upstream 2019-11-19 12:23:42 +01:00
Kamal Nasser
6d1b5fc4b0
Merge branch 'master' into kamal/whitelist-redirects-with-ports 2019-11-14 17:19:21 +02:00
Konstantine
fef940da9a Added userinfo endpoint (#300) 
* Added userinfo endpoint

* Added documentation for  the userinfo endpoint

* Update oauthproxy.go

Co-Authored-By: Dan Bond <pm@danbond.io>

* Suggested fixes :  Streaming json to rw , header set after error check

* Update oauthproxy.go

Co-Authored-By: Dan Bond <pm@danbond.io>

* fix session.Email

* Ported tests and updated changelog
 2019-11-07 14:38:36 -08:00
Christian Groschupp
9e4a7ee84e
Merge branch 'master' into feat/static-upstream 2019-11-01 17:34:27 +01:00
Joel Speed
acb0d3ab79
Add logo to docs site 2019-10-30 10:04:29 +00:00
Joel Speed
14601093c4
Add logos to docs folder 2019-10-30 09:57:24 +00:00
Dan Bond
f40dab8748 Rewrite dist script (#302) 
* Rewrite dist scripts

* add changelog entry

* remove multiple loops in dist

* styling
 2019-10-29 17:27:08 +00:00
Dan Bond
90a6915ab1 fix bad grammar in upstreams configuration docs 2019-10-25 13:47:28 -07:00
Kamal Nasser
1af7c208ee Update documentation and changelog 2019-10-23 16:48:16 +03:00
Josh Michielsen
052451edef Merge branch 'Issue#259-RedirectToHTTPS' of github.com:jmickey/oauth2_proxy into Issue#259-RedirectToHTTPS 2019-10-17 22:20:21 +01:00
Josh Michielsen
56d195a433 Docs and changelog 
Signed-off-by: Josh Michielsen <github@mickey.dev>
 2019-10-17 22:20:15 +01:00
Christian Groschupp
1295f87b33
Add static upstream 2019-10-10 10:14:00 +02:00
leyshon
ef22a0f4b6
Merge branch 'master' into feature/azure-idtoken 2019-10-04 13:32:29 +01:00
leyshon
0b2eb91fa4
Update docs/2_auth.md 
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
 2019-10-03 11:46:04 +01:00
Joel Speed
b515b90b34
Fix permalinks for configuration and sessions 2019-10-03 11:10:06 +01:00
leyshon
d8d4c687df
Merge branch 'master' into feature/azure-idtoken 2019-10-02 10:33:08 +01:00
T S
513af9b714 Escape original request URI in sample kubernetes ingress configuration 
The current sample configuration for kubernetes ingress demonstrates
using the `auth-signin` annotation to redirect a user to oauth2_proxy's
signin page. It constructs the link to do so by directly concatenating
`$request_uri` as the `rd` parameter, so the sign-in page knows where to
send the user after signin is complete.

However, this does not work correctly if the original request URI
contains multiple query parameters separated by an ampersand, as that
ampersand is interpereted as separating query parameters of the
`/oauth2/start` URI. For example:

If the user requests a URL:
  https://example.com/foo?q1=v1&q2=v2
they may be redirected to the signin url
  https://example.com/oauth2/start?rd=https://example.com/foo?q1=v1&q2=v2
and after completing signin, oauth2_proxy will redirect them to
  https://example.com/foo?q1=v1

nginx-ingress added an $escaped_request_uri variable about a year ago,
to help resolve this kind of issue
(https://github.com/kubernetes/ingress-nginx/pull/2811)
 2019-10-01 12:28:00 -07:00
Joel Speed
ac0d010371
Merge branch 'master' into support-x-auth-request-redirect 2019-09-30 17:21:05 +01:00
Dan Bond
85a1ed5135
Merge branch 'master' into keycloak-provider 2019-09-25 13:21:46 -07:00
Ian Hunter
8098094fc2 Merge branch 'master' of github.com:pusher/oauth2_proxy into support-x-auth-request-redirect 2019-09-19 11:27:27 -05:00
leyshon
1aad87d7ca Fixing a small typo in the docs 2019-09-02 16:03:48 +01:00
leyshon
21aba50ea5 Adding a note to the Azure provider documentation to mention issues with the size of the cookie session storage 2019-09-02 16:00:28 +01:00
Nelson Menezes
82a3d5afdc Add clarification about plural env vars (#252) 2019-08-27 09:15:33 -07:00
dependabot[bot]
b83b7565f3
Bump nokogiri from 1.10.1 to 1.10.4 in /docs 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.1 to 1.10.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.1...v1.10.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2019-08-21 10:05:52 +00:00
Ian Hunter
a209a52df1 More fully support X-Auth-Request-Redirect header 
Docs showed that the X-Auth-Request-Redirect header can specify a redirect URI, but only the rd POST parameter was being honored
This fixes that.
 2019-08-17 15:50:44 -05:00
Henry Jenkins
71dfd44149
Merge branch 'master' into keycloak-provider 2019-08-17 08:10:37 +01:00
Henry Jenkins
a65d38d181
Merge branch 'master' into fix-docs-links 2019-08-14 12:04:23 +01:00
Henry Jenkins
c941f3ce0d
Merge branch 'master' into fix-docs-links 2019-08-13 21:23:45 +01:00
Brady Mitchell
272fb96024 add back nginx-auth-request <a name 2019-08-13 09:12:48 -07:00
Brady Mitchell
bc5fc5a513 remove unnecessary <a> tags 2019-08-13 09:01:38 -07:00
ferhat elmas
fb52bdb90c Fix some typos 2019-08-13 12:42:23 +02:00
Brady Mitchell
9938bb95d9
Merge branch 'master' into docFormat 2019-08-11 17:23:33 -07:00
Brady Mitchell
4b985992d8 add missing header border 2019-08-11 17:21:32 -07:00
Henry Jenkins
8b61559b8d Fix links in docs 
- Fixed a bunch of references to the repo, which were 404ing
- Fixed a couple of things that 301/302ed
- Fixed some in page references
 2019-08-11 16:07:03 +01:00
Vitalii Tverdokhlib
9e37de53e3
docs: fix path to oauth2_proxy.cfg 2019-08-11 14:55:19 +03:00