go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-17 00:17:40 +02:00
Code Issues Releases Activity
1,428 Commits 24 Branches 38 Tags
ef457b17653c3d5d390c7856f3953f3e6bd2b96c
Commit Graph

1428 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Meves
0886f8035c Move all Keycloak unit tests to Ginkgo 2020-12-24 14:04:19 -08:00
Nick Meves
3369799853 Migrate Keycloak to EnrichSession & support multiple groups 2020-12-24 14:04:19 -08:00
Nick Meves
89e0a77a8f Merge pull request #849 from grnhse/is-831-auth-querystring-groups 
Group/Role Access Restriction support in `/oauth2/auth` endpoint
 2020-12-24 12:21:40 -08:00
Nick Meves
753f6c548a Add a detailed allowed_groups example to Important Notes 2020-12-24 12:05:12 -08:00
Nick Meves
65e15f24c1 Support only allowed_groups querystring 2020-12-24 12:05:12 -08:00
Nick Meves
025056cba0 Move AuthOnly authorize logic to a dedicated method 2020-12-24 12:05:11 -08:00
Nick Meves
44d83e5f95 Use StatusForbidden to prevent infinite redirects 2020-12-24 12:04:01 -08:00
Nick Meves
23b2355f85 Allow group authZ in AuthOnly endpoint via Querystring 2020-12-24 12:04:01 -08:00
Joel Speed
8bd2409342 Merge pull request #936 from grnhse/oidc-provider-refactor 
OIDC Provider Refactor
 2020-12-23 19:04:51 +00:00
Nick Meves
d2ffef2c7e Use global OIDC fields for Gitlab 2020-12-21 16:54:12 -08:00
Nick Meves
42f6cef7d6 Improve OIDC error handling 2020-12-21 16:53:05 -08:00
Nick Meves
ea5b8cc21f Support non-list and complex groups 2020-12-21 16:52:18 -08:00
Nick Meves
eb56f24d6d Deprecate UserIDClaim in config and docs 2020-12-21 16:52:17 -08:00
Nick Meves
74ac4274c6 Move generic OIDC functionality to be available to all providers 2020-12-21 16:52:04 -08:00
Nick Meves
a1877434b2 Refactor OIDC to EnrichSession 2020-12-21 16:51:52 -08:00
Kirill Müller
4fda907830 Fix and enhance OIDC example (#934) 
* Fix and enhance OIDC example

* Restructure

* Indent

* Add full stop.

* Add link

* Add minimalistic README

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-12-19 15:48:33 +00:00
TAGAMI Yukihiro
a5466bb96d Fix typo and missing InjectResponseHeaders validation (#952) 2020-12-12 10:05:01 -08:00
Mathieu Lecarme
d67d6e3152 Add authorization support for Gitlab projects (#630) 
* Add support for gitlab projets

* Add group membership in state

* Use prefixed allowed groups everywhere

* Fix: remove unused function

* Fix: rename func that add data to session

* Simplify projects and groups session funcs

* Add project access level for gitlab projects

* Fix: default access level

* Add per project access level

* Add user email when missing access level

* Fix: harmonize errors

* Update docs and flags description for gitlab project

* Add test with both projects and groups

* Fix: log error message

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix: make doc a markdown link

* Add notes about read_api scope for projects

* Fix: Verifier override in Gitlab Provider

This commit fixes a bug caused by an override of the Verifier value from *ProviderData inside GitlabProvider struct

* Fix: ensure data in session before using it

* Update providers/gitlab.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Rename gitlab project initializer

* Improve return value readbility

* Use splitN

* Handle space delimiters in set project scope

* Reword comment for AddProjects

* Fix: typo

* Rework error handling in addProjectsToSession

* Reduce branching complexity in addProjectsToSession

* Fix: line returns

* Better comment for addProjectsToSession

* Fix: enrich session comment

* Fix: email domains is handled before provider mechanism

* Add archived project unit test

* Fix: emails handling in gitlab provider

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
 2020-12-05 10:57:33 -08:00
Joel Speed
5117f2314f Merge pull request #943 from aimichal/patch-1 
Update Slack channel name
 2020-12-04 14:39:26 +00:00
Michal Guerquin
f260c3707a Update Slack channel name 2020-12-03 15:20:31 -08:00
Joel Speed
87c67b09a7 Merge pull request #907 from oauth2-proxy/alpha-config 
Introduce alpha configuration option to enable testing of structured configuration
 2020-12-01 09:28:47 +00:00
Joel Speed
d749c11e73 Add changelog entry for adding alpha configuration 2020-12-01 08:57:13 +00:00
Joel Speed
b201dbb2d3 Add convert-config-to-alpha flag to convert existing configuration to alpha structure 2020-12-01 08:56:51 +00:00
Joel Speed
5b683a7631 Add local environment that uses alpha configuration 2020-12-01 08:56:50 +00:00
Joel Speed
f36dfbb494 Introduce alpha configuration loading 2020-12-01 08:56:49 +00:00
Joel Speed
5b003a5657 SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
Joel Speed
d587030019 Merge pull request #938 from grnhse/naming-refactor-tweaks 
Cleanup method name refactors missed in comments
 2020-11-30 19:38:43 +00:00
Nick Meves
26ed080bed Cleanup method name refactors missed in comments 2020-11-29 14:18:14 -08:00
Nick Meves
f6ae15e8c3 Merge pull request #869 from grnhse/streamline-provider-naming 
Streamline Provider Interface & Bearer Session Handlers
 2020-11-28 10:30:09 -08:00
Nick Meves
57a8ef06b4 Fix method renaming in comments and tests 2020-11-28 10:25:12 -08:00
Nick Meves
5f8f856260 Remove failed bearer tokens from logs 2020-11-28 10:25:12 -08:00
Nick Meves
22f60e9b63 Generalize and extend default CreateSessionFromToken 2020-11-28 10:25:12 -08:00
Nick Meves
44fa8316a1 Aggregate error logging on JWT chain failures 2020-11-28 10:25:12 -08:00
Nick Meves
3e9717d489 Decouple TokenToSession from OIDC & add a generic VerifyFunc 2020-11-28 10:25:11 -08:00
Nick Meves
e9f787957e Standardize provider interface method names 2020-11-28 10:25:11 -08:00
Joel Speed
2706909fe3 Merge pull request #850 from grnhse/is-834-userinfo-expansion 
Add User & Groups to Userinfo
 2020-11-27 16:36:41 +00:00
Nick Meves
7407fbd3a7 Add more UserInfo test cases 2020-11-25 19:00:58 -08:00
Nick Meves
2549b722d3 Add User & Groups to Userinfo 2020-11-25 18:19:48 -08:00
Nick Meves
3ff0c23a9e Merge pull request #931 from apeschel/topic/stable-repo-url-fix 
Use New Stable Chart URL
 2020-11-24 20:57:28 -08:00
Aaron Peschel
527c0c311c Use New Stable Chart URL 
The existing URL no longer works. This commit updates the Chart
dependencies to use the new Stable chart URL.

This will fix the "Chart not found" errors that occur if these example
resources are used.

Please keep in mind this is only a bandaid, as the repository is still
EOL, and should not be used.
 2020-11-23 11:45:34 -08:00
Joel Speed
8bed7aafbd Merge pull request #925 from oauth2-proxy/fix-basic-auth 
Fix basic auth legacy header conversion
 2020-11-19 20:14:44 +00:00
Joel Speed
482cd32a17 Fix basic auth legacy header conversion 2020-11-19 20:07:59 +00:00
Joel Speed
eb07005a5c Merge pull request #916 from oauth2-proxy/alpha-config-types 
Add AlphaOptions struct to prepare for alpha config loading
 2020-11-19 17:11:16 +00:00
Joel Speed
aed43a54da Add DefaultUpstreamFlushInterval to replace magic time.Second value 2020-11-19 10:39:21 +00:00
Joel Speed
8e582ac02a Add changelog entry for adding alphaoptions struct 2020-11-19 10:35:56 +00:00
Joel Speed
d353d94631 Add AlphaOptions struct and ensure that all children have valid JSON tags 2020-11-19 10:35:31 +00:00
Joel Speed
b6d6f31ac1 Introduce Duration so that marshalling works for duration strings 2020-11-19 10:35:29 +00:00
Akira Ajisaka
ed92df3537 Support TLS 1.3 (#923) 
* Support TLS 1.3

* Set TLS 1.3 explicitly to fix gosec warning.

* Add an entry to changelog.

* Fix typo in the changelog.

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-11-19 10:25:53 +00:00
Joel Speed
430355b203 Merge pull request #918 from oauth2-proxy/fix-log-caller 
Fix log header output
 2020-11-19 10:18:43 +00:00
Joel Speed
3a4660414a Fix log calldepth 2020-11-15 18:52:59 +00:00