We'd like to use the oauth2_proxy for a wildcard domain, i.e. *.ourservice.com.
The oauth2_proxy should serve as a generic gatekeeper for this domain. Upstream nginx would then do name-based forwarding based on the host header.
It looks like everything to achieve this is almost in place; oauth2_proxy forwards the original host header to nginx which can then do the decision.
However, oauth2_proxy needs a specific redirect_url to redirect after login. If we configure for example app1.ourservice.com as redirect_url, requests for app2.our.service.com would end up being redirected to app1.ourservice.com.
Is there a way to work around this limitation (without having to install multiple oauth2_proxies)?
Would it make sense to add support for this, for example to introduce a new option --redirect-path that takes the current host header as a base and just appends this path, so that the redirect-url is generated dynamically?
We're aware that we'd have to specify multiple redirect urls at the IDP too, but we can use wildcards there.
I actually found out that the desired behavior is already supprt; If I just omit the --redirect-url flag, then oauth2_proxy constructs the redirect url dynamically from the Host header it receives.
Hi all
We'd like to use the oauth2_proxy for a wildcard domain, i.e. *.ourservice.com. The oauth2_proxy should serve as a generic gatekeeper for this domain. Upstream nginx would then do name-based forwarding based on the host header.
It looks like everything to achieve this is almost in place; oauth2_proxy forwards the original host header to nginx which can then do the decision.
However, oauth2_proxy needs a specific redirect_url to redirect after login. If we configure for example app1.ourservice.com as redirect_url, requests for app2.our.service.com would end up being redirected to app1.ourservice.com.
Is there a way to work around this limitation (without having to install multiple oauth2_proxies)? Would it make sense to add support for this, for example to introduce a new option
--redirect-path
that takes the current host header as a base and just appends this path, so that the redirect-url is generated dynamically?We're aware that we'd have to specify multiple redirect urls at the IDP too, but we can use wildcards there.