go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-13 11:50:45 +02:00
Code Issues Releases Activity
807 Commits 30 Branches 37 Tags
Go to file
Clone
Open with VS Code Open with VSCodium
Download ZIP Download TAR.GZ Download BUNDLE
T S 513af9b714 Escape original request URI in sample kubernetes ingress configuration 
The current sample configuration for kubernetes ingress demonstrates
using the `auth-signin` annotation to redirect a user to oauth2_proxy's
signin page. It constructs the link to do so by directly concatenating
`$request_uri` as the `rd` parameter, so the sign-in page knows where to
send the user after signin is complete.

However, this does not work correctly if the original request URI
contains multiple query parameters separated by an ampersand, as that
ampersand is interpereted as separating query parameters of the
`/oauth2/start` URI. For example:

If the user requests a URL:
  https://example.com/foo?q1=v1&q2=v2
they may be redirected to the signin url
  https://example.com/oauth2/start?rd=https://example.com/foo?q1=v1&q2=v2
and after completing signin, oauth2_proxy will redirect them to
  https://example.com/foo?q1=v1

nginx-ingress added an $escaped_request_uri variable about a year ago,
to help resolve this kind of issue
(https://github.com/kubernetes/ingress-nginx/pull/2811)
2019-10-01 12:28:00 -07:00
.github
Add Bitbucket provider. (#201)
2019-08-16 14:53:22 +01:00
contrib
Fix repo link
2019-06-01 05:36:28 +03:00
docs
Escape original request URI in sample kubernetes ingress configuration
2019-10-01 12:28:00 -07:00
pkg
Use ok naming convention for map presence check
2019-07-16 10:06:29 +12:00
providers
Merge branch 'master' into keycloak-provider
2019-08-17 08:10:37 +01:00
.dockerignore
Ignore Dockerfile.dev
2019-01-22 02:54:17 +09:00
.gitignore
Add make targets for serving docs locally
2019-05-10 12:07:16 +01:00
.golangci.yml
Remove TODO vetshadow as it's part of govet
2019-07-01 16:27:19 +01:00
.travis.yml
Download modules in travis install step
2019-08-05 09:26:42 +01:00
CHANGELOG.md
Merge branch 'master' into support-x-auth-request-redirect
2019-09-30 17:21:05 +01:00
configure
Merge branch 'master' into go-mod
2019-07-15 21:38:55 +01:00
CONTRIBUTING.md
fix(docker): simplify build by copying ca-certificates.crt
2019-02-02 20:01:27 +13:00
dist.sh
distribution: remove gpm references and update to use dep
2017-12-04 09:54:31 -05:00
Dockerfile
Ensure gomodules are used when downloading
2019-07-15 21:49:38 +01:00
Dockerfile.arm64
Ensure gomodules are used when downloading
2019-07-15 21:49:38 +01:00
Dockerfile.armv6
Ensure gomodules are used when downloading
2019-07-15 21:49:38 +01:00
env_options_test.go
Allow embedded structs in env_options
2019-05-18 13:09:58 +02:00
env_options.go
Allow embedded structs in env_options
2019-05-18 13:09:58 +02:00
go.mod
Switch from dep to go mod
2019-07-13 21:54:45 +01:00
go.sum
Switch from dep to go mod
2019-07-13 21:54:45 +01:00
htpasswd_test.go
Lint for non-comment linter errors
2018-11-29 14:26:41 +00:00
htpasswd.go
Move logger to pkg/logger
2019-06-15 11:33:58 +02:00
http_test.go
Fix lint errors
2019-06-23 21:39:13 +01:00
http.go
Move logger to pkg/logger
2019-06-15 11:33:58 +02:00
LICENSE
add MIT license for google_auth_proxy
2014-06-09 16:25:26 -04:00
logging_handler_test.go
logger.go ExcludedPaths changed to slice of paths.
2019-07-16 10:04:09 +12:00
logging_handler.go
Add silence ping logging flag
2019-07-16 09:42:24 +12:00
main.go
Merge branch 'master' into keycloak-provider
2019-08-17 08:10:37 +01:00
MAINTAINERS
Add MAINTAINERS and update CODEOWNERS
2019-07-23 16:20:45 +01:00
Makefile
Switch from dep to go mod
2019-07-13 21:54:45 +01:00
oauthproxy_test.go
New flag "-ssl-upstream-insecure-skip-validation" (#234)
2019-08-07 17:48:53 +01:00
oauthproxy.go
More fully support X-Auth-Request-Redirect header
2019-08-17 15:50:44 -05:00
options_test.go
added better tests for gcp healthcheck stuff
2019-03-25 09:56:56 -07:00
options.go
Merge branch 'master' into keycloak-provider
2019-08-17 08:10:37 +01:00
README.md
Update changelog for v4.0.0 release
2019-08-16 15:06:53 +01:00
string_array.go
Implement Getter interface for StringArray (#104)
2019-03-20 13:58:14 +00:00
templates_test.go
Swap out bmizerany/assert package that is deprecated in favor of stretchr/testify/assert
2017-10-23 12:24:17 -04:00
templates.go
Move logger to pkg/logger
2019-06-15 11:33:58 +02:00
validator_test.go
Lint for non-comment linter errors
2018-11-29 14:26:41 +00:00
validator_watcher_copy_test.go
Lint for non-comment linter errors
2018-11-29 14:26:41 +00:00
validator_watcher_test.go
Lint for non-comment linter errors
2018-11-29 14:26:41 +00:00
validator.go
Move logger to pkg/logger
2019-06-15 11:33:58 +02:00
version.go
Introduce Makefile
2019-01-04 10:58:30 +00:00
watcher_unsupported.go
Move logger to pkg/logger
2019-06-15 11:33:58 +02:00
watcher.go
Move logger to pkg/logger
2019-06-15 11:33:58 +02:00

README.md

oauth2_proxy

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

Build Status

Sign In Page

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v4.0.0)

    b. Build with $ go get github.com/pusher/oauth2_proxy which will put the binary in $GOROOT/bin

    c. Using the prebuilt docker image quay.io/pusher/oauth2_proxy (AMD64, ARMv6 and ARM64 tags available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2_proxy-4.0.0.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)

Docs

Read the docs on our Docs site.

OAuth2 Proxy Architecture

Getting Involved

If you would like to reach out to the maintainers, come talk to us in the #oauth2_proxy channel in the Gophers slack.

Contributing

Please see our Contributing guidelines.

Description
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
cloud-infrastructurehacktoberfestoauth2-proxysslsso
Readme MIT 37 MiB
Languages
Go 98.2%
Makefile 0.7%
HTML 0.5%
Shell 0.3%
Dockerfile 0.3%