search

openshift / oauth-proxy

A reverse proxy that provides authentication with OpenShift via OAuth and Kubernetes service accounts
MIT License
261 stars 137 forks source link

Need the username/info from application #213

Closed zohiba closed 2 years ago

zohiba commented 3 years ago

Once the user is validated using the oauth proxy, is there a way to pass in that user info to the application?

vamseekrishna25 commented 3 years ago

there is a way to access the username of the logged-in user through the cookie created by OAuth proxy by disabling HTTPS only and secure to false. you can access cookie value through your frontend javascript with the help of libraries like js-cookie etc .the cookie value is base64 encoded so you need to decode it and you can get the username

zohiba commented 3 years ago

are you sure it is disabling HTTPS only ? I don't see any such option. I thought these are the two you were talking about "--cookie-secure=false", "--cookie-httponly=false",

vamseekrishna25 commented 3 years ago

yes "--cookie-secure=false", "--cookie-httponly=false" are the options to disable HTTPS only and secure. if you don't want to disable httpsonly for security reasons you can pass the cookie with your request to the server and decode in the server

zohiba commented 3 years ago

can you explain a little more on "how to pass the cookie with your request to the server"?

openshift-bot commented 2 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot commented 2 years ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot commented 2 years ago

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-ci[bot] commented 2 years ago

@openshift-bot: Closing this issue.

In response to [this](https://github.com/openshift/oauth-proxy/issues/213#issuecomment-974492984): >Rotten issues close after 30d of inactivity. > >Reopen the issue by commenting `/reopen`. >Mark the issue as fresh by commenting `/remove-lifecycle rotten`. >Exclude this issue from closing again by commenting `/lifecycle frozen`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
zohiba commented 1 year ago

HI @vamseekrishna25 do you know what configuration I should use to encrypt the _oauth_proxy value? I read I could use --cookie-secret-file or --cookie-secret but it is not working for me, I still see the value as base64 encoded, rather than getting encrypted with the secret I provided. Basically, I want the username to be secure and not easily decoded.