search

bitly / oauth2_proxy

A reverse proxy that provides authentication with Google, Github or other provider
MIT License
5.1k stars 1.21k forks source link

Support dynamic redirect urls #604

Closed MatthiasWinzeler closed 6 years ago

MatthiasWinzeler commented 6 years ago

Hi all

We'd like to use the oauth2_proxy for a wildcard domain, i.e. *.ourservice.com. The oauth2_proxy should serve as a generic gatekeeper for this domain. Upstream nginx would then do name-based forwarding based on the host header.

It looks like everything to achieve this is almost in place; oauth2_proxy forwards the original host header to nginx which can then do the decision.

However, oauth2_proxy needs a specific redirect_url to redirect after login. If we configure for example app1.ourservice.com as redirect_url, requests for app2.our.service.com would end up being redirected to app1.ourservice.com.

Is there a way to work around this limitation (without having to install multiple oauth2_proxies)? Would it make sense to add support for this, for example to introduce a new option --redirect-path that takes the current host header as a base and just appends this path, so that the redirect-url is generated dynamically?

We're aware that we'd have to specify multiple redirect urls at the IDP too, but we can use wildcards there.

ts-mini commented 6 years ago

https://github.com/bitly/oauth2_proxy/pull/464

MatthiasWinzeler commented 6 years ago

I actually found out that the desired behavior is already supprt; If I just omit the --redirect-url flag, then oauth2_proxy constructs the redirect url dynamically from the Host header it receives.