go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-02 23:27:22 +02:00
Code Issues Releases Activity
2,101 Commits 21 Branches 38 Tags
Commit Graph

2101 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
stomekpe
f31e02cebd
fix: jwt regex validation error during skip-jwt-bearer-tokens flow (#2888) 
---------

Co-authored-by: Jan Larwig <jan@larwig.com>
 2025-01-15 09:06:21 +01:00
Joel Speed
fafb47e45a
Merge pull request #2914 from oauth2-proxy/release/v7.8.0 
release v7.8.0
v7.8.0 		2025-01-14 11:38:46 +00:00
tuunit
8dd2cbec4d
fix: systemd socket support build handling for windows 2025-01-13 16:41:33 +01:00
tuunit
ae5b5dc45f
doc: update release v7.8.0 changelog 2025-01-13 16:41:33 +01:00
github-actions[bot]
f2ce83b154
doc: add new docs version 7.8.x 2025-01-13 16:41:19 +01:00
renovate[bot]
f400e6f340 chore(deps): update gitea/gitea docker tag to v1.23.1 2025-01-12 20:33:51 +01:00
renovate[bot]
c90487926c chore(deps): update alpine docker tag to v3.21.2 2025-01-12 18:46:57 +01:00
renovate[bot]
f5631a657c
chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.47.0 (#2911) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-12 18:42:40 +01:00
Joel Speed
01b01d82a1
Merge pull request #2376 from tuunit/feature/static-public-keys-support 
feature: static public keys file support for oidc provider
 2025-01-11 17:58:26 +00:00
axel7083
e28603f7af
feature: static public keys file support for oidc provider 
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: JJ Łakis <jacek.lakis@checkatrade.com>
 2025-01-11 12:09:23 +00:00
JJ Łakis
ae8fb08a89
feat(entra): add Workload Identity support for Entra ID (#2902) 2025-01-11 11:12:41 +00:00
Jon Newton
60570cc60e
doc: fix formatting issue in Google provider doc (#2907) 
A missing line break caused subsequent list items to be squished into a single paragraph.
 2025-01-09 01:51:20 +01:00
renovate[bot]
5df6053280 chore(deps): update helmv3 2025-01-08 21:42:59 +01:00
renovate[bot]
75a1099a8f chore(deps): update docker-compose 2025-01-08 21:32:34 +01:00
renovate[bot]
1c3bc31665 chore(deps): update dependency golangci/golangci-lint to v1.63.4 2025-01-08 20:57:15 +01:00
Vinay Chandrasekharan
5260633103
doc: fix dex helm chart values for k8s example (#2880) 
---------

Co-authored-by: vinay chandrasekharan <vinay.cn@gmail.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
 2025-01-04 19:09:36 +01:00
renovate[bot]
507d63e05b chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.46.0 2025-01-04 19:02:37 +01:00
renovate[bot]
140674e492
chore(deps): update alpine docker tag to v3.21.0 (#2877) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-04 18:57:30 +01:00
Joel Speed
cdcc62014d
Merge pull request #2894 from oauth2-proxy/fix-lint 
Fix linting after updating golangci-lint to 1.62.2
 2024-12-31 19:19:57 +07:00
Joel Speed
f41a686b43
Fix linting after updating golangci-lint to 1.62.2 2024-12-31 13:14:39 +01:00
Joel Speed
c1a21aa877
Merge pull request #2872 from oauth2-proxy/renovate/golangci-golangci-lint-1.x 
chore(deps): update dependency golangci/golangci-lint to v1.62.2
 2024-12-31 19:00:30 +07:00
renovate[bot]
1346ae6079
chore(deps): update dependency golangci/golangci-lint to v1.62.2 2024-12-31 11:53:30 +00:00
Joel Speed
fe6f8ddb65
Merge pull request #2878 from oauth2-proxy/renovate/golang-1.x 
chore(deps): update dependency golang to v1.23.4
 2024-12-31 18:52:56 +07:00
renovate[bot]
5edff8fe1a
chore(deps): update dependency golang to v1.23.4 2024-12-31 11:46:50 +00:00
JJ Łakis
5f188e5b6b
Microsoft Entra ID provider (#2390) 
* Microsoft Entra ID Provider

* fix typo in function name

* documentation tweaks

* documentation and comment tweak

* docs tweaks

* final tweaks

* refactor: drop flag for skipping graph groups

* update legacy / deprecated provider page and sort provider overview

* reformat

* move entra-id provider into switch (treat like every other provider

* fix test case and reformat

* fix sidebar configuration

* apply review suggestions

* add pagination for graph api

* fix: do not error when groups unable to retrieve

* doc: number of groups fix

* restore master packages

* docs: tiny docs tweak

* address review comments

* fix codegen

---------

Co-authored-by: tuunit <jan@larwig.com>
 2024-12-31 11:46:13 +00:00
Joel Speed
c64ec1251b
Merge pull request #2886 from oauth2-proxy/renovate/go-golang.org-x-net-vulnerability 
chore(deps): update module golang.org/x/net to v0.33.0 [security]
 2024-12-23 17:38:28 +07:00
renovate[bot]
47638db231
chore(deps): update module golang.org/x/net to v0.33.0 [security] 2024-12-19 02:01:45 +00:00
Joel Speed
bcf20346cf
Merge pull request #2884 from oauth2-proxy/renovate/go-golang.org-x-crypto-vulnerability 
chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
 2024-12-17 15:02:49 +07:00
renovate[bot]
0dca9af6d7
chore(deps): update module golang.org/x/crypto to v0.31.0 [security] 2024-12-12 00:59:31 +00:00
ciffelia
ef8ba75987
docs: fix insecure Caddy configuration example (#2827) 
The original example only protected the root (`/`) path, leaving other routes unsecured.
* docs: add syntax highlighting for nginx config
* docs: fix headings in `configuration/integration` page
* docs: fix redirect in caddy configuraion example
 2024-11-11 10:04:04 +01:00
renovate[bot]
5042203625 chore(deps): update docker-compose 2024-11-11 09:44:08 +01:00
renovate[bot]
bc1224291c chore(deps): update gomod 2024-11-10 22:43:42 +01:00
Jacek J. Łakis
05b91f310a chore: extend test cases for oidc provider and documentation regarding implicit setting of the groups scope when no scope was specified in the config 
Co-authored-by: Jan Larwig <jan@larwig.com>
 2024-11-09 15:48:29 +01:00
renovate[bot]
2fd2f8c63d chore(deps): update gomod 2024-11-06 16:56:57 +01:00
Vish (Ishaya) Abrams
4e2013e6ba
fix: update code_verifier to use recommended method (#2620) 
The [RFC](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1)
says that a code verifier just uses unreserved characters, but the
recommended method is that it is a base64-urlencoded 32-octet url. Some
implementations of PKCE (most notably the one used by salesforce)
require that this is a valid base64 encoded string[1], so this patch
switches to using the recommended approach to make it more compatible.

[1]: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_pkce.htm&type=5
 2024-11-06 15:16:39 +01:00
Ondrej Sika
3ceef0cff4
feat: add CF-Connecting-IP as supported real ip header (#2821) 2024-11-04 23:28:08 +01:00
Reto Kupferschmid
64e736f668
fix: websocket path rewrite (#2300) 2024-11-04 23:12:35 +01:00
renovate[bot]
96f0288a36
chore(deps): update alpine docker tag to v3.20.3 (#2682) 2024-11-04 22:30:56 +01:00
renovate[bot]
0bc8dd98e2
chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 [security] (#2831) 2024-11-04 22:22:03 +01:00
renovate[bot]
50ec7fa902
chore(deps): update dependency node to v22 (#2836) 2024-11-04 22:16:30 +01:00
Benjamin Cremer
b4f7e0603e
doc: fix relative URLs to configuration page (#2818) 2024-10-29 16:21:43 +01:00
Joel Speed
4d2b5c30a1
Merge pull request #1985 from isodude/systemd-socket 
Add support for systemd socket
 2024-10-28 03:56:05 +07:00
renovate[bot]
5ec03ab0e9
chore(deps): update module github.com/go-jose/go-jose/v3 to v4 (#2598) 2024-10-27 17:25:27 +01:00
Jan Larwig
9945b68a06
doc: readme overhaul and azure sponsorship (#2826) 
* new readme structure

* add adopters file

* add microsoft sponsorship

* add reference to adopter file

* add gopher slack invite link

* slightly rephrase nightly image section

* add sponsor request for action

* better formatting for contributor wall

* add longer wait time for stale PRs and issues and allow for exemption through bug and high-priority labels

* apply review suggestion

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2024-10-27 12:12:46 +00:00
Josef Johansson
6743a9cc89 Add support for systemd.socket 
When using sockets to pass data between e.g. nginx and oauth2-proxy it's
simpler to use sockets. Systemd can even facilitate this and pass the
actual socket directly.

This also means that only the socket runs with the same group as nginx
while the service runs with DynamicUser.

Does not support TLS yet.

nginx
```
server {
    location /oauth2/ {
      proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```

oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```

Start oauth2-proxy with the parameter `--http-address=fd:3`.

Signed-off-by: Josef Johansson <josef@oderland.se>
 2024-10-23 09:35:47 +02:00
Josef Johansson
bc8e7162db Allow parsing remote address headers over unix sockets 
When listening to a unix socket there is no RemoteAddr for http.Request.
Instead of setting nil, Go sets it to '@'. Marking the IP as trusted if
RemoteAddr allows rest of the settings for parsing remote address in
headers to be applied.

Signed-off-by: Josef Johansson <josef@oderland.se>
 2024-10-23 07:48:54 +02:00
Konstantin Shalygin
e00c7a7edd
fix(contrib): revamped systemd service example (#2655) 2024-10-13 20:00:54 +02:00
bjencks
66f1063722
feat: add X-Envoy-External-Address as supported header (#2755) 2024-10-13 19:55:47 +02:00
renovate[bot]
798b846643 chore(deps): update dependency @easyops-cn/docusaurus-search-local to ^0.45.0 2024-10-13 19:43:24 +02:00
Josh Cox
c555f5f6d5
chore: removed duplicate image line in docker-compose (#2817) 2024-10-13 19:37:26 +02:00