Skip to content

A reverse proxy that provides authentication with Google, Github or other providers.

License

Notifications You must be signed in to change notification settings

liquidinvestigations/oauth2-proxy

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OAuth2 Proxy

Build Status Go Report Card GoDoc MIT licensed Maintainability Test Coverage

Oauth2-proxy forked for Liquid Investigations

This fork adds a liquid provider to replace https://github.com/liquidinvestigations/authproxy/, you can find it under providers/liquid.go.

Environment variables specific for the liquid provider:

  • LIQUID_HTTP_PROTOCOL - must be set to http or https
  • LIQUID_DOMAIN - domain name of the auth provider service, e.g. liquid.example.org
  • LIQUID_ENABLE_HYPOTHESIS_HEADERS - if set, sets the X-Forwarded-User header to acct:USERNAME@LIQUID_DOMAIN instead of just the username. This is required by Hypothesis only.

Example usage, with other relevant configs set:

  • OAUTH2_PROXY_CLIENT_ID = CLIENT_ID
  • OAUTH2_PROXY_CLIENT_SECRET = CLIENT_SECRET
  • OAUTH2_PROXY_COOKIE_SECRET = "28654d2ed1e9fe3e"
  • OAUTH2_PROXY_EMAIL_DOMAIN = *
  • OAUTH2_PROXY_HTTP_ADDRESS = "0.0.0.0:5000"
  • OAUTH2_PROXY_PROVIDER = "liquid"
  • OAUTH2_PROXY_REDEEM_URL = "http://10.66.60.1:8768/o/token/"
  • OAUTH2_PROXY_PROFILE_URL = "http://10.66.60.1:8768/accounts/profile"
  • OAUTH2_PROXY_REDIRECT_URL = "http://hoover.liquid.example.org/oauth2/callback"
  • OAUTH2_PROXY_COOKIE_HTTPONLY = false
  • OAUTH2_PROXY_COOKIE_SECURE = false
  • OAUTH2_PROXY_SKIP_PROVIDER_BUTTON = true
  • OAUTH2_PROXY_SET_XAUTHREQUEST = true
  • OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY = true
  • OAUTH2_PROXY_SSL_UPSTREAM_INSECURE_SKIP_VERIFY = true
  • OAUTH2_PROXY_WHITELIST_DOMAINS = ".liquid.example.org"
  • OAUTH2_PROXY_REVERSE_PROXY = true
  • LIQUID_DOMAIN = liquid.example.org
  • LIQUID_HTTP_PROTOCOL = http
  • OAUTH2_PROXY_UPSTREAMS = "http://10.66.60.1:20341"

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

Note: This project was formerly hosted as pusher/oauth2_proxy but has been renamed as of 29/03/2020 to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries will be named oauth2-proxy.

Sign In Page

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v7.2.1)

    b. Build with $ go get github.com/oauth2-proxy/oauth2-proxy/v7 which will put the binary in $GOROOT/bin

    c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, ARMv6 and ARM64 tags available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2-proxy-x.y.z.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)

Security

If you are running a version older than v6.0.0 we strongly recommend you please update to a current version. See open redirect vulnerability for details.

Docs

Read the docs on our Docs site.

OAuth2 Proxy Architecture

Getting Involved

If you would like to reach out to the maintainers, come talk to us in the #oauth2-proxy channel in the Gophers slack.

Contributing

Please see our Contributing guidelines. For releasing see our release creation guide.

About

A reverse proxy that provides authentication with Google, Github or other providers.

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 98.2%
  • Other 1.8%