Proposal for Official Fork

alexandre-leites commented 6 years ago

Hi,

As everyone here can see, the project is almost abandoned.

I believe someone or preferable a group of people fluent in Go lang should create an 'official' fork of the project so the community can contribute with PRs which won't be waiting forever at "Pull Requests" tab.

I'm not fluent in Go but I can help with docker images or something like that if needed.

====== Edit =====

According to @russtacular comment on 29 Aug 2018 this project is oficially discontinued. Therefore, while the community is discussing where it will be 'oficially' forked and supported, there are several projects already taking place as a migration path:

https://github.com/pusher/oauth2_proxy (see https://github.com/bitly/oauth2_proxy/issues/628#issuecomment-453494239) https://github.com/buzzfeed/sso https://github.com/openshift/oauth-proxy https://github.com/ploxiln/oauth2_proxy (see https://github.com/bitly/oauth2_proxy/issues/628#issuecomment-449255369 and https://github.com/bitly/oauth2_proxy/issues/628#issuecomment-449544677)

Also, there is a discussion on gofrs https://github.com/gofrs/help-requests/issues/32#issue-388720547

JoelSpeed commented 5 years ago

For those interested I have an update on the progress of the Pusher fork.

I have got to the stage where I am happy with the migration work (although if anyone would like to review the changes I have made please feel free https://github.com/pusher/oauth2_proxy/pull/7)
Once the migration work has been merged I will create a v3.0.0 release on the Pusher fork to distinguish where the migration was made and start accepting functionality PRs no top of this release
I am still on the look-out to add some maintainers to the repository. For the moment all opened PRs will request the pusher/cloud-team for review but if anyone else is interested in being given review/merge permissions, please email me joel[at]pusher.com
I have created a new PR (#684) to add an archival notice to this repo which notes the buzzfeed, openshift and pusher forks, this will need reviewing and hopefully merging by someone from bitly (Could @russtacular please help with this?)
I spoke with several members of the CNCF TOC before christmas about the project and they agree that the project could become a sandbox project with them but some work will need to be done before this can happen. In particular it will need a small amount of co-operation from Bitly so I'd like to initiate a conversation with someone from Bitly about whether they support the idea of transferring the project to the CNCF before I put any further effort into this, @russtacular could you confirm who would be best to talk to about this?

JoelSpeed commented 5 years ago

For interested parties, the new v3.0.0 release has now been merged and I will now start working on migrating PRs and issues over to the Pusher fork as and when I have time

https://github.com/pusher/oauth2_proxy/releases/tag/v3.0.0

adamdecaf commented 5 years ago

Thanks! Did you see the v3.0.0 image has a few known vulnerable libraries or alerts? The quay page 404's for me, but maybe they're visible to you?

https://quay.io/repository/pusher/oauth2_proxy?tag=latest&tab=tags

tlawrie commented 5 years ago

For interested parties, the new v3.0.0 release has now been merged and I will now start working on migrating PRs and issues over to the Pusher fork as and when I have time

https://github.com/pusher/oauth2_proxy/releases/tag/v3.0.0

@JoelSpeed Great work! Looking forward to switching to the Pusher version. Do you know when you will merge in the changes from your fork such as OIDC session refresh?

JoelSpeed commented 5 years ago

Thanks! Did you see the v3.0.0 image has a few known vulnerable libraries or alerts? The quay page 404's for me, but maybe they're visible to you?

Noted, they are also 404'ing for me so I will try and look into this, I suspect they are vulnerabilities in the debian base image we are using

@JoelSpeed Great work! Looking forward to switching to the Pusher version. Do you know when you will merge in the changes from your fork such as OIDC session refresh?

Working on that this week! See https://github.com/pusher/oauth2_proxy/pull/14

desimone commented 5 years ago

I recently released pomerium. Pomerium may be a good fit for new users, or those okay with significant breaking changes from oauth2_proxy.

Like oauth2_proxy, pomerium is a reverse proxy but has additional goals of supporting dynamic policy, and identity/device aware access control similar to BeyondCorp.

fnkr commented 5 years ago

@desimone Hi, Pomerium looks nice, especially in terms of code quality and structure. I do miss a few features (e.g. a provider for GitLab) but would be willing to contribute them. Is there a Gitter/Slack/similar chat to discuss things?

desimone commented 5 years ago

@fnkr thank you for your kind words!

If you don't mind creating an issue in our repo, I'm sure we can address both adding support for GitLab and finding a good place to discuss things.

apriendeau commented 5 years ago

Hey Everyone! There are several good forks out there. We recommend looking at them and using them! I have listed out the ones that I found in this list and will add them to the README redirecting people there.

pomerium Ploxlin oauth2_proxy fork Pusher oauth2_proxy fork

JoelSpeed commented 5 years ago

@apriendeau I already have a PR open to add a notice that this repo is archived and list maintained forks, do you have the ability to review it? #684

apriendeau commented 5 years ago

@JoelSpeed Thanks for saving me the effort! It has been merged and I am going to lock this conversation 👍

bitly / oauth2_proxy

Proposal for Official Fork #628