go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Code Issues Releases Activity
1,662 Commits 27 Branches 34 Tags 79 MiB
f9fb530c11
Commit Graph

1662 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mgiessing
f9fb530c11
Update Dockerfile 
Add ppc64le support
 2022-02-17 22:55:57 +01:00
Joel Speed
263a5df820
Merge pull request #1286 from instadeepai/allowed_email_domains-on-auth_request-endpoint 
Add allowed_email_domains on auth_request endpoint
 2022-02-17 17:10:43 +00:00
Joel Speed
ceda5329eb
Merge pull request #1560 from oauth2-proxy/fix-provider-initialisation 
Fix provider data initialisation
 2022-02-17 09:56:00 +00:00
Joel Speed
4eb2a35aa8
Fix provider data initialisation 2022-02-16 16:53:43 +00:00
Joel Speed
f6aa7600ea
Merge pull request #1555 from oauth2-proxy/provider-options 
Refactor provider configuration into providers package
 2022-02-16 11:50:39 +00:00
Joel Speed
eda5eb9243
Add changelog entry for provider refactor 2022-02-16 11:46:32 +00:00
Joel Speed
0791aef8cc
Integrate new provider constructor in main 2022-02-16 10:38:07 +00:00
Joel Speed
2e15f57b70
Remove provider configuration from validation package 2022-02-16 10:38:06 +00:00
Joel Speed
d162b018a8
Move provider initialisation into providers package 2022-02-16 10:38:05 +00:00
Joel Speed
95dd2745c7
Remove options dependency on providers package 2022-02-16 10:38:04 +00:00
Joel Speed
9832844c8a
Merge pull request #1394 from oauth2-proxy/claim-extractor 
Add generic claim extractor to get claims from ID Tokens
 2022-02-16 10:37:20 +00:00
Joel Speed
edb1bc1a11
Add changelog entry for generic claim extractor 2022-02-16 10:31:30 +00:00
Joel Speed
967051314e
Integrate claim extractor into providers 2022-02-16 10:28:33 +00:00
Joel Speed
537e596904
Add claim extractor provider util 2022-02-16 10:28:32 +00:00
Joel Speed
44dc3cad77
Merge pull request #1468 from oauth2-proxy/session-refresh-using-lock 
Implement session locking with session state lock
 2022-02-16 10:23:34 +00:00
Joel Speed
da92648e54
Add changelog entry for session locking 2022-02-16 10:16:14 +00:00
Joel Speed
54d42c5829
Implement refresh relying on obtaining lock 2022-02-16 10:16:13 +00:00
Kevin Kreitner
e2c7ff6ddd
Use session to lock to protect concurrent refreshes 2022-02-16 10:16:12 +00:00
Michael Hienle
dc5d2a5cd7
Fix table (#1556) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2022-02-15 16:39:16 +00:00
Kevin Schu
25371ea4af
improved audience handling to support client credentials access tokens without aud claims (#1204) 
* implementation draft

* add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options

* refactor configs, added logging and add additional claim verification

* simplify logic by just having one configuration similar to oidc-email-claim

* added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers

* refactored verification to reduce complexity

* refactored verification to reduce complexity

* added docs

* adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options

* extend unit tests and ensure that audience is set with the value of aud claim configuration

* revert filemodes and update docs

* update docs

* remove unneccesary logging, refactor audience existence check and added additional unit tests

* fix linting issues after rebase on origin/main

* cleanup: use new imports for migrated libraries after rebase on origin/main

* adapt mock in keycloak_oidc_test.go

* allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation

* fixed formatting issue

* do not pass the whole options struct to minimize complexity and dependency to the configuration structure

* added changelog entry

* update docs

Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com>
Co-authored-by: Christian Zenker <christian.zenker@aoe.com>
 2022-02-15 16:12:22 +00:00
Valentin Pichard
2b4c8a9846 Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain. 
Signed-off-by: Valentin Pichard <github@w3st.fr>
 2022-02-14 18:03:20 +01:00
Joel Speed
c5a98c6d03
Merge pull request #1550 from mhienle/patch-1 
Fix broken link
 2022-02-11 10:17:45 +00:00
Michael Hienle
590b7a612e Fix broken link 2022-02-11 10:28:30 +01:00
Joel Speed
ad4f7bcb0e
Merge pull request #1545 from andytson/feature/qs-allowed-groups-bypass 
Fix issue with query string allowed group panic on skip methods
 2022-02-10 14:08:45 +00:00
Andy Thompson
05ebaf5158 Update changelog 2022-02-10 12:40:42 +00:00
Andy Thompson
c1b01b5bc0 Fix issue with query string allowed group panic on skip methods 2022-02-10 12:39:32 +00:00
Joel Speed
433b93d08a
Merge pull request #1474 from polarctos/feature/tls-min-version-options 
Add option to specify the tls.Config.MinVersion for the server to be able to restrict it to TLS 1.3
 2022-02-09 19:29:53 +00:00
polarctos
cbbecb81bd Add changelog entry for tls-min-version 2022-02-09 20:20:03 +01:00
polarctos
e03cf87dd8 Add option to specify the tls-min-version for the server 2022-02-09 20:19:01 +01:00
Preston Sheldon
11699a822a
Add ValidateSession function to LoginGovProvder to include Auth Header (#1509) 
* Add ValidateSession function to LoginGovProvder to include Auth Header

* Update CHANGELOG for PR 1509

* Update logingov_test to include ValidationURL
 2022-02-04 09:22:33 +00:00
Joel Speed
88709d8b69
Merge pull request #1489 from oauth2-proxy/fix-docker-push 
Fix Docker Buildx push to include build version
 2022-02-03 21:56:43 +00:00
Joel Speed
bd0c4a3296
Fix Docker Buildx push to include build version 2022-02-03 19:23:22 +00:00
ThomasKalten
4f5efd4074
Update auth.md (#1518) 2022-01-18 13:54:52 +00:00
ThomasKalten
92c4ca9c58
Update auth.md (#1519) 2022-01-18 13:54:35 +00:00
Magnus Lübeck
dede6fd531
Fixing a typo, pointing to correct compose file (#1493) 
Fixing a typo for the docker-compose-alpha-config.yaml
 2021-12-29 19:50:36 +00:00
Ole-Martin Bratteng
0e10fb8967
Remove the information about Microsoft Azure AD in the provider documentation (#1477) 
* Remove the information about `Microsoft Azure AD`

* Put `proxy_buffer_size` in a code tag

* Update `CHANGELOG.md`

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-12-23 17:24:31 +00:00
Joel Speed
576184924d
Merge pull request #1481 from oauth2-proxy/release-v7.2.1 
Prepare changelog for release v7.2.1
 2021-12-22 17:09:59 +00:00
Joel Speed
5515918436
Prepare changelog for release v7.2.1 2021-12-18 12:59:55 +00:00
Joel Speed
95839a2896
Merge pull request #1479 from polarctos/feature/go-1.17 
Update go version to 1.17
 2021-12-18 12:34:40 +00:00
polarctos
7eaf98b5fe Update go version to 1.17 
This includes the change to the pruned module graph with the converted go.mod for Go 1.17
https://go.dev/doc/go1.17#go-command
 2021-12-17 16:51:13 +01:00
Joel Speed
c278e0aa4e
Merge pull request #1471 from AlexanderBabel/feature/update-aline 
[Security] Update alpine to 3.15
 2021-12-14 19:19:09 +00:00
Alex Babel
8a951b2b4a
doc: update changelog 2021-12-14 02:21:28 +01:00
Alex Babel
a654c9ec24
fix(Dockerfile): bump alpine to 3.15 2021-12-14 02:09:59 +01:00
Joel Speed
5933000b86
Merge pull request #1247 from oauth2-proxy/adfs-default-claims 
Use `upn` as EmailClaim throughout ADFSProvider
 2021-12-06 14:24:41 +00:00
Nick Meves
0fa8fca276 Update ADFS to new jwt lib 2021-12-01 19:16:42 -08:00
Nick Meves
bdfca925a3 Handle UPN fallback when profileURL isn't set 2021-12-01 19:08:15 -08:00
Nick Meves
1621ea3bba ADFS supports IDToken nonce, use it 2021-12-01 19:08:15 -08:00
Nick Meves
4980f6af7d Use upn claim as a fallback in Enrich & Refresh 
Only when `email` claim is missing, fallback to `upn` claim which may have it.
 2021-12-01 19:08:10 -08:00
Nick Meves
a53198725e Use upn as EmailClaim throughout ADFSProvider 
By only overriding in the EnrichSession, any Refresh calls
would've overriden it with the `email` claim.
 2021-12-01 19:06:02 -08:00
Joel Speed
1b335a056d
Merge pull request #1447 from oauth2-proxy/docker-fixes 
Fix docker build/push issues found during last release
 2021-11-24 17:31:20 +00:00