05a4e77c4c
* extract email from id_token for azure provider (#914) * extract email from id_token for azure provider this change fixes a bug when --resource is specified with non-Graph api and the access token destined to --resource is used to call Graph api * fixed typo * refactor GetEmailAddress to EnrichSessionState * make getting email from idtoken best effort and fall back to previous behavior when it's absent * refactor to use jwt package to extract claims * fix lint * refactor unit tests to use test table refactor the get email logic from profile api * addressing feedback * added oidc verifier to azure provider and extract email from id_token if present * fix lint and codeclimate * refactor to use oidc verifier to verify id_token if oidc is configured * fixed UT * addressed comments * minor refactor * addressed feedback * extract email from id_token first and fallback to access token * fallback to access token as well when id_token doesn't have email claim * address feedbacks * updated change log! * switch to docker buildx for multiarch builds * add setup docker buildx action * update docker push to push the multiarch image * make multiarch image have parity with currently produced images by adding linux/armv6 * triaging issue with arm v6 * incorporating feedback * fixing rebase disaster * reset Makefile to blessed state Co-authored-by: Weinong Wang <weinong@outlook.com>
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.
Note: This project was formerly hosted as pusher/oauth2_proxy but has been renamed as of 29/03/2020 to oauth2-proxy/oauth2-proxy.
Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries will be named oauth2-proxy.
Installation
-
Choose how to deploy:
a. Download Prebuilt Binary (current release is
v7.1.3)b. Build with
$ go get github.com/oauth2-proxy/oauth2-proxy/v7which will put the binary in$GOROOT/binc. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)
Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.
sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
- Select a Provider and Register an OAuth Application with a Provider
- Configure OAuth2 Proxy using config file, command line options, or environment variables
- Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
Security
If you are running a version older than v6.0.0 we strongly recommend you please update to a current version. See open redirect vulnerability for details.
Docs
Read the docs on our Docs site.
Getting Involved
If you would like to reach out to the maintainers, come talk to us in the #oauth2-proxy channel in the Gophers slack.
Contributing
Please see our Contributing guidelines. For releasing see our release creation guide.