5 Commits

Author	SHA1	Message	Date
Nick Meves	7eeaea0b3f	Support nonce checks in OIDC Provider (#967) ... * Set and verify a nonce with OIDC * Create a CSRF object to manage nonces & cookies * Add missing generic cookie unit tests * Add config flag to control OIDC SkipNonce * Send hashed nonces in authentication requests * Encrypt the CSRF cookie * Add clarity to naming & add more helper methods * Make CSRF an interface and keep underlying nonces private * Add ReverseProxy scope to cookie tests * Align to new 1.16 SameSite cookie default * Perform SecretBytes conversion on CSRF cookie crypto * Make state encoding signatures consistent * Mock time in CSRF struct via Clock * Improve InsecureSkipNonce docstring	2021-04-21 10:33:27 +01:00
Joel Speed	8059a812cd	Integrate new header injectors with OAuth2 Proxy	2020-11-07 17:16:58 +00:00
Mitsuo Heijo	3fa42edb73	Fix import path for v7 (#800) ... * fix import path for v7 find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|' * fix module path * go mod tidy * fix installation docs * update CHANGELOG * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>	2020-09-29 17:44:42 +01:00
Nick Meves	6db1aeb9c6	Validate Redis session store health on startup	2020-09-24 10:41:43 -07:00
Nick Meves	bb5977095f	Add option to remove tokens from cookie sessions (#673) ... * Add option to remove tokens from cookie sessions * Move Minimal to be an option on CookieSession * Add sessionOptionsDefaults helper	2020-07-14 23:02:10 +01:00