go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-02-03 13:21:51 +02:00
Code Issues Releases Activity
964 Commits 27 Branches 36 Tags
Commit Graph

20 Commits

Author SHA1 Message Date
Felix Fontein
d934309b44
Add preferred_username support (OIDC provider) (#420) 
* Add support for preferred username.

* Add missing TOC entries.

* Add note about preferred_username support.

* Adjust tests.

* Check on not implemented error for GetPreferredUsername() call.

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-03-01 15:02:51 +00:00
Pavel Kirichenko
f2661c47ba
Support for client secret file. (#355) 
* added ClientSecretFile in ProviderData

* add documentation notes on client secret file

* added Changelog entry for Client Secret File PR

* fixing configuration.md

* addressing PR issue of ClientSecret property naming

* Update providers/provider_data.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* corrected changelog entry

* fixed typo in GetClientSecret

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-02-15 13:44:39 +00:00
Ben Letton
10adb5c516
Support optional id_tokens in refresh responses (#335) 
* OIDC Token Refresh works without id_tokens

Addresses https://github.com/pusher/oauth2_proxy/issues/318

Refactoring the OIDC provider so that the refresh process works when there are
no id_tokens present in the response. Added unit tests to the oidc_test.go to prove
the redeem and refresh still work.

The expiry time of the session is now taken from the outh token expiry and not
the id_token (preventing stale access_tokens in sessions).

* Refactoring the to use a KeySetStub in the oidc_test.go. This allows the
elimination of the slightly contrived function passing elements used
previously. (This change is being applied to address the bug #318)

* Changes as per the PR comments and preparing for 5.x release

* Fixup changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-02-06 18:09:30 +00:00
Ryan Luckie
93cb575d7c Fix error message for clarity 2019-07-19 08:59:29 -05:00
Ryan Luckie
f537720b52 fix lint errors 2019-07-19 08:57:05 -05:00
Ryan Luckie
122ec45dd8 Requested changes 2019-07-19 08:55:14 -05:00
Ryan Luckie
0d94f5e515 fix lint error 2019-07-19 08:53:20 -05:00
Ryan Luckie
2eecf756e4 Add OIDC support for UserInfo Endpoint Email Verification 
* Current OIDC implementation asserts that user email check must come
from JWT token claims. OIDC specification also allows for source
of user email to be fetched from userinfo profile endpoint.
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

* First, attempt to retrieve email from JWT token claims.  Then fall back to
requesting email from userinfo endpoint.

* Don't fallback to subject for email

https://github.com/bitly/oauth2_proxy/pull/481
 2019-07-19 08:53:20 -05:00
Daryl Finlay
018a25be04 Create option to skip verified email check in OIDC provider 2019-07-11 15:29:48 +01:00
Brian Van Klaveren
b895f49c52 Use idToken expiry because that's the time checked for refresh 
RefreshSessionIfNeeded checks the token expiry, we want to use
the ID token's expiry
 2019-06-17 12:51:35 -07:00
Joel Speed
34cbe0497c
Add CreatedAt to SessionState 2019-05-20 11:26:09 +02:00
Joel Speed
2ab8a7d95d
Move SessionState to its own package 2019-05-18 13:09:56 +02:00
Phil Taprogge
56da8387c0
Include JWT sub as User 2019-05-07 11:57:17 +01:00
Aigars Mahinovs
7acec6243b Fall back to using OIDC Subject instead of Email 
Email is not mandatory field, Subject is mandatory and expected to be unique. Might want to take a look at UserInfo first, however.

Issue: #56
 2019-03-08 13:39:08 +01:00
Joel Speed
cac2c9728d
Validate OIDC Session State 2019-01-22 11:34:57 +00:00
Joel Speed
1b638f32ac
Implement refreshing within OIDC provider 2019-01-22 11:34:56 +00:00
Joel Speed
68d4164897
Add Authorization header flags 2019-01-22 11:34:23 +00:00
Joel Speed
e200bd5c20
Add comments to exported methods for providers package 2018-12-20 10:37:59 +00:00
Joshua Carp
34d96f8d84 Add OpenID Connect provider name. 2017-10-08 00:40:36 -04:00
Eric Chiang
cb48577ede *: add an OpenID Connect provider 
See the README for usage with Dex or any other OIDC provider.

To test run a backend:

    python3 -m http.server

Run dex and modify the example config with the proxy callback:

    go get github.com/coreos/dex/cmd/dex
    cd $GOPATH/src/github.com/coreos/dex
    sed -i.bak \
      's|http://127.0.0.1:5555/callback|http://127.0.0.1:5555/oauth2/callback|g' \
       examples/config-dev.yaml
    make
    ./bin/dex serve examples/config-dev.yaml

Then run the oauth2_proxy

    oauth2_proxy \
      --oidc-issuer-url http://127.0.0.1:5556/dex \
      --upstream http://localhost:8000 \
      --client-id example-app \
      --client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 \
      --cookie-secret foo \
      --email-domain '*' \
      --http-address http://127.0.0.1:5555 \
      --redirect-url http://127.0.0.1:5555/oauth2/callback \
      --cookie-secure=false

Login with the username/password "admin@example.com:password"
 2017-09-08 09:32:51 -07:00