* update README.md to include instructions on how to verify prebuilt binaries for new releases.

GitHub use login as user

- Save both user and email in session state:
    Encoding/decoding methods save both email and user
    field in session state, for use cases when User is not derived from
    email's local-parth, like for GitHub provider.

    For retrocompatibility, if no user is obtained by the provider,
    (e.g. User is an empty string) the encoding/decoding methods fall back
    to the previous behavior and use the email's local-part

    Updated also related tests and added two more tests to show behavior
    when session contains a non-empty user value.

- Added first basic GitHub provider tests

- Added GetUserName method to Provider interface
    The new GetUserName method is intended to return the User
    value when this is not the email's local-part.

    Added also the default implementation to provider_default.go

- Added call to GetUserName in redeemCode

    the new GetUserName method is used in redeemCode
    to get SessionState User value.

    For backward compatibility, if GetUserName error is
    "not implemented", the error is ignored.

- Added GetUserName method and tests to github provider.

options: update options parsing for better handling of incorrect values

* don't add in failed compiled regexes for skip auth regex option
* improve test coverage for skip auth regex option to handle partial
success case
* add tests for incorrect upstream options parsing errors

raw url encoding

Switch from gpm -> dep for dependency management

Switch from 18F/hmacauth to mbland/hmacauth

Since I'm no longer with 18F, I've re-released hmacauth under the ISC
license as opposed to the previous CC0 license. There have been no
changes to the hmacauth code itself, and all tests still pass.

providers: update gitlab api endpoint to use latest version, v4

Don't set the cookie domain to the host by default, as it breaks Cookie Prefixes

Swap out bmizerany/assert package in favor of stretchr/testify/assert

Clarify that GitHub team option in README

Add OpenID Connect provider name.

Drop deprecated MyUSA provider.

[Resolves #390]

Use read_user as default scope for GitLab

*: add an OpenID Connect provider

See the README for usage with Dex or any other OIDC provider.

To test run a backend:

    python3 -m http.server

Run dex and modify the example config with the proxy callback:

    go get github.com/coreos/dex/cmd/dex
    cd $GOPATH/src/github.com/coreos/dex
    sed -i.bak \
      's|http://127.0.0.1:5555/callback|http://127.0.0.1:5555/oauth2/callback|g' \
       examples/config-dev.yaml
    make
    ./bin/dex serve examples/config-dev.yaml

Then run the oauth2_proxy

    oauth2_proxy \
      --oidc-issuer-url http://127.0.0.1:5556/dex \
      --upstream http://localhost:8000 \
      --client-id example-app \
      --client-secret ZXhhbXBsZS1hcHAtc2VjcmV0 \
      --cookie-secret foo \
      --email-domain '*' \
      --http-address http://127.0.0.1:5555 \
      --redirect-url http://127.0.0.1:5555/oauth2/callback \
      --cookie-secure=false

Login with the username/password "admin@example.com:password"

nginx auth_request: fix -skip-provider-button

Updates README.md with svg badge

strip all tokens

gracefully report un-parsed upstream URL

Remove check for >0 upstreams

Update cookie generation to match base64 encoding

upstreamURL is a nil pointer if there is an error parsing --upstream

When used solely for auth_request there is no upstream.
Instead of forcing users to set a dummy upstream, remove
the check.

Current code is using URLEncoding but example was using the
standard RFC 4648 encoding. Switch to using the URL
encoding in the example as well.