search

bitly / oauth2_proxy

A reverse proxy that provides authentication with Google, Github or other provider
MIT License
5.1k stars 1.21k forks source link

When provider is defined as oid, it is ignored (get Google instead) #589

Closed jgn closed 6 years ago

jgn commented 6 years ago

Example attempt to run:

  ./oauth2_proxy \
    --provider oidc \
    --email-domain=* \
    --upstream=http://127.0.0.1:9999/ \
    --cookie-secret=foob \
    --cookie-secure=true \
    --redirect-url=https://www.example.com/ouath2/callback \
    --client-id=id \
    --client-secret=secret

Log:

2018/05/13 12:30:08 oauthproxy.go:130: mapping path "/" => upstream "http://127.0.0.1:9999"
2018/05/13 12:30:08 oauthproxy.go:157: OAuthProxy configured for Google Client ID: oauth2_proxy

And then when browsing, the login says: "Sign in with a Google Account."

(Basically it seems that the oidc provider isn't hooked in.)

ploxiln commented 6 years ago

It's in the master branch, but it's not in the v2.2 release (which is over a year old).

jgn commented 6 years ago

Think I should delete these two issues? (I think the one about not throwing an error if you make up a provider is a genuine flaw.)

On Sun, May 13, 2018 at 4:29 PM, Pierce Lopez notifications@github.com wrote:

It's in the master branch, but it's not in the v2.2 release (which is over a year old).

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/bitly/oauth2_proxy/issues/589#issuecomment-388657352, or mute the thread https://github.com/notifications/unsubscribe-auth/AAC38q4ii0Ht4x48plVcZccR6RUOgMLcks5tyKXLgaJpZM4T84t3 .

-- John G. Norman https://www.linkedin.com/in/johngnorman • VP, Technology • Iora Health http://www.iorahealth.com 101 Tremont Street, 6th floor, Boston, MA 02108 651-356-9929

ploxiln commented 6 years ago

Yeah I'd close the two issues and leave open the confusing default provider one.

jgn commented 6 years ago

Closing out because this is awaiting release 2.3.

wglas85 commented 6 years ago

Please release version 2.3, because we really need OpenID Connect support,

ThX in advance, Wolfgang Glas

e-bits commented 5 years ago

Hi @wglas85, I was searching exactly for the same. But unluckily I was not able to find an official supported and maintained fork from oauth2_proxy.

I then tested the oidc integration with this docker image: a5huynh/oauth2_proxy and got it working with Auth0 as identity provider.

Let me list an extract from my docker-compose.yml, probably it helps you:

version: '3'

services:
  auth-proxy:
    image: a5huynh/oauth2_proxy
    ports:
      - "80:4180"
    command: [
      "--redirect-url=http://localhost",
      "--upstream=http://upstream:3000",
      "--login-url=https://your-identity-provider/authorize",
      "--redeem-url=https://your-identity-provider/oauth/token",
      "--validate-url=https://your-identity-provider/userinfo",
      "--email-domain=*",
      "--http-address=0.0.0.0:4180",
      "--skip-provider-button",
      "--scope=openid profile email",
      "--cookie-secure=false"
    ]
    environment:
      OAUTH2_PROXY_CLIENT_ID: client-id
      OAUTH2_PROXY_CLIENT_SECRET: client-secret
      OAUTH2_PROXY_COOKIE_SECRET: cookie-secert

Cheers e-bits