wn/traefik-forward-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add -prompt flag

Browse Source 
Space separated list of OpenID prompt options (https://developers.google.com/identity/protocols/OpenIDConnect#prompt)
This commit is contained in:
Thomas Vaillant 2018-11-05 16:43:30 +01:00
parent b54871391f
commit c897bc8387
4 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -35,6 +35,7 @@ The following configuration is supported:
|-domain|string|Comma separated list of email domains to allow| |-domain|string|Comma separated list of email domains to allow|
|-lifetime|int|Session length in seconds (default 43200)| |-lifetime|int|Session length in seconds (default 43200)|
|-url-path|string|Callback URL (default "_oauth")| |-url-path|string|Callback URL (default "_oauth")|
|-prompt|string|Space separated list of [OpenID prompt options](https://developers.google.com/identity/protocols/OpenIDConnect#prompt)|
Configuration can also be supplied as environment variables (use upper case and swap `-`'s for `_`'s e.g. `-client-id` becomes `CLIENT_ID`) Configuration can also be supplied as environment variables (use upper case and swap `-`'s for `_`'s e.g. `-client-id` becomes `CLIENT_ID`)

6
forwardauth.go
View File

@ -40,6 +40,8 @@ type ForwardAuth struct {
Domain []string Domain []string
Direct bool Direct bool
Prompt string
} }
// Request Validation // Request Validation
@ -114,7 +116,9 @@ func (f *ForwardAuth) GetLoginURL(r *http.Request, nonce string) string {
q.Set("client_id", fw.ClientId) q.Set("client_id", fw.ClientId)
q.Set("response_type", "code") q.Set("response_type", "code")
q.Set("scope", fw.Scope) q.Set("scope", fw.Scope)
// q.Set("approval_prompt", fw.ClientId) if fw.Prompt != "" {
q.Set("prompt", fw.Prompt)
}
q.Set("redirect_uri", f.redirectUri(r)) q.Set("redirect_uri", f.redirectUri(r))
q.Set("state", state) q.Set("state", state)

2
forwardauth_test.go
View File

@ -146,6 +146,7 @@ func TestGetLoginURL(t *testing.T) {
Host: "test.com", Host: "test.com",
Path: "/auth", Path: "/auth",
}, },
Prompt: "consent select_account",
} }
// Check url // Check url
@ -170,6 +171,7 @@ func TestGetLoginURL(t *testing.T) {
"redirect_uri": []string{"http://example.com/_oauth"}, "redirect_uri": []string{"http://example.com/_oauth"},
"response_type": []string{"code"}, "response_type": []string{"code"},
"scope": []string{"scopetest"}, "scope": []string{"scopetest"},
"prompt": []string{"consent select_account"},
"state": []string{"nonce:http://example.com/hello"}, "state": []string{"nonce:http://example.com/hello"},
} }
if !reflect.DeepEqual(qs, expectedQs) { if !reflect.DeepEqual(qs, expectedQs) {

3
main.go
View File

@ -142,6 +142,7 @@ func main() {
cookieSecure := flag.Bool("cookie-secure", true, "Use secure cookies") cookieSecure := flag.Bool("cookie-secure", true, "Use secure cookies")
domainList := flag.String("domain", "", "Comma separated list of email domains to allow") domainList := flag.String("domain", "", "Comma separated list of email domains to allow")
direct := flag.Bool("direct", false, "Run in direct mode (use own hostname as oppose to X-Forwarded-Host, used for testing/development)") direct := flag.Bool("direct", false, "Run in direct mode (use own hostname as oppose to X-Forwarded-Host, used for testing/development)")
prompt := flag.String("prompt", "", "Space separated list of OpenID prompt options")
flag.Parse() flag.Parse()
@ -216,6 +217,8 @@ func main() {
Domain: domain, Domain: domain,
Direct: *direct, Direct: *direct,
Prompt: *prompt,
} }
// Attach handler // Attach handler