go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-23 12:18:50 +02:00
Code Issues Releases Activity
oauth2-proxy/docs/next/features/endpoints/index.html

33 lines
15 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="generator" content="Docusaurus v2.0.0-alpha.66">
<title data-react-helmet="true">Endpoints | OAuth2 Proxy</title><meta data-react-helmet="true" name="twitter:card" content="summary_large_image"><meta data-react-helmet="true" name="docusaurus_language" content="en"><meta data-react-helmet="true" name="docusaurus_version" content="current"><meta data-react-helmet="true" name="docusaurus_tag" content="docs-default-current"><meta data-react-helmet="true" property="og:title" content="Endpoints | OAuth2 Proxy"><meta data-react-helmet="true" name="description" content="OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable."><meta data-react-helmet="true" property="og:description" content="OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The /oauth2 prefix can be changed with the --proxy-prefix config variable."><meta data-react-helmet="true" property="og:url" content="https://oauth2-proxy.github.io/oauth2-proxy/docs/next/features/endpoints"><link data-react-helmet="true" rel="shortcut icon" href="/oauth2-proxy/img/logos/OAuth2_Proxy_icon.svg"><link data-react-helmet="true" rel="canonical" href="https://oauth2-proxy.github.io/oauth2-proxy/docs/next/features/endpoints"><link rel="stylesheet" href="/oauth2-proxy/styles.b2862157.css">
<link rel="preload" href="/oauth2-proxy/styles.f494e809.js" as="script">
<link rel="preload" href="/oauth2-proxy/runtime~main.85dab4b6.js" as="script">
<link rel="preload" href="/oauth2-proxy/main.cbf36231.js" as="script">
<link rel="preload" href="/oauth2-proxy/1.f1e55c3c.js" as="script">
<link rel="preload" href="/oauth2-proxy/2.aa6394ae.js" as="script">
<link rel="preload" href="/oauth2-proxy/48.92c41b73.js" as="script">
<link rel="preload" href="/oauth2-proxy/50.68e502a3.js" as="script">
<link rel="preload" href="/oauth2-proxy/935f2afb.eb0b0bdd.js" as="script">
<link rel="preload" href="/oauth2-proxy/17896441.687011d6.js" as="script">
<link rel="preload" href="/oauth2-proxy/efc9be4b.1920b07c.js" as="script">
</head>
<body>
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus">
<nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><div aria-label="Navigation bar toggle" class="navbar__toggle" role="button" tabindex="0"><svg xmlns="http://www.w3.org/2000/svg" width="30" height="30" viewBox="0 0 30 30" role="img" focusable="false"><title>Menu</title><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></div><a class="navbar__brand" href="/oauth2-proxy/"><img class="navbar__logo" src="/oauth2-proxy/img/logos/OAuth2_Proxy_icon.svg" alt="OAuth2 Proxy"><strong class="navbar__title">OAuth2 Proxy</strong></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/oauth2-proxy/docs/">Docs</a></div><div class="navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a class="navbar__item navbar__link" href="/oauth2-proxy/docs/next/">Next</a><ul class="dropdown__menu"><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/oauth2-proxy/docs/next/features/endpoints">Next</a></li><li><a class="dropdown__link" href="/oauth2-proxy/docs/features/endpoints">7.1.x</a></li><li><a class="dropdown__link" href="/oauth2-proxy/docs/7.0.x/features/endpoints">7.0.x</a></li><li><a class="dropdown__link" href="/oauth2-proxy/docs/6.1.x/features/endpoints">6.1.x</a></li></ul></div><a href="https://github.com/oauth2-proxy/oauth2-proxy" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub</a><div class="react-toggle react-toggle--disabled displayOnlyInLargeViewport_2aTZ"><div class="react-toggle-track"><div class="react-toggle-track-check"><span class="toggle_BsTx">🌜</span></div><div class="react-toggle-track-x"><span class="toggle_BsTx">🌞</span></div></div><div class="react-toggle-thumb"></div><input type="checkbox" disabled="" aria-label="Dark mode toggle" class="react-toggle-screenreader-only"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div><div class="navbar-sidebar"><div class="navbar-sidebar__brand"><a class="navbar__brand" href="/oauth2-proxy/"><img class="navbar__logo" src="/oauth2-proxy/img/logos/OAuth2_Proxy_icon.svg" alt="OAuth2 Proxy"><strong class="navbar__title">OAuth2 Proxy</strong></a></div><div class="navbar-sidebar__items"><div class="menu"><ul class="menu__list"><li class="menu__list-item"><a aria-current="page" class="menu__link navbar__link--active" href="/oauth2-proxy/docs/">Docs</a></li><li class="menu__list-item"><a role="button" class="menu__link menu__link--sublist">Versions</a><ul class="menu__list"><li class="menu__list-item"><a aria-current="page" class="menu__link menu__link--active" href="/oauth2-proxy/docs/next/features/endpoints">Next</a></li><li class="menu__list-item"><a class="menu__link" href="/oauth2-proxy/docs/features/endpoints">7.1.x</a></li><li class="menu__list-item"><a class="menu__link" href="/oauth2-proxy/docs/7.0.x/features/endpoints">7.0.x</a></li><li class="menu__list-item"><a class="menu__link" href="/oauth2-proxy/docs/6.1.x/features/endpoints">6.1.x</a></li></ul></li><li class="menu__list-item"><a href="https://github.com/oauth2-proxy/oauth2-proxy" target="_blank" rel="noopener noreferrer" class="menu__link">GitHub</a></li></ul></div></div></div></nav><div class="main-wrapper"><div class="docPage_2gpo"><div class="docSidebarContainer_3_JD" role="complementary"><div class="sidebar_2urC"><div class="menu menu--responsive menu_5FrY"><button aria-label="Open Menu" aria-haspopup="true" class="button button--secondary button--sm menu__button" type="button"><svg aria-label="Menu" class="sidebarMenuIcon_Dm3K" xmlns="http://www.w3.org/2000/svg" height="24" width="24" viewBox="0 0 32 32" role="img" focusable="false"><title>Menu</title><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" href="/oauth2-proxy/docs/next/">Installation</a></li><li class="menu__list-item"><a class="menu__link" href="/oauth2-proxy/docs/next/behaviour">Behaviour</a></li><li class="menu__list-item"><a class="menu__link menu__link--sublist" href="#!">Configuration</a><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/next/configuration/overview">Overview</a></li><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/next/configuration/oauth_provider">OAuth Provider Configuration</a></li><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/next/configuration/session_storage">Session Storage</a></li><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/next/configuration/tls">TLS Configuration</a></li><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/next/configuration/alpha-config">Alpha Configuration</a></li></ul></li><li class="menu__list-item"><a class="menu__link menu__link--sublist menu__link--active" href="#!">Features</a><ul class="menu__list"><li class="menu__list-item"><a aria-current="page" class="menu__link menu__link--active active" tabindex="0" href="/oauth2-proxy/docs/next/features/endpoints">Endpoints</a></li></ul></li><li class="menu__list-item"><a class="menu__link menu__link--sublist" href="#!">Community</a><ul class="menu__list"><li class="menu__list-item"><a class="menu__link" tabindex="0" href="/oauth2-proxy/docs/next/community/security">Security</a></li></ul></li></ul></div></div></div><main class="docMainContainer_3EyW"><div class="container padding-vert--lg docItemWrapper_1EkI"><div class="row"><div class="col docItemCol_2ASc"><div class="alert alert--warning margin-bottom--md" role="alert"><div>This is unreleased documentation for OAuth2 Proxy <strong>Next</strong> version.</div><div class="margin-top--md">For up-to-date documentation, see the <strong><a href="/oauth2-proxy/docs/features/endpoints">latest version</a></strong> (7.1.x).</div></div><div class="docItemContainer_3QWW"><article><div><span class="badge badge--secondary">Version: Next</span></div><header><h1 class="docTitle_1Lrw">Endpoints</h1></header><div class="markdown"><p>OAuth2 Proxy responds directly to the following endpoints. All other endpoints will be proxied upstream when authenticated. The <code>/oauth2</code> prefix can be changed with the <code>--proxy-prefix</code> config variable.</p><ul><li>/robots.txt - returns a 200 OK response that disallows all User-agents from all paths; see <a href="http://www.robotstxt.org/" target="_blank" rel="noopener noreferrer">robotstxt.org</a> for more info</li><li>/ping - returns a 200 OK response, which is intended for use with health checks</li><li>/metrics - Metrics endpoint for Prometheus to scrape, serve on the address specified by <code>--metrics-address</code>, disabled by default</li><li>/oauth2/sign_in - the login page, which also doubles as a sign out page (it clears cookies)</li><li>/oauth2/sign_out - this URL is used to clear the session cookie</li><li>/oauth2/start - a URL that will redirect to start the OAuth cycle</li><li>/oauth2/callback - the URL used at the end of the OAuth cycle. The oauth app will be configured with this as the callback url.</li><li>/oauth2/userinfo - the URL is used to return user&#x27;s email from the session in JSON format.</li><li>/oauth2/auth - only returns a 202 Accepted response or a 401 Unauthorized response; for use with the <a href="/oauth2-proxy/docs/next/configuration/overview#configuring-for-use-with-the-nginx-auth_request-directive">Nginx <code>auth_request</code> directive</a></li></ul><h3><a aria-hidden="true" tabindex="-1" class="anchor enhancedAnchor_2cZh" id="sign-out"></a>Sign out<a aria-hidden="true" tabindex="-1" class="hash-link" href="#sign-out" title="Direct link to heading">#</a></h3><p>To sign the user out, redirect them to <code>/oauth2/sign_out</code>. This endpoint only removes oauth2-proxy&#x27;s own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider&#x27;s sign out page afterwards using the <code>rd</code> query parameter, i.e. redirect the user to something like (notice the url-encoding!):</p><div class="mdxCodeBlock_1XEh"><div class="codeBlockContent_1u-d"><button tabindex="0" type="button" aria-label="Copy code to clipboard" class="copyButton_10dd">Copy</button><div class="prism-code language-undefined codeBlock_3iAC"><div class="codeBlockLines_b7E3" style="color:#bfc7d5;background-color:#292d3e"><div class="token-line" style="color:#bfc7d5"><span class="token plain">/oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page</span></div></div></div></div></div><p>Alternatively, include the redirect URL in the <code>X-Auth-Request-Redirect</code> header:</p><div class="mdxCodeBlock_1XEh"><div class="codeBlockContent_1u-d"><button tabindex="0" type="button" aria-label="Copy code to clipboard" class="copyButton_10dd">Copy</button><div class="prism-code language-undefined codeBlock_3iAC"><div class="codeBlockLines_b7E3" style="color:#bfc7d5;background-color:#292d3e"><div class="token-line" style="color:#bfc7d5"><span class="token plain">GET /oauth2/sign_out HTTP/1.1</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page</span></div><div class="token-line" style="color:#bfc7d5"><span class="token plain">...</span></div></div></div></div></div><p>(The &quot;sign_out_page&quot; should be the <a href="https://openid.net/specs/openid-connect-session-1_0.html#rfc.section.2.1" target="_blank" rel="noopener noreferrer"><code>end_session_endpoint</code></a> from <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig" target="_blank" rel="noopener noreferrer">the metadata</a> if your OIDC provider supports Session Management and Discovery.)</p><p>BEWARE that the domain you want to redirect to (<code>my-oidc-provider.example.com</code> in the example) must be added to the <a href="/oauth2-proxy/docs/next/configuration/overview"><code>--whitelist-domain</code></a> configuration option otherwise the redirect will be ignored.</p></div></article><div class="margin-vert--xl"><div class="row"><div class="col"><a href="https://github.com/oauth2-proxy/oauth2-proxy/edit/master/docs/docs/features/endpoints.md" target="_blank" rel="noreferrer noopener"><svg fill="currentColor" height="1.2em" width="1.2em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 40 40" style="margin-right:0.3em;vertical-align:sub"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div></div></div><div class="margin-vert--lg"><nav class="pagination-nav" aria-label="Blog list page navigation"><div class="pagination-nav__item"><a class="pagination-nav__link" href="/oauth2-proxy/docs/next/configuration/alpha-config"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">« Alpha Configuration</div></a></div><div class="pagination-nav__item pagination-nav__item--next"><a class="pagination-nav__link" href="/oauth2-proxy/docs/next/community/security"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Security »</div></a></div></nav></div></div></div><div class="col col--3"><div class="tableOfContents_3SO_"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#sign-out" class="table-of-contents__link">Sign out</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container"><div class="text--center"><div>Copyright © 2021 OAuth2 Proxy.</div></div></div></footer></div>
<script src="/oauth2-proxy/styles.f494e809.js"></script>
<script src="/oauth2-proxy/runtime~main.85dab4b6.js"></script>
<script src="/oauth2-proxy/main.cbf36231.js"></script>
<script src="/oauth2-proxy/1.f1e55c3c.js"></script>
<script src="/oauth2-proxy/2.aa6394ae.js"></script>
<script src="/oauth2-proxy/48.92c41b73.js"></script>
<script src="/oauth2-proxy/50.68e502a3.js"></script>
<script src="/oauth2-proxy/935f2afb.eb0b0bdd.js"></script>
<script src="/oauth2-proxy/17896441.687011d6.js"></script>
<script src="/oauth2-proxy/efc9be4b.1920b07c.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink