go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-24 19:49:15 +02:00
Code Issues Releases Activity
Files
.devcontainer
.github
.vscode
contrib
docs
docs
src
static
versioned_docs
version-7.0.x
version-7.1.x
community
configuration
features
behaviour.md
installation.md
version-7.2.x
version-7.3.x
version-7.4.x
version-7.5.x
version-7.6.x
versioned_sidebars
.gitignore
README.md
babel.config.js
docusaurus.config.js
package-lock.json
package.json
sidebars.js
versions.json
pkg
providers
static
testdata
tools
.dockerignore
.gitignore
.golangci.yml
.pre-commit-config.yaml
CHANGELOG.md
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Dockerfile
LICENSE
MAINTAINERS
Makefile
README.md
RELEASE.md
SECURITY.md
dist.sh
go.mod
go.sum
main.go
main_suite_test.go
main_test.go
oauthproxy.go
oauthproxy_test.go
validator.go
validator_test.go
a22668eb8c7cd404a8ab930be2de54c75f5b97f2
oauth2-proxy/docs/versioned_docs/version-7.1.x/behaviour.md
Joel Speed f86e25aec2 Created versioned docs for v7.1.x 
Created with: yarn run docusaurus docs:version 7.0.x
2021-03-25 17:21:08 +00:00

865 B
Raw Blame History

id, title
id title
behaviour Behaviour
  1. Any request passing through the proxy (and not matched by --skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see --skip-jwt-bearer-tokens).
  2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)
  3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
  4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)

Notice that the proxy also provides a number of useful endpoints.