oidc

package module

v1.0.0 Latest Latest Go to latest Published: Aug 22, 2024 License: MIT Imports: 25 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/higress-group/oauth2-proxy

Links

Open Source Insights

README ¶

Note: This repository is modified from oauth2-proxy for applications that support proxy wasm. For more details, refer to Higress OIDC Wasm Plugin.

OAuth2 Proxy

A reverse proxy and static file server that provides authentication using Providers (Google, Keycloak, GitHub and others) to validate accounts by email, domain or group.

Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

Note: This project was formerly hosted as pusher/oauth2_proxy but has been renamed as of 29/03/2020 to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries will be named oauth2-proxy.

Sign In Page

Installation

Choose how to deploy:

a. Using a Prebuilt Binary (current release is v7.6.0)

b. Using Go to install the latest release
```
$ go install github.com/oauth2-proxy/oauth2-proxy/v7@latest
```
This will install the binary into $GOPATH/bin. Make sure you include $GOPATH in your $PATH. Otherwise your system won't find binaries installed via go install

c. Using a Prebuilt Docker Image (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available)

d. Using a Pre-Release Nightly Docker Image (AMD64, PPC64LE, ARMv6, ARMv7, and ARM64 available)

e. Using the official Kubernetes manifest (Helm)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.
```
sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
```
Select a Provider and Register an OAuth Application with a Provider
Configure OAuth2 Proxy using config file, command line options, or environment variables
Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)

Security

If you are running a version older than v6.0.0 we strongly recommend you please update to a current version. See open redirect vulnerability for details.

Docs

Read the docs on our Docs site.

OAuth2 Proxy Architecture

Images

From v7.6.0 and up the base image has been changed from Alpine to GoogleContainerTools/distroless. This image comes with even fewer installed dependencies and thus should improve security. The image therefore is also slightly smaller than Alpine. For debugging purposes (and those who really need it (i.e. armv6)) we still provide images based on Alpine. The tags of these images are suffixed with -alpine.

Since 2023-11-18 we provide nightly images. These images are build and pushed nightly to quay.io/oauth2-proxy/oauth2-proxy-nightly from master. These images should be considered alpha and therefore should not be used for production purposes unless you know what you're doing.

Getting Involved

If you would like to reach out to the maintainers, come talk to us in the #oauth2-proxy channel in the Gophers slack.

Contributing

Please see our Contributing guidelines. For releasing see our release creation guide.

Documentation ¶

Index ¶

Constants
Variables
func LoadOptions(json gjson.Result) (*options.Options, error)
func SetLogger(log wrapper.Log)
type OAuthProxy
- func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error)

Constants ¶

View Source

const (
	SetCookieHeader = "Set-Cookie"
)

Variables ¶

View Source

var (
	// ErrNeedsLogin means the user should be redirected to the login page
	ErrNeedsLogin = errors.New("redirect to login page")

	// ErrAccessDenied means the user should receive a 401 Unauthorized response
	ErrAccessDenied = errors.New("access denied")
)

Functions ¶

func LoadOptions ¶

func LoadOptions(json gjson.Result) (*options.Options, error)

func SetLogger ¶

func SetLogger(log wrapper.Log)

Types ¶

type OAuthProxy ¶

type OAuthProxy struct {
	CookieOptions *options.Cookie

	ProxyPrefix string
	// contains filtered or unexported fields
}

OAuthProxy is the main authentication proxy

func NewOAuthProxy ¶

func NewOAuthProxy(opts *options.Options) (*OAuthProxy, error)

NewOAuthProxy creates a new instance of OAuthProxy from the options provided

func (*OAuthProxy) ClearSessionCookie ¶

func (p *OAuthProxy) ClearSessionCookie(rw http.ResponseWriter, req *http.Request) error

ClearSessionCookie creates a cookie to unset the user's authentication cookie stored in the user's session

func (*OAuthProxy) IsAllowedRequest ¶

func (p *OAuthProxy) IsAllowedRequest(req *http.Request) bool

IsAllowedRequest is used to check if auth should be skipped for this request

func (*OAuthProxy) OAuthCallback ¶

func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request)

OAuthCallback is the OAuth2 authentication flow callback that finishes the OAuth2 authentication flow

func (*OAuthProxy) OAuthStart ¶

func (p *OAuthProxy) OAuthStart(rw http.ResponseWriter, req *http.Request)

OAuthStart starts the OAuth2 authentication flow

func (*OAuthProxy) Proxy ¶

func (p *OAuthProxy) Proxy(rw http.ResponseWriter, req *http.Request)

Proxy proxies the user request if the user is authenticated else it prompts them to authenticate

func (*OAuthProxy) SaveSession ¶

func (p *OAuthProxy) SaveSession(rw http.ResponseWriter, req *http.Request, s *sessionsapi.SessionState) error

SaveSession creates a new session cookie value and sets this on the response

func (*OAuthProxy) ServeHTTP ¶

func (p *OAuthProxy) ServeHTTP(w http.ResponseWriter, req *http.Request)

func (*OAuthProxy) SetContext ¶

func (p *OAuthProxy) SetContext(ctx wrapper.HttpContext)

func (*OAuthProxy) SetVerifier ¶

func (p *OAuthProxy) SetVerifier(opts *options.Options)

func (*OAuthProxy) SignOut ¶

func (p *OAuthProxy) SignOut(rw http.ResponseWriter, req *http.Request)

SignOut sends a response to clear the authentication cookie

func (*OAuthProxy) ValidateVerifier ¶

func (p *OAuthProxy) ValidateVerifier() error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
pkg
apis/ip
apis/middleware
apis/options
apis/sessions
app/redirect
clock
cookies
encryption
ip
mapstructure Package mapstructure exposes functionality to convert one arbitrary Go type into another, typically to convert a map[string]interface{} into a native Go structure.	Package mapstructure exposes functionality to convert one arbitrary Go type into another, typically to convert a map[string]interface{} into a native Go structure.
middleware
providers/go_oidc
providers/oidc
providers/util
requests/util
sessions
sessions/cookie
util
validation
providers

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL