oauth2-proxy

mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-08 04:03:58 +02:00

A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.

cloud-infrastructure hacktoberfest oauth2-proxy ssl sso

Go to file

ckwalsh c900c51a1b Unbreak oauth2-proxy for keycloak provider after 2c668a (#1502 ) * Unbreak oauth2-proxy for keycloak provider after 2c668a With 2c668a, oauth2-proxy fails a request if the token validation fails. Token validation always fails with the keycloak provider, due to the valudation request passing the token via the URL, and keycloak not parsing the url for tokens. This is fixed by forcing the validation request to pass the token via a header. This code taken from the DigitalOcean provider, which presumably forcing the token to be passed via header for the same reason. Test plan: I was unable to build a docker image to test the fix, but I believe it is relatively simple, and it passes the "looks good to me" test plan. * Add changelog entry for unbreak keycloak Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>		2022-05-29 11:08:04 +01:00
.github	Ensure docs release action has correct env	2022-02-20 14:07:56 +00:00
contrib	PKCE Support (#1541 )	2022-03-13 10:08:33 +00:00
docs	Update KeyCloak Auth Provider oidc_issuer_url (#1661 )	2022-05-29 10:20:42 +01:00
pkg	Add description on ipv6 address (#1635 )	2022-05-23 10:17:29 +01:00
providers	Unbreak oauth2-proxy for keycloak provider after 2c668a (#1502 )	2022-05-29 11:08:04 +01:00
testdata	Rename test directory to testdata	2020-10-06 21:37:25 +09:00
tools	Generate reference page in configuration	2021-01-18 09:57:44 +00:00
.dockerignore	Parameterise runtime image (#1478 )	2022-04-14 14:10:59 +01:00
.gitignore	PKCE Support (#1541 )	2022-03-13 10:08:33 +00:00
.golangci.yml	Skip gosec linting on tests	2020-08-09 07:55:41 -07:00
CHANGELOG.md	Unbreak oauth2-proxy for keycloak provider after 2c668a (#1502 )	2022-05-29 11:08:04 +01:00
CONTRIBUTING.md	Drop configure script in favour of native Makefile env and checks (#515 )	2020-05-09 16:07:46 +01:00
dist.sh	Update dist.sh	2022-02-17 22:59:11 +01:00
Dockerfile	Build ARMv8 Docker Images (#1594 )	2022-04-14 15:52:43 +01:00
go.mod	CVE fixes pertaining to text, crypto and prometheus	2022-05-13 14:53:24 -07:00
go.sum	CVE fixes pertaining to text, crypto and prometheus	2022-05-13 14:53:24 -07:00
LICENSE	add MIT license for google_auth_proxy	2014-06-09 16:25:26 -04:00
main_suite_test.go	Ensure errors in tests are logged to the GinkgoWriter	2021-02-10 19:50:04 +00:00
main_test.go	Implement configurable timeout for upstream connections	2022-05-18 11:41:17 +01:00
main.go	main: fix typo "convert-config-to-alpha"	2022-02-24 08:59:45 +01:00
MAINTAINERS	Add NickMeves to MAINTAINERS	2021-01-10 10:56:01 -08:00
Makefile	Build ARMv8 Docker Images (#1594 )	2022-04-14 15:52:43 +01:00
nsswitch.conf	Add nsswitch.conf to Docker image (#400 )	2020-02-23 18:16:18 +00:00
oauthproxy_test.go	Change error type for redirect parsing errors (#1649 )	2022-05-20 14:26:21 +01:00
oauthproxy.go	Change error type for redirect parsing errors (#1649 )	2022-05-20 14:26:21 +01:00
README.md	Build ARMv8 Docker Images (#1594 )	2022-04-14 15:52:43 +01:00
RELEASE.md	Migrate to oauth2-proxy/oauth2-proxy	2020-03-29 15:40:10 +01:00
SECURITY.md	Add Security Policy	2021-01-16 19:47:47 +00:00
validator_test.go	Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain.	2022-02-14 18:03:20 +01:00
validator.go	Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain.	2022-02-14 18:03:20 +01:00
version.go	Introduce Makefile	2019-01-04 10:58:30 +00:00
watcher_unsupported.go	Initalize TLS.Config when connecting to Redis with TLS (#1296 )	2021-10-19 09:17:42 +01:00
watcher.go	Initalize TLS.Config when connecting to Redis with TLS (#1296 )	2021-10-19 09:17:42 +01:00

README.md

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

Note: This project was formerly hosted as pusher/oauth2_proxy but has been renamed as of 29/03/2020 to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries will be named oauth2-proxy.

Installation

Choose how to deploy:

a. Download Prebuilt Binary (current release is v7.2.1)

b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy/v7 which will put the binary in $GOROOT/bin

c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, PPC64LE, ARMv6, ARMv8 and ARM64 available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.
```
sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
```
Select a Provider and Register an OAuth Application with a Provider
Configure OAuth2 Proxy using config file, command line options, or environment variables
Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)

Security

If you are running a version older than v6.0.0 we strongly recommend you please update to a current version. See open redirect vulnerability for details.

Docs

Read the docs on our Docs site.

Getting Involved

If you would like to reach out to the maintainers, come talk to us in the #oauth2-proxy channel in the Gophers slack.

Contributing

Please see our Contributing guidelines. For releasing see our release creation guide.