1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Commit Graph

160 Commits

Author SHA1 Message Date
Konstantine
fef940da9a Added userinfo endpoint (#300)
* Added userinfo endpoint

* Added documentation for  the userinfo endpoint

* Update oauthproxy.go

Co-Authored-By: Dan Bond <pm@danbond.io>

* Suggested fixes :  Streaming json to rw , header set after error check

* Update oauthproxy.go

Co-Authored-By: Dan Bond <pm@danbond.io>

* fix session.Email

* Ported tests and updated changelog
2019-11-07 14:38:36 -08:00
Kirill Motkov
e64e6fa514 Some code improvements
* Remove shadowing of predeclared identifier: new.
* strings.ReplaceAll instead of strings.Replace with -1.
* Change strings.ToLower comparison to strings.EqualFold.
* Rewrite if-else-if-else chain as a switch.
2019-10-09 15:44:26 +03:00
Ian Hunter
a209a52df1 More fully support X-Auth-Request-Redirect header
Docs showed that the X-Auth-Request-Redirect header can specify a redirect URI, but only the rd POST parameter was being honored
This fixes that.
2019-08-17 15:50:44 -05:00
Adam Eijdenberg
d5d4878a29 Made setting of proxied headers deterministic based on configuration
alone

Previously some headers that are normally set by the proxy (and may be
replied upstream for authorization decisiions) were not being set
depending on values in the users sesssion.

This change ensure that if a given header is sometimes set, it will
always be either set or removed.

It might be worth considerating always deleting these headers if we
didn't add them.
2019-08-16 11:44:43 +10:00
ferhat elmas
fb52bdb90c Fix some typos 2019-08-13 12:42:23 +02:00
jansinger
7134d22bcc New flag "-ssl-upstream-insecure-skip-validation" (#234)
* New flag "-ssl-upstream-insecure-skip-validation" to skip SSL validation for upstreams with self generated / invalid SSL certificates.

* Fix tests for modified NewReverseProxy method.

* Added change to the changelog.

* Remove duplicate entries from changelog.
2019-08-07 17:48:53 +01:00
Karl Skewes
4e10cc76e0 Add silence ping logging flag using ExcludePath
- Add `ping-path` option to enable switching on and passing to `logger.go`
  Default remains unchanged at: `"/ping"`
- Add note in configuration.md about silence flag taking precedence

Potential tests:
- `options.go` sets `logger.SetExcludePath` based on silence flag?
- Changing `PingPath` reflected in router?
2019-07-16 09:46:53 +12:00
Joel Speed
630db3769b
Merge branch 'master' into refactor 2019-07-15 11:30:43 +01:00
Henry Jenkins
aa37564655
Merge branch 'master' into banner-flag 2019-07-02 14:03:21 +01:00
Henry Jenkins
924eab6355 Adds banner flag
This is to override what's displayed on the main page.
2019-06-25 16:41:51 +01:00
Henry Jenkins
d24aacdb5c Fix lint errors 2019-06-23 21:39:13 +01:00
Brian Van Klaveren
bd651df3c2 Ensure groups in JWT Bearer tokens are also validated
Fix a minor auth logging bug
2019-06-20 13:40:04 -07:00
Brian Van Klaveren
5a50f6223f Do not infer username from email 2019-06-17 12:58:40 -07:00
Brian Van Klaveren
2f6dcf3b5f Move refreshing code to block acquiring cookied session 2019-06-17 12:52:44 -07:00
Brian Van Klaveren
58b06ce761 Fall back to using sub if email is none (as in PR #57) 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
187960e9d8 Improve token pattern matching
Unit tests for token discovery
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
8083501da6 Support JWT Bearer Token and Pass through 2019-06-17 12:51:35 -07:00
Joel Speed
6366690927
Fix gofmt for changed files 2019-06-15 11:34:00 +02:00
Joel Speed
fb9616160e
Move logger to pkg/logger 2019-06-15 11:33:58 +02:00
Joel Speed
d1ef14becc
Move cookie to pkg/encryption 2019-06-15 11:33:57 +02:00
Adam Eijdenberg
d69560d020 No need for case when only 2 conditions 2019-06-15 18:48:27 +10:00
Adam Eijdenberg
f35c82bb0f The AuthOnly path also needs the response headers set 2019-06-07 14:25:12 +10:00
Adam Eijdenberg
9e59b4f62e Restructure so that serving data from upstream is only done when explicity allowed, rather
than as implicit dangling else
2019-06-07 13:50:44 +10:00
Joel Speed
093f9da881
Move cipher creation to options and away from oauth2_proxy.go 2019-05-20 11:26:13 +02:00
Joel Speed
37e31b5f09
Remove dead code 2019-05-20 11:26:11 +02:00
Joel Speed
c61f3a1c65
Use SessionStore for session in proxy 2019-05-20 11:26:10 +02:00
Joel Speed
fbee5eae16
Initialise SessionStore in Options 2019-05-20 11:26:04 +02:00
Joel Speed
2ab8a7d95d
Move SessionState to its own package 2019-05-18 13:09:56 +02:00
timothy-spencer
1a8bd70b46
fixing code redemption error string logging 2019-05-07 10:47:15 -07:00
Mister Wil
9eaa9fdcbf
Standardizing log messages to colons 2019-04-23 09:36:18 -07:00
MisterWil
d77119be55 Merging changes 2019-04-12 09:26:44 -07:00
MisterWil
c22731afa0 Fixed linting errors. 2019-04-12 08:59:46 -07:00
MisterWil
37c415b889 Self code review changes 2019-04-12 08:59:46 -07:00
MisterWil
8ec025f536 Auth and standard logging with file rolling 2019-04-12 08:59:46 -07:00
Costel Moraru
071d17b521 Expose -cookie-path as configuration parameter 2019-04-10 00:36:35 +03:00
gyson
978c0a33e4 Improve websocket support 2019-03-22 17:19:38 -04:00
Patrick Koenig
6f9eac5190
Set redirect URL path when host is present 2019-03-20 09:25:04 -07:00
einfachchr
f715c9371b Fixes deletion of splitted cookies - Issue #69 (#70)
* fixes deletion of splitted cookies

* three minor adjustments to improve the tests

* changed cookie name matching to regex

* Update oauthproxy.go

Co-Authored-By: einfachchr <einfachchr@gmail.com>

* removed unused variable

* Changelog
2019-03-15 07:18:37 +00:00
Joel Speed
e195a74e26
Revert OAuthCallbackPath 2019-03-12 16:46:37 +00:00
Adam Szalkowski
c7193b4085 Merge websocket proxy feature from openshift/oauth-proxy. Original author: Hiram Chirino <hiram@hiramchirino.com> 2019-03-11 14:05:16 +01:00
dt-rush
549766666e fix redirect url param handling (#10)
* Added conditional to prevent user-supplied redirect URL getting
clobbered

Change-type: patch

* use redirectURL as OAuthCallbackURL (as it should be!)

Change-type: patch
2019-03-05 14:58:26 +00:00
David Holsgrove
2280b42f59 Access token forwarding through nginx auth request (#68)
* Access token forwarding through nginx auth request

Related to #420.

(cherry picked from commit b138872bea)
Signed-off-by: David Holsgrove <david.holsgrove@biarri.com>

* Improved documentation for auth request token

(cherry picked from commit 6fab314f72)
Signed-off-by: David Holsgrove <david.holsgrove@biarri.com>

* Update README.md

Example should set header as `X-Access-Token`

Co-Authored-By: davidholsgrove <davidholsgrove@users.noreply.github.com>

* Update Changelog to reference https://github.com/pusher/oauth2_proxy/pull/68

* Fix Changelog message location
2019-02-22 07:49:57 +00:00
Joel Speed
fb13ee87c8
Merge pull request #34 from marratj/cookie-separator
Change cookie index separator to underscore
2019-02-03 13:21:51 +00:00
Joel Speed
fa2545636b
Merge pull request #15 from pusher/whitelist-domains
Whitelist domains
2019-02-02 18:55:37 +00:00
Marcel Juhnke
a339baf94e change cookie index separator to underscore 2019-01-31 20:07:28 +01:00
Cosmin Cojocar
3326194422 Extract the application/json mime type into a const 2019-01-31 16:23:01 +01:00
Cosmin Cojocar
c12db0ebf7 Returns HTTP unauthorized for ajax requests instead of redirecting to the sing-in page 2019-01-31 16:23:01 +01:00
Steve Arch
01c5f5ae3b Implemented flushing interval (#23)
* Implemented flushing interval

When proxying streaming responses, it would not flush the response writer buffer until some seemingly random point (maybe the number of bytes?). This makes it flush every 1 second by default, but with a configurable interval.

* flushing CHANGELOG

* gofmt and goimports
2019-01-31 14:02:15 +00:00
Joel Speed
bc4d5941fc
Remove duplicated logic 2019-01-30 17:30:48 +00:00
Joel Speed
2a1691a994
Add whitelist domains flag 2019-01-30 17:30:40 +00:00