oauth2-proxy/oauth2-proxy
### [`v4.1.0`](https://togithub.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md#v410)
#### Release Highlights
- Added Keycloak provider
- Build on Go 1.13
- Upgrade Docker image to use Debian Buster
- Added support for FreeBSD builds
- Added new logo
- Added support for GitHub teams
#### Important Notes
N/A
#### Breaking Changes
N/A
#### Changes since v4.0.0
- [#292](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/292) Added bash >= 4.0 dependency to configure script ([@jmfrank63](https://togithub.com/jmfrank63))
- [#227](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/227) Add Keycloak provider ([@Ofinka](https://togithub.com/Ofinka))
- [#259](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/259) Redirect to HTTPS ([@jmickey](https://togithub.com/jmickey))
- [#273](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/273) Support Go 1.13 ([@dio](https://togithub.com/dio))
- [#275](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/275) docker: build from debian buster ([@syscll](https://togithub.com/syscll))
- [#258](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/258) Add IDToken for Azure provider ([@leyshon](https://togithub.com/leyshon))
- This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://oauth2-proxy.github.io/oauth2-proxy/configuration#redis-storage)
- [#286](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/286) Requests.go updated with useful error messages ([@biotom](https://togithub.com/biotom))
- [#274](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/274) Supports many github teams with api pagination support ([@toshi-miura](https://togithub.com/toshi-miura), [@apratina](https://togithub.com/apratina))
- [#302](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/302) Rewrite dist script ([@syscll](https://togithub.com/syscll))
- [#304](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/304) Add new Logo! :tada: ([@JoelSpeed](https://togithub.com/JoelSpeed))
- [#300](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/300) Added userinfo endpoint ([@kbabuadze](https://togithub.com/kbabuadze))
- [#309](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/309) Added support for custom CA when connecting to Redis cache ([@lleszczu](https://togithub.com/lleszczu))
- [#248](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored ([@webnard](https://togithub.com/webnard))
- [#314](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/314) Add redirect capability to sign_out ([@costelmoraru](https://togithub.com/costelmoraru))
- [#265](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/265) Add upstream with static response ([@cgroschupp](https://togithub.com/cgroschupp))
- [#317](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/317) Add build for FreeBSD ([@fnkr](https://togithub.com/fnkr))
- [#296](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/296) Allow to override provider's name for sign-in page ([@ffdybuster](https://togithub.com/ffdybuster))
### [`v4.0.0`](https://togithub.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md#v400)
#### Release Highlights
- Documentation is now on a [microsite](https://oauth2-proxy.github.io/oauth2-proxy/)
- Health check logging can now be disabled for quieter logs
- Authorization Header JWTs can now be verified by the proxy to skip authentication for machine users
- Sessions can now be stored in Redis. This reduces refresh failures and uses smaller cookies (Recommended for those using OIDC refreshing)
- Logging overhaul allows customisable logging formats
#### Important Notes
- This release includes a number of breaking changes that will require users to
reconfigure their proxies. Please read the Breaking Changes below thoroughly.
#### Breaking Changes
- [#231](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/231) Rework GitLab provider
- This PR changes the configuration options for the GitLab provider to use
a self-hosted instance. You now need to specify a `-oidc-issuer-url` rather than
explicit `-login-url`, `-redeem-url` and `-validate-url` parameters.
- [#186](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent
- This PR changes configuration options so that all flags have a config counterpart
of the same name but with underscores (`_`) in place of hyphens (`-`).
This change affects the following flags:
- The `--tls-key` flag is now `--tls-key-file` to be consistent with existing
file flags and the existing config and environment settings
- The `--tls-cert` flag is now `--tls-cert-file` to be consistent with existing
file flags and the existing config and environment settings
This change affects the following existing configuration options:
- The `proxy-prefix` option is now `proxy_prefix`.
This PR changes environment variables so that all flags have an environment
counterpart of the same name but capitalised, with underscores (`_`) in place
of hyphens (`-`) and with the prefix `OAUTH2_PROXY_`.
This change affects the following existing environment variables:
- The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`.
- The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`.
- [#146](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field
- This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain
a username.
In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains
the user's full email address instead.
- [#170](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/170) Pre-built binary tarballs changed format
- The pre-built binary tarballs again match the format of the [bitly](https://togithub.com/bitly/oauth2\_proxy) repository, where the unpacked directory
has the same name as the tarball and the binary is always named `oauth2_proxy`. This was done to restore compatibility with third-party automation
recipes like https://github.com/jhoblitt/puppet-oauth2\_proxy.
#### Changes since v3.2.0
- [#234](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates ([@jansinger](https://togithub.com/jansinger))
- [#224](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users ([@jpalpant](https://togithub.com/jpalpant))
- [#231](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider ([@Overv](https://togithub.com/Overv))
- [#226](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone ([@aeijdenberg](https://togithub.com/aeijdenberg))
- [#178](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags ([@kskewes](https://togithub.com/kskewes))
- [#209](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/209) Improve docker build caching of layers ([@dekimsey](https://togithub.com/dekimsey))
- [#186](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent ([@JoelSpeed](https://togithub.com/JoelSpeed))
- [#187](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/187) Move root packages to pkg folder ([@JoelSpeed](https://togithub.com/JoelSpeed))
- [#65](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via
the `-skip-jwt-bearer-token` options. ([@brianv0](https://togithub.com/brianv0))
- Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL
(e.g. `https://example.com/.well-known/jwks.json`).
- [#180](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/180) Minor refactor of core proxying path ([@aeijdenberg](https://togithub.com/aeijdenberg)).
- [#175](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/175) Bump go-oidc to v2.0.0 ([@aeijdenberg](https://togithub.com/aeijdenberg)).
- Includes fix for potential signature checking issue when OIDC discovery is skipped.
- [#155](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/155) Add RedisSessionStore implementation ([@brianv0](https://togithub.com/brianv0), [@JoelSpeed](https://togithub.com/JoelSpeed))
- Implement flags to configure the redis session store
- `-session-store-type=redis` Sets the store type to redis
- `-redis-connection-url` Sets the Redis connection URL
- `-redis-use-sentinel=true` Enables Redis Sentinel support
- `-redis-sentinel-master-name` Sets the Sentinel master name, if sentinel is enabled
- `-redis-sentinel-connection-urls` Defines the Redis Sentinel Connection URLs, if sentinel is enabled
- Introduces the concept of a session ticket. Tickets are composed of the cookie name, a session ID, and a secret.
- Redis Sessions are stored encrypted with a per-session secret
- Added tests for server based session stores
- [#168](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/168) Drop Go 1.11 support in Travis ([@JoelSpeed](https://togithub.com/JoelSpeed))
- [#169](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/169) Update Alpine to 3.9 ([@kskewes](https://togithub.com/kskewes))
- [#148](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/148) Implement SessionStore interface within proxy ([@JoelSpeed](https://togithub.com/JoelSpeed))
- [#147](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/147) Add SessionStore interfaces and initial implementation ([@JoelSpeed](https://togithub.com/JoelSpeed))
- Allows for multiple different session storage implementations including client and server side
- Adds tests suite for interface to ensure consistency across implementations
- Refactor some configuration options (around cookies) into packages
- [#114](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/114), [#154](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/154) Documentation is now available live at our [docs website](https://oauth2-proxy.github.io/oauth2-proxy/) ([@JoelSpeed](https://togithub.com/JoelSpeed), [@icelynjennings](https://togithub.com/icelynjennings))
- [#146](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field ([@gargath](https://togithub.com/gargath))
- [#144](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/144) Use GO 1.12 for ARM builds ([@kskewes](https://togithub.com/kskewes))
- [#142](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/142) ARM Docker USER fix ([@kskewes](https://togithub.com/kskewes))
- [#52](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/52) Logging Improvements ([@MisterWil](https://togithub.com/MisterWil))
- Implement flags to configure file logging
- `-logging-filename` Defines the filename to log to
- `-logging-max-size` Defines the maximum
- `-logging-max-age` Defines the maximum age of backups to retain
- `-logging-max-backups` Defines the maximum number of rollover log files to retain
- `-logging-compress` Defines if rollover log files should be compressed
- `-logging-local-time` Defines if logging date and time should be local or UTC
- Implement two new flags to enable or disable specific logging types
- `-standard-logging` Enables or disables standard (not request or auth) logging
- `-auth-logging` Enables or disables auth logging
- Implement two new flags to customize the logging format
- `-standard-logging-format` Sets the format for standard logging
- `-auth-logging-format` Sets the format for auth logging
- [#111](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/111) Add option for telling where to find a login.gov JWT key file ([@timothy-spencer](https://togithub.com/timothy-spencer))
- [#170](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs ([@zeha](https://togithub.com/zeha))
- [#185](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider ([@jonas](https://togithub.com/jonas))
- [#141](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/141) Check google group membership based on email address ([@bchess](https://togithub.com/bchess))
- Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized.
- [#195](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed ([@steakunderscore](https://togithub.com/steakunderscore))
- [#198](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/198) Switch from gometalinter to golangci-lint ([@steakunderscore](https://togithub.com/steakunderscore))
- [#159](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` ([@djfinlay](https://togithub.com/djfinlay))
- [#210](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/210) Update base image from Alpine 3.9 to 3.10 ([@steakunderscore](https://togithub.com/steakunderscore))
- [#201](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization ([@aledeganopix4d](https://togithub.com/aledeganopix4d))
- Implement flags to enable Bitbucket authentication:
- `-bitbucket-repository` Restrict authorization to users that can access this repository
- `-bitbucket-team` Restrict authorization to users that are part of this Bitbucket team
- [#211](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/211) Switch from dep to go modules ([@steakunderscore](https://togithub.com/steakunderscore))
- [#145](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/145) Add support for OIDC UserInfo endpoint email verification ([@rtluckie](https://togithub.com/rtluckie))
Configuration
📅 Schedule: "before 11pm" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box.
This PR contains the following updates:
3.3.2
->4.1.0
Release Notes
oauth2-proxy/oauth2-proxy
### [`v4.1.0`](https://togithub.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md#v410) #### Release Highlights - Added Keycloak provider - Build on Go 1.13 - Upgrade Docker image to use Debian Buster - Added support for FreeBSD builds - Added new logo - Added support for GitHub teams #### Important Notes N/A #### Breaking Changes N/A #### Changes since v4.0.0 - [#292](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/292) Added bash >= 4.0 dependency to configure script ([@jmfrank63](https://togithub.com/jmfrank63)) - [#227](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/227) Add Keycloak provider ([@Ofinka](https://togithub.com/Ofinka)) - [#259](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/259) Redirect to HTTPS ([@jmickey](https://togithub.com/jmickey)) - [#273](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/273) Support Go 1.13 ([@dio](https://togithub.com/dio)) - [#275](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/275) docker: build from debian buster ([@syscll](https://togithub.com/syscll)) - [#258](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/258) Add IDToken for Azure provider ([@leyshon](https://togithub.com/leyshon)) - This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://oauth2-proxy.github.io/oauth2-proxy/configuration#redis-storage) - [#286](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/286) Requests.go updated with useful error messages ([@biotom](https://togithub.com/biotom)) - [#274](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/274) Supports many github teams with api pagination support ([@toshi-miura](https://togithub.com/toshi-miura), [@apratina](https://togithub.com/apratina)) - [#302](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/302) Rewrite dist script ([@syscll](https://togithub.com/syscll)) - [#304](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/304) Add new Logo! :tada: ([@JoelSpeed](https://togithub.com/JoelSpeed)) - [#300](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/300) Added userinfo endpoint ([@kbabuadze](https://togithub.com/kbabuadze)) - [#309](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/309) Added support for custom CA when connecting to Redis cache ([@lleszczu](https://togithub.com/lleszczu)) - [#248](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored ([@webnard](https://togithub.com/webnard)) - [#314](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/314) Add redirect capability to sign_out ([@costelmoraru](https://togithub.com/costelmoraru)) - [#265](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/265) Add upstream with static response ([@cgroschupp](https://togithub.com/cgroschupp)) - [#317](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/317) Add build for FreeBSD ([@fnkr](https://togithub.com/fnkr)) - [#296](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/296) Allow to override provider's name for sign-in page ([@ffdybuster](https://togithub.com/ffdybuster)) ### [`v4.0.0`](https://togithub.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md#v400) #### Release Highlights - Documentation is now on a [microsite](https://oauth2-proxy.github.io/oauth2-proxy/) - Health check logging can now be disabled for quieter logs - Authorization Header JWTs can now be verified by the proxy to skip authentication for machine users - Sessions can now be stored in Redis. This reduces refresh failures and uses smaller cookies (Recommended for those using OIDC refreshing) - Logging overhaul allows customisable logging formats #### Important Notes - This release includes a number of breaking changes that will require users to reconfigure their proxies. Please read the Breaking Changes below thoroughly. #### Breaking Changes - [#231](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/231) Rework GitLab provider - This PR changes the configuration options for the GitLab provider to use a self-hosted instance. You now need to specify a `-oidc-issuer-url` rather than explicit `-login-url`, `-redeem-url` and `-validate-url` parameters. - [#186](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent - This PR changes configuration options so that all flags have a config counterpart of the same name but with underscores (`_`) in place of hyphens (`-`). This change affects the following flags: - The `--tls-key` flag is now `--tls-key-file` to be consistent with existing file flags and the existing config and environment settings - The `--tls-cert` flag is now `--tls-cert-file` to be consistent with existing file flags and the existing config and environment settings This change affects the following existing configuration options: - The `proxy-prefix` option is now `proxy_prefix`. This PR changes environment variables so that all flags have an environment counterpart of the same name but capitalised, with underscores (`_`) in place of hyphens (`-`) and with the prefix `OAUTH2_PROXY_`. This change affects the following existing environment variables: - The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`. - The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`. - [#146](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field - This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain a username. In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains the user's full email address instead. - [#170](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/170) Pre-built binary tarballs changed format - The pre-built binary tarballs again match the format of the [bitly](https://togithub.com/bitly/oauth2\_proxy) repository, where the unpacked directory has the same name as the tarball and the binary is always named `oauth2_proxy`. This was done to restore compatibility with third-party automation recipes like https://github.com/jhoblitt/puppet-oauth2\_proxy. #### Changes since v3.2.0 - [#234](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates ([@jansinger](https://togithub.com/jansinger)) - [#224](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users ([@jpalpant](https://togithub.com/jpalpant)) - [#231](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider ([@Overv](https://togithub.com/Overv)) - [#226](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone ([@aeijdenberg](https://togithub.com/aeijdenberg)) - [#178](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags ([@kskewes](https://togithub.com/kskewes)) - [#209](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/209) Improve docker build caching of layers ([@dekimsey](https://togithub.com/dekimsey)) - [#186](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent ([@JoelSpeed](https://togithub.com/JoelSpeed)) - [#187](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/187) Move root packages to pkg folder ([@JoelSpeed](https://togithub.com/JoelSpeed)) - [#65](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via the `-skip-jwt-bearer-token` options. ([@brianv0](https://togithub.com/brianv0)) - Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL (e.g. `https://example.com/.well-known/jwks.json`). - [#180](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/180) Minor refactor of core proxying path ([@aeijdenberg](https://togithub.com/aeijdenberg)). - [#175](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/175) Bump go-oidc to v2.0.0 ([@aeijdenberg](https://togithub.com/aeijdenberg)). - Includes fix for potential signature checking issue when OIDC discovery is skipped. - [#155](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/155) Add RedisSessionStore implementation ([@brianv0](https://togithub.com/brianv0), [@JoelSpeed](https://togithub.com/JoelSpeed)) - Implement flags to configure the redis session store - `-session-store-type=redis` Sets the store type to redis - `-redis-connection-url` Sets the Redis connection URL - `-redis-use-sentinel=true` Enables Redis Sentinel support - `-redis-sentinel-master-name` Sets the Sentinel master name, if sentinel is enabled - `-redis-sentinel-connection-urls` Defines the Redis Sentinel Connection URLs, if sentinel is enabled - Introduces the concept of a session ticket. Tickets are composed of the cookie name, a session ID, and a secret. - Redis Sessions are stored encrypted with a per-session secret - Added tests for server based session stores - [#168](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/168) Drop Go 1.11 support in Travis ([@JoelSpeed](https://togithub.com/JoelSpeed)) - [#169](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/169) Update Alpine to 3.9 ([@kskewes](https://togithub.com/kskewes)) - [#148](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/148) Implement SessionStore interface within proxy ([@JoelSpeed](https://togithub.com/JoelSpeed)) - [#147](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/147) Add SessionStore interfaces and initial implementation ([@JoelSpeed](https://togithub.com/JoelSpeed)) - Allows for multiple different session storage implementations including client and server side - Adds tests suite for interface to ensure consistency across implementations - Refactor some configuration options (around cookies) into packages - [#114](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/114), [#154](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/154) Documentation is now available live at our [docs website](https://oauth2-proxy.github.io/oauth2-proxy/) ([@JoelSpeed](https://togithub.com/JoelSpeed), [@icelynjennings](https://togithub.com/icelynjennings)) - [#146](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field ([@gargath](https://togithub.com/gargath)) - [#144](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/144) Use GO 1.12 for ARM builds ([@kskewes](https://togithub.com/kskewes)) - [#142](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/142) ARM Docker USER fix ([@kskewes](https://togithub.com/kskewes)) - [#52](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/52) Logging Improvements ([@MisterWil](https://togithub.com/MisterWil)) - Implement flags to configure file logging - `-logging-filename` Defines the filename to log to - `-logging-max-size` Defines the maximum - `-logging-max-age` Defines the maximum age of backups to retain - `-logging-max-backups` Defines the maximum number of rollover log files to retain - `-logging-compress` Defines if rollover log files should be compressed - `-logging-local-time` Defines if logging date and time should be local or UTC - Implement two new flags to enable or disable specific logging types - `-standard-logging` Enables or disables standard (not request or auth) logging - `-auth-logging` Enables or disables auth logging - Implement two new flags to customize the logging format - `-standard-logging-format` Sets the format for standard logging - `-auth-logging-format` Sets the format for auth logging - [#111](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/111) Add option for telling where to find a login.gov JWT key file ([@timothy-spencer](https://togithub.com/timothy-spencer)) - [#170](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs ([@zeha](https://togithub.com/zeha)) - [#185](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider ([@jonas](https://togithub.com/jonas)) - [#141](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/141) Check google group membership based on email address ([@bchess](https://togithub.com/bchess)) - Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized. - [#195](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed ([@steakunderscore](https://togithub.com/steakunderscore)) - [#198](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/198) Switch from gometalinter to golangci-lint ([@steakunderscore](https://togithub.com/steakunderscore)) - [#159](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` ([@djfinlay](https://togithub.com/djfinlay)) - [#210](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/210) Update base image from Alpine 3.9 to 3.10 ([@steakunderscore](https://togithub.com/steakunderscore)) - [#201](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization ([@aledeganopix4d](https://togithub.com/aledeganopix4d)) - Implement flags to enable Bitbucket authentication: - `-bitbucket-repository` Restrict authorization to users that can access this repository - `-bitbucket-team` Restrict authorization to users that are part of this Bitbucket team - [#211](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/211) Switch from dep to go modules ([@steakunderscore](https://togithub.com/steakunderscore)) - [#145](https://togithub.com/oauth2-proxy/oauth2-proxy/pull/145) Add support for OIDC UserInfo endpoint email verification ([@rtluckie](https://togithub.com/rtluckie))Configuration
📅 Schedule: "before 11pm" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.