What is the output of oauth2_proxy OAuth cycle?

[michael-freidgeim-webjet]

I am trying to find what oauth2_proxy produces as the output of OAuth process. (the Readme.md is not clear enough).

1.It does generate the Cookie (## Name - the cookie name), but what is format of the cookie? Is it JWT id token, or authorisation code, or something else?

2.Which types of OpenID Connect Flows Authorization Code Flow/ Implicit Flow / Hybrid Flow oauth2_proxy supports?

3. Is id_token available? Should it be accessed similar to OAuth Access token via "X-Forwarded-Access-Token"?

4.Can my application access claims, returned by OAuth provider? (there are related questions on StackOverflow without answer https://stackoverflow.com/questions/43987043/restrict-access-to-an-application-using-oauth2-proxy-and-gitlab-as-its-provider and https://stackoverflow.com/questions/44819756/pass-oauth-credetnial-to-weapp-behind-nginx )

5.Is OpenID Connect Provider fully functional? It is not listed in the list of Valid providers.

6. Would you consider to move documentation from readme.md to wiki? It will give community a chance to help you maintain documentation.

[ploxiln]

The answer to most of your questions is "no".

oauth2_proxy mostly just uses the oauth flow to get a "pass" or "fail" determination. If "pass", then it generates and signs a cookie, and that's all you need to get through it and access the mostly-dumb web application behind it. It's just a simple gate to put in front of an internal website.

As an enhancement, oauth2_proxy can stash the email address and user name of the authenticated user in the signed cookie, and then pass those as trusted http headers to the mostly-dumb web application behind it.