wn/traefik-forward-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
109 Commits 2 Branches 18 Tags
Commit Graph

44 Commits

Author SHA1 Message Date
Wolfgang Hottgenroth
fb24320552
role added to configuration 2023-11-06 22:25:00 +01:00
Wolfgang Hottgenroth
f6120640d2
evaluate role in higher layer 2023-11-06 22:09:29 +01:00
Wolfgang Hottgenroth
ab2d527dbd
we get closer 2023-11-06 19:59:31 +01:00
Wolfgang Hottgenroth
5828a9a5a2
debugging for analyzing token 2023-11-06 18:15:03 +01:00
Thom Seddon
c4317b7503
Allow to be run without middleware + improve request reading consistency (#217) 
Prior to this change, the request URI was only ever read from the
X-Forwarded-Uri header which was only set when the container was
accessed via the forwardauth middleware. As such, it was necessary
to apply the treafik-forward-auth middleware to the treafik-forward-auth
container when running auth host mode.
This is a quirk, unnecessary complexity and is a frequent source of
configuration issues.
 2021-06-24 21:45:28 +01:00
hesstobi
6c6f75e80d
Make listen port configurable (#230) 
Co-authored-by: Tobias Hess <tobias.hess@energiekoppler.com>
 2021-02-01 20:10:50 +00:00
Thom Seddon
04f5499f0b
Allow override of domains and whitelist in rules (#169) 
Co-authored-by: Mathieu Cantin <mcantin@petalmd.com>
Co-authored-by: Pete Shaw <lozlow@users.noreply.github.com>
 2020-09-23 14:50:15 +01:00
Thom Seddon
41560feaa7
Support concurrent CSRF cookies by using a prefix of nonce (#187) 
* Support concurrent CSRF cookies by using a prefix of nonce.
* Move ValidateState out and make CSRF cookies last 1h
* add tests to check csrf cookie nam + minor tweaks

Co-authored-by: Michal Witkowski <michal@cerberus>
 2020-09-23 14:48:04 +01:00
Thom Seddon
9e5994b959
Add Generic OAuth Provider (#138) 2020-06-29 21:04:42 +01:00
Thom Seddon
870724c994
Fail if there is an error retrieving the user + extra test (#142) 
Previously this would fail, but permit the request, which isn't
normally what you'd want.
 2020-06-29 21:02:45 +01:00
Thom Seddon
be2b4ba9f4
Remove unused user fields (#141) 
These aren't actually used anywhere and can result in a parse error
if the ID field isn't a string
 2020-06-29 21:01:59 +01:00
Thom Seddon
2937b04fdb
Add support for resource indicator to OIDC provider (#131) 2020-06-11 12:24:51 +01:00
Thom Seddon
fb8b216481
Optionally match emails against *either* whitelist or domains when both are provided (#106) 
The previous behaviour would ignore domains if the whitelist parameter was provided, however if both parameters are provided then matching either is more likely the intent.
 2020-06-03 14:11:59 +01:00
Thom Seddon
8b3a950162
Add logout endpoint (#107) 
Add logout endpoint that clears the auth cookie + optional "logout-redirect" config option, to which, when set, the user will be redirected.
 2020-06-03 14:00:47 +01:00
Thom Seddon
60604ad3db Always prompt user to select account on google login 
This closes #103 and as discussed in that issue, hopefully fixes a
common source of error discussed in #31
 2020-05-12 13:50:05 +01:00
Thom Seddon
a668454a11 Warn when using http without insecure cookie 
Closes #114
 2020-05-12 13:20:51 +01:00
Thom Seddon
eec62eb03a Improve logging detail and consistency 
Closes #114
 2020-05-11 14:42:53 +01:00
Thom Seddon
7381450015 Improve internal function docs 2020-05-11 14:42:33 +01:00
Pierre Kisters
c3b4ba8244
Allow multiple cookie domains, domains and whitelists with environment variable (#98) 
* comma env-delim for array flags
* tests for env-delim flags
 2020-04-14 07:48:55 +01:00
Thom Seddon
3652a0b244 Add OIDC docs + examples 2020-02-10 17:09:09 +00:00
Thom Seddon
68c329901a Update go1.12 -> go1.13 + update dependencies + mod tidy 2020-02-10 17:09:09 +00:00
Thom Seddon
ffa5afbf22 Simplify oauth server testing 2020-02-10 17:09:09 +00:00
Thom Seddon
5a9c6adedf Multiple provider support + OIDC provider 2020-02-10 17:09:09 +00:00
Thom Seddon
a99330e6b2 Fix typos 2019-09-30 10:44:46 +01:00
Sandro
5a676f3068 Fix rules argument (#71) 2019-09-20 16:28:11 +01:00
Thom Seddon
3e6ccc8f45 Redirect to login on cookie expiry + simplify ValidateCookie function 
Possible fix for #31
 2019-06-13 15:13:52 +01:00
Thom Seddon
3e92400202 Fix backwards compat on "domain" config + remove "domains" config 
Fixes #48
 2019-06-11 13:14:29 +01:00
Thom Seddon
72fc88a82b Add extra tests for env var backwards compat 2019-06-11 10:08:47 +01:00
Thom Seddon
d33ecc0654 Make rule parsing more robust 
- check args length before popping
- ensure rule has name
 2019-06-10 11:38:50 +01:00
Thom Seddon
41a3f2a5a9 Fix missing client id/secret log message 2019-06-10 11:24:14 +01:00
Thom Seddon
5a17187855 Fix go-flags dep + formatting 2019-05-13 11:56:43 +01:00
Thom Seddon
a4a34dcd76 Handle unknown ini options 2019-05-07 19:17:42 +01:00
Thom Seddon
d1b12e4ffb Fix host/method rule matching + tests 2019-05-07 14:16:38 +01:00
Thom Seddon
6f3ac5efe5 pre-release logging + docs improvements and fixes 2019-05-07 12:05:47 +01:00
Thom Seddon
b0e4b6333d Use updated go-flags version for env-namespace support 
+ fix docs
 2019-05-07 10:39:29 +01:00
Thom Seddon
8f6e911045 Backwards compatability fixes 2019-04-23 19:16:24 +01:00
Thom Seddon
fa61c84373 Fix, improve + test google provider initiation 2019-04-23 18:48:18 +01:00
Thom Seddon
3cc9cd13e1 Update option descriptions + prefer multiple singular options 
Plus backwards compatability for legacy comma separated list options
 2019-04-23 18:26:56 +01:00
Thom Seddon
93912f4a6e Overhaul testing to use testify 2019-04-23 17:49:16 +01:00
Thom Seddon
2074bc7727 Import f1ba9b5 2019-04-18 16:37:41 +01:00
Thom Seddon
6968f6181b Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 16:37:41 +01:00
Thom Seddon
5597b7268b Use new rule config + tidy ups 2019-04-18 16:37:41 +01:00
Thom Seddon
e057f2d63a Improve qsdiff error reporting 2019-04-18 16:37:41 +01:00
Thom Seddon
9abe509f66 Refactor progress 
- move directory structure
- string based rule definition
- use traefik rule parsing
- drop toml config
- new flag library
- implement go dep
 2019-04-18 16:37:55 +01:00