- Mar 21, 2019
-
-
timothy-spencer authored
-
timothy-spencer authored
-
Joel Speed authored
Set redirect URL path when host is present
-
Patrick Koenig authored
-
- Mar 20, 2019
-
-
YAEGASHI Takeshi authored
* Use encoding/json for SessionState serialization In order to make it easier to extend in future. * Store only email and user in cookie when cipher is unavailable This improves safety and robustness, and also preserves the existing behaviour. * Add TestEncodeSessionState/TestDecodeSessionState Use the test vectors with JSON encoding just introduced. * Support session state encoding in older versions * Add test cases for legacy session state strings * Add check for wrong expiration time in session state strings * Avoid exposing time.Time zero value when encoding session state string * Update CHANGELOG.md
-
Berjou authored
This commit fix the issue #98
-
Tim Spencer authored
* first stab at login.gov provider * fixing bugs now that I think I understand things better * fixing up dependencies * remove some debug stuff * Fixing all dependencies to point at my fork * forgot to hit save on the github rehome here * adding options for setting keys and so on, use JWT workflow instead of PKCE * forgot comma * was too aggressive with search/replace * need JWTKey to be byte array * removed custom refresh stuff * do our own custom jwt claim and store it in the normal session store * golang json types are strange * I have much to learn about golang * fix time and signing key * add http lib * fixed claims up since we don't need custom claims * add libs * forgot ioutil * forgot ioutil * moved back to pusher location * changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov * update dependencies * do JWTs properly * finished oidc flow, fixed up tests to work better * updated comments, added test that we set expiresOn properly * got confused with header and post vs get * clean up debug and test dir * add login.gov to README, remove references to my repo * forgot to remove un-needed code * can use sample_key* instead of generating your own * updated changelog * apparently golint wants comments like this * linter wants non-standard libs in a separate grouping * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * Update options.go Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov> * remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback * github doesn't seem to do gofmt when merging. :-) * update CODEOWNERS * check the nonce * validate the JWT fully * forgot to add pubjwk-url to README * unexport the struct * fix up the err masking that travis found * update nonce comment by request of @JoelSpeed * argh. Thought I'd formatted the merge properly, but apparently not. * fixed test to not fail if the query time was greater than zero
-
- Mar 15, 2019
-
-
einfachchr authored
* fixes deletion of splitted cookies * three minor adjustments to improve the tests * changed cookie name matching to regex * Update oauthproxy.go Co-Authored-By: einfachchr <einfachchr@gmail.com> * removed unused variable * Changelog
-
- Mar 13, 2019
-
-
Joel Speed authored
Revert OAuthCallbackPath
-
Joel Speed authored
-
- Mar 11, 2019
-
-
Joel Speed authored
Merge websocket proxy feature from openshift/oauth-proxy
-
Adam Szalkowski authored
Merge websocket proxy feature from openshift/oauth-proxy. Original author: Hiram Chirino <hiram@hiramchirino.com>
-
- Mar 08, 2019
-
-
Joel Speed authored
Fall back to using OIDC Subject instead of Email
-
Aigars Mahinovs authored
-
Aigars Mahinovs authored
Email is not mandatory field, Subject is mandatory and expected to be unique. Might want to take a look at UserInfo first, however. Issue: #56
-
- Mar 06, 2019
-
-
Joel Speed authored
Use non-root user in docker images
-
Joel Speed authored
Co-Authored-By: kskewes <karl.skewes@gmail.com>
-
- Mar 05, 2019
-
-
dt-rush authored
* Added conditional to prevent user-supplied redirect URL getting clobbered Change-type: patch * use redirectURL as OAuthCallbackURL (as it should be!) Change-type: patch
-
Ben authored
Type: docs I simply added the word health check. I was searching all over the package for a health check, to only realise that it had been called ping. I think the small addition might help others avoid my troubles.
-
Gabor Lekeny authored
-
Karl Skewes authored
Run as non-root user and group In the unlikely event that you are currently persisting data to disk then this change may break file read/write access due to a change in the UID/GID that the oauth2_proxy process runs as. Run as non-root system user and group `oauth2proxy` with UID/GID `2000` to avoid clashing with typical local users. An alternative to creating a separate user is to ~~chown binary and~~ run as `USER nobody`, which also works, can amend this PR if required. Least access privileges. Close: https://github.com/pusher/oauth2_proxy/issues/78 Locally with Docker (`-version`): ``` $ ps aux | grep oauth2 2000 25192 6.0 0.0 0 0 ? Ds 15:53 0:00 [oauth2_proxy] ``` Running in Kubernetes 1.13 with the following also specified: ``` securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 ``` ``` $ kubectl exec -it -n oauth2-proxy oauth2-proxy-85c9f58ffc-dz9lr sh /opt $ whoami whoami: unknown uid 10001 /opt $ ps aux PID USER TIME COMMAND 1 10001 0:00 /opt/oauth2_proxy --whitelist-domain=.example.com --cookie-domain=example.com --email-domain=example.com --upstream=file:///dev/null --http-address=0.0.0.0:4180 11 10001 0:00 sh 17 10001 0:00 ps aux ``` <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] My change requires a change to the documentation or CHANGELOG. - [x] I have updated the documentation/CHANGELOG accordingly. - [x] I have created a feature (non-master) branch for my PR.
-
- Mar 04, 2019
-
-
Marcel D. Juhnke authored
* added karrieretutor go-oidc fork for using an AAD B2C Policy * added karrieretutor go-oidc fork for using an AAD B2C Policy * added --skip-oidc-discovery option * added --skip-oidc-discovery option * add simple test for skip-oidc-discovery option * revert Dockerfile to pusher upstream * revert Dockerfile to pusher upstream * remove karrieretutor b2c option leftover * remove karrieretutor b2c option leftover * Fix typo (missing letters) Co-Authored-By: marratj <marrat@marrat.de> * Fix typo (missing letters) Co-Authored-By: marratj <marrat@marrat.de> * replace fake http client with NewProvider() from go-oidc * remove OIDC UserInfo URL option (not required) * add info about -skip-oidc-discovery to README * add note to changelog * Update outdated comment
-
- Feb 25, 2019
-
-
Mathias Söderberg authored
build: fix: configure fails if GOPATH environment variable not set
-
Fabian Holler authored
If the GOPATH enviroment variable was not set, go uses the default GOPATH (~/go/). The configure script was only checking if the GOPATH environment is set. If it wasn't the script was failing. Instead of checking if the GOPATH environment variable is set, check if "go env GOPATH" returns a non-emtpy string.
-
- Feb 22, 2019
-
-
David Holsgrove authored
* Access token forwarding through nginx auth request Related to #420. (cherry picked from commit b138872beaaa7f47d43a1c0fef11a67f57e61eff) Signed-off-by: David Holsgrove <david.holsgrove@biarri.com> * Improved documentation for auth request token (cherry picked from commit 6fab314f7203f4d652bb34247abb4e7cb497c41d) Signed-off-by: David Holsgrove <david.holsgrove@biarri.com> * Update README.md Example should set header as `X-Access-Token` Co-Authored-By: davidholsgrove <davidholsgrove@users.noreply.github.com> * Update Changelog to reference https://github.com/pusher/oauth2_proxy/pull/68 * Fix Changelog message location
-
- Feb 17, 2019
-
-
Joel Speed authored
Add oidc-issuer-url arg to README
-
- Feb 13, 2019
- Feb 09, 2019
-
-
Joel Speed authored
Update release notes for v3.1.0
-
- Feb 08, 2019
-
-
Joel Speed authored
-
Joel Speed authored
-
Joel Speed authored
Add Quay links to ARM repositories
-
Joel Speed authored
-
Joel Speed authored
-
- Feb 07, 2019
-
-
Joel Speed authored
Ensure binary archives are gzipped
-
Rafael Fonseca authored
-
- Feb 04, 2019
-
-
Joel Speed authored
feat(arm): Cross build arm and arm64 docker images
-
- Feb 03, 2019
-
-
Joel Speed authored
Change cookie index separator to underscore
-
Joel Speed authored
Whitelist domains
-
- Feb 02, 2019
-
-
Marcel D. Juhnke authored
-