Categorygithub.com/pusher/oauth2_proxy
modulepackage
5.1.1+incompatible
Repository: https://github.com/pusher/oauth2_proxy.git
Documentation: pkg.go.dev
Overview
Versions
5
Dependencies
46
Dependents
0
Files
2.6k SLOC

# README

OAuth2 Proxy

Build Status Go Report Card GoDoc MIT licensed

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.

Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

Sign In Page

Installation

  1. Choose how to deploy:

    a. Download Prebuilt Binary (current release is v5.1.1)

    b. Build with $ go get github.com/pusher/oauth2_proxy which will put the binary in $GOROOT/bin

    c. Using the prebuilt docker image quay.io/pusher/oauth2_proxy (AMD64, ARMv6 and ARM64 tags available)

Prebuilt binaries can be validated by extracting the file and verifying it against the sha256sum.txt checksum file provided for each release starting with version v3.0.0.

sha256sum -c sha256sum.txt 2>&1 | grep OK
oauth2_proxy-5.1.1.linux-amd64: OK
  1. Select a Provider and Register an OAuth Application with a Provider
  2. Configure OAuth2 Proxy using config file, command line options, or environment variables
  3. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)

Security

If you are running a version older than v5.1.0 we strongly recommend you please update to a current version. See open redirect vulnverability for details.

Docs

Read the docs on our Docs site.

OAuth2 Proxy Architecture

Getting Involved

If you would like to reach out to the maintainers, come talk to us in the #oauth2_proxy channel in the Gophers slack.

Contributing

Please see our Contributing guidelines. For releasing see our release creation guide.

# Packages

No description provided by the author
No description provided by the author

# Functions

LoggingHandler provides an http.Handler which logs requests to the HTTP server.
NewFileServer creates a http.Handler to serve files from the filesystem.
NewHtpasswd consctructs an HtpasswdFile from an io.Reader (opened file).
NewHtpasswdFromFile constructs an HtpasswdFile from the file at the path given.
NewOAuthProxy creates a new instance of OAuthProxy from the options provided.
NewOptions constructs a new Options with defaulted values.
NewReverseProxy creates a new reverse proxy for proxying requests to upstream servers.
NewUserMap parses the authenticated emails file into a new UserMap.
NewValidator constructs a function to validate email addresses.
NewWebSocketOrRestReverseProxy creates a reverse proxy for REST or websocket based on url.
WaitForReplacement waits for a file to exist on disk and then starts a watch for the file.
WatchForUpdates performs an action every time a file on disk is updated.

# Constants

SignatureHeader is the name of the request header containing the GAP Signature Part of hmacauth.

# Variables

ErrNeedsLogin means the user should be redirected to the login page.
SignatureHeaders contains the headers to be signed by the hmac algorithm Part of hmacauth.
VERSION contains version information.

# Structs

HtpasswdFile represents the structure of an htpasswd file.
OAuthProxy is the main authentication proxy.
Options holds Configuration Options that can be set by Command Line Flag, or Config File.
Server represents an HTTP server.
SignatureData holds hmacauth signature hash and key.
UpstreamProxy represents an upstream server to proxy to.
UserMap holds information from the authenticated emails file.

# Type aliases

EnvOptions holds program options loaded from the process environment.
StringArray is a type alias for a slice of strings.