1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-10 22:51:31 +02:00
Commit Graph

2191 Commits

Author SHA1 Message Date
gitgabz
487a0a5b99 Added documentation for the keycloak-oidc provider and the new Keycloak admin console #1931 (#1999)
* Added documentation for the keycloak-oidc provider in regard to the new Keycloak admin console "Admin2". As of v19.0.0 it is the default web console and OAuth2 proxy documentation has been updated to show end-users how to create a sample test Keycloak OIDC client to integrate with Oauth2 Proxy.

* Issue #1931
Added documentation for the keycloak-oidc provider in regard to the new Keycloak admin console "Admin2". As of v19.0.0 it is the default web console and OAuth2 proxy documentation has been updated to show end-users how to create a sample test Keycloak OIDC client to integrate with Oauth2 Proxy.
Added a link in the documentation to older keycloak-oidc pull request, as the provider currently evaluates aud from the access token and not the id token.

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-03-05 18:24:10 +00:00
Cory Bolar
1bb3fbcea6 Ensure sign-in page background is uniform throughout the page (#1988)
* Ensure sign-in page background is uniform throughout the page

Configured banners that take up large amounts of space leave a gap of blank
background between where the body ends and the footer starts.  Fix this by
setting the style for the section containing the banner to match the body and
footer

* Add changelog entry

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-03-05 17:24:35 +00:00
Nuno Miguel Micaelo Borges
e079c60dfe Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is wri… (#2013)
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Fixes CVE-2022-41721 (#1994)

See: https://avd.aquasec.com/nvd/2022/cve-2022-41717/

* update checkout actions (#1981)

* Fix a typo in oauthproxy.go (#2021)

* fix typo (#2001)

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

---------

Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
Co-authored-by: Jeroen Landheer <jlandheer@bintelligence.nl>
Co-authored-by: Ryuichi Watanabe <ryucrosskey@gmail.com>
Co-authored-by: Ho Kim <ho.kim@ulagbulag.io>
Co-authored-by: Terrell Russell <terrellrussell@gmail.com>
2023-03-05 17:12:55 +00:00
Terrell Russell
f204625791 fix typo (#2001) 2023-02-20 14:21:42 +00:00
Ho Kim
2faa91eb74 Fix a typo in oauthproxy.go (#2021) 2023-02-20 10:21:59 +00:00
Ryuichi Watanabe
fd50a35784 update checkout actions (#1981) 2023-02-13 09:26:09 +00:00
Jeroen Landheer
a061cd52e9 Fixes CVE-2022-41721 (#1994)
See: https://avd.aquasec.com/nvd/2022/cve-2022-41717/
2023-02-13 09:25:33 +00:00
Nuno Miguel Micaelo Borges
cbc973c8d9 Issue 1878: Validate URL call does not correctly honor already set UR… (#1951)
* Issue 1878: Validate URL call does not correctly honor already set URL parameters

* Issue 1878: Validate URL call does not correctly honor already set URL parameters

* Update CHANGELOG.md

---------

Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-02-10 18:36:13 +00:00
Amith KK
df8df9b536 Update formatting error in overview for custom-sign-in-logo (#1886) 2023-02-10 18:35:27 +00:00
Joel Speed
13202fd5ea Merge pull request #1920 from mdreem/do-not-remove-emails-claim
Fill empty UserIDClaim before assigning it to other values
2023-02-06 09:16:58 +00:00
Marc Schiereck
5577cf0151 add changelog entry 2023-02-03 14:35:33 +00:00
Marc Schiereck
82bb08609f Fill empty UserIDClaim before assigning it to other values 2023-02-03 14:25:25 +00:00
Joel Speed
2d674959a2 Merge pull request #1991 from OmAximani0/patch-1
Changes `checkout` version to `v3`
2023-01-30 09:59:41 +00:00
Om Aximani
cefeff5561 Chnages checkout version to v3 2023-01-27 22:53:05 +05:30
Kobi Meirson
f753ec1ca5 feat: readiness check (#1839)
* feat: readiness check

* fix: no need for query param

* docs: add a note

* chore: move the readyness check to its own endpoint

* docs(cr): add godoc

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-12-23 09:08:12 +00:00
Jan Larwig
8b77c97009 Fix default scope settings for none oidc providers like GitHub (#1927)
* fix default scope settings for none oidc providers

* add changelog for bugfix

* fix scope test cases by producing and accessing correct result value
2022-12-23 09:00:57 +00:00
Joel Speed
ddcc433a97 Merge pull request #1936 from braunsonm/pkce-code-verifier-correction
Remove unsupported special characters from the code verifier runes
2022-12-19 10:01:39 +00:00
Braunson M
311d210ec4 Remove unsupported special characters from the code verifier runes
- Not all special ASCII characters are strictly supported by the spec
2022-12-16 19:57:02 -05:00
Braunson
0832488af3 Merge pull request #1906 from braunsonm/braunsonm/issue1897
Fix PKCE code verifier generation to never use UTF-8 characters
2022-12-12 07:59:10 -05:00
Braunson M
f4f5b7756c Fix PKCE code verifier generation to never use UTF-8 characters
- This could result in intermittent/random failures of PKCE enabled IdP's
2022-11-18 20:37:14 -05:00
Damien Degois
fd2807c091 Fix uninitialized user claim (#1873)
* Fix uninitialized user claim

Some providers doesn't initialize data with setProviderDefaults function
(keycloak-oidc for example), therefore UserClaim is never initialized
with the default value and stay as an empty string.
This result in an empty user.

* Add CHANGELOG.md entry for #1873

* Call setProviderDefaults where missing

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-11-07 08:42:33 +00:00
Joel Speed
e9a4654358 Merge pull request #1883 from braunsonm/issue-1593
Set correct platform type for arm v8 docker images
2022-11-04 10:15:47 +00:00
Braunson M
92b2231c6f Set correct platform type for arm v8 docker images
- A previous attempt used the wrong platform value which resulted in a build without the v8 variant being
created.
- Platform formatting is defined in the containerd source code as referenced by the docker documentation:
https://github.com/containerd/containerd/blob/v1.4.3/platforms/platforms.go#L63

Fixes #1593 - again
2022-11-03 21:28:05 -04:00
Joel Speed
9484a67afc Merge pull request #1882 from babs/atrocious-fix-for-test-race-condition-on-htpasswd
Fix for test race condition on htpasswd file
2022-11-03 14:46:20 +00:00
Damien Degois
86011e8ac7 Protect htpasswd user list from race condition 2022-11-03 15:38:41 +01:00
Joel Speed
aafa966550 Merge pull request #1867 from oauth2-proxy/release-v7.4.0
Release v7.4.0
v7.4.0
2022-10-29 13:27:20 +01:00
Joel Speed
efe9aed559 Create versioned docs for release v7.4.x
Created with: yarn run docusaurus docs:version 7.4.x
2022-10-29 13:19:49 +01:00
Joel Speed
2c21b2830d Update changelog for v7.4.0 release 2022-10-29 13:19:48 +01:00
Joel Speed
4993a5ac8b Merge pull request #1862 from oauth2-proxy/update-deps
Update dependencies
2022-10-29 12:57:15 +01:00
Joel Speed
d4e3bf4df0 Update changelog 2022-10-29 12:49:54 +01:00
Joel Speed
4a2cf153cf Fixup update session state handling 2022-10-29 12:49:53 +01:00
Joel Speed
0586a9e072 Update middleware tests 2022-10-29 12:49:52 +01:00
Joel Speed
b333ef89bc Update providers tests 2022-10-29 12:49:51 +01:00
Joel Speed
7034f0db53 Do not update viper
This breaks our deafult structures tests
2022-10-29 12:49:50 +01:00
Joel Speed
5dfefb6d9b Update session state handling 2022-10-29 12:49:49 +01:00
Joel Speed
f55d24bfcf Update dependencies
Ran `go get -u` to update depdendencies automatically to newer versions.
I'm aware of a few CVEs that this should resolve
2022-10-29 12:49:48 +01:00
dulakm
95e56e3445 updated release notes regarding azure provider issue (#1771) 2022-10-28 08:32:19 +01:00
Muhammad Arham
1e21a56f99 Update go-redis/redis to v9. (#1847)
* Update go-redis/redis to v9.
- And updated redislock, testify, ginko and gomega have also been updated.
- Renamed the option `IdleTimeout` to `ConnMaxIdleTime` because of 517938a6b0/CHANGELOG.md

* Update CHANGELOG.md

* Dropping dot import of the types since they created aliases now

* fixing some error messages to make tests happy

* updating more error messages that were changed to make tests happy

* reverting error messages

Co-authored-by: Muhammad Arham <marham@i2cinc.com>
2022-10-24 16:41:06 +01:00
Damien Degois
5b5894af07 Keycloak provider - Retain user and prefered_username in session (#1815)
* Keycloak provider - Retain user and prefered_username in session

* Add CHANGELOG for PR #1815
2022-10-24 08:47:59 +01:00
Centzilius
ece3d62d64 set providerDefaults for oidc consistently (#1828)
* set providerDefaults for oidc consistently

* docs: document #1828 in CHANGELOG
2022-10-23 10:48:20 +01:00
Joel Speed
cfcba1a7fc Merge pull request #1811 from mdoro-13/warn_about_potential_mistake_in_whitelist-domain
Warn not to include URL instead of domain and port
2022-10-23 11:47:01 +02:00
Joel Speed
d9a33df29d Merge pull request #1851 from adriananeci/bump_go
Bump golang to 1.19 and min allowed version to 1.18
2022-10-23 11:44:45 +02:00
Adrian Aneci
2f1fecae39 add changelog entry 2022-10-22 17:17:36 +03:00
Adrian Aneci
b3df9aecc2 Bump golang to 1.19 and min allowed version to 1.18 2022-10-21 20:40:58 +03:00
Joel Speed
19bb0d0e86 Merge pull request #1574 from adriananeci/azure_support_upstream
Add Azure groups support and Azure OAuth v2.0
2022-10-21 19:31:10 +02:00
Adrian Aneci
a5d918898c Add azure groups support and oauth2 v2.0 2022-10-21 20:23:21 +03:00
Andrew Hamade
7fe6384f38 Fix Linting Errors (#1835)
* initial commit: add groups to azure

Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>

* fix deprecations and linting errors

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* remove groups testing from azure provider

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* fix test error

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* verify-generate

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
2022-10-21 11:57:51 +01:00
Sven Schliesing
a6c8f6f04a Change "API Manager" to "APIs & Services" (#1824) 2022-10-15 14:33:53 +01:00
Chris Bednarz
6afcae295a Updated net and text packages to address CVE-2022-27664 and CVE-2022-32149. (#1825)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-10-15 14:33:44 +01:00
NiteHawk
c395669649 20220802 fix nextcloud (#1750)
* Avoid Nextcloud "Current user is not logged in" (Statuscode 997)

The error message results from oauth2-proxy trying to pass the
access token via URL. Instead it needs to be sent via header,
thus the Nextcloud provider requires a fix similar to what #1502
did before for the keycloak provider.

* Implement EnrichSession() for Nextcloud provider

Parse nested JSON to transform relevant information (groups, id,
email) from the OAuth2 userinfo endpoint into session.

* Update CHANGELOG.md (add link to PR #1750)
2022-10-15 14:25:15 +01:00