mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-01-26 05:27:28 +02:00
3d203a1a03
* Home: Add a brief description of the behavior I could not find this information anywhere and think it is quite important for understanding how to use and configure the proxy for different use cases. (Especially the Ajax part is not mentioned anywhere else I believe.) I tried to keep it general enough so that it won't need updating often yet useful enough to have good value :) * Update docs/0_index.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
1.8 KiB
1.8 KiB
| layout | title | permalink | nav_order |
|---|---|---|---|
| default | Home | / | 0 |
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md).
Architecture
Behavior
- Any request passing through the proxy (and not matched by
--skip-auth-regex) is checked for the proxy's session cookie (--cookie-name) (or, if allowed, a JWT token - see--skip-jwt-bearer-tokens). - If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with
Accept: application/json, in which case 401 Unauthorized is returned) - After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
- The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)
Notice that the proxy also provides a number of useful endpoints.