Closed cben closed 3 years ago
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten /remove-lifecycle stale
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen
.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Exclude this issue from closing again by commenting /lifecycle frozen
.
/close
@openshift-bot: Closing this issue.
I don't understand OAuth protocol enough, don't know if this idea is feasible.
Motivation
When oauth-proxy sits in front of services that have JSON or other machine-readable APIs, and they are accessed by clients that are not a browser and won't do interactive login, those clients are normally configured out of band to provide a valid token/cookie. When that auth is misconfigured/expired, oauth-proxy returns 403 and the full HTML Login page. This is suboptimal because:
Secured with <a href="https://github.com/openshift/oauth-proxy#oauth2_proxy">OpenShift oauth-proxy</a> version 2.3.0
which is in last 500 bytes of the HTML (2) you sent auth but it was bad, which you can guess but it's not explicit.Proposal
When oauth-proxy is certain that HTML is not expected, returns a short text, e.g.:
When can we be "certain" this is not breaking? Not sure because I don't understand OAuth and how non-browser login flows may work... But I guess when oauth-proxy receives a header like
Accept: application/json, text/javascript
which doesn't allow text/html nor a*/*
fallback, this would be OK?