Comments (4)
Hey @Ghazgkull,
I appreciate our Documentation currently sucks, I have a personal project on-going in which I hope to improve the situation of our documentation but it may take some time before that is done. Please bear with us!
It looks to me like the problem you are having is that the proxy-prefix
isn't being honoured when redirecting to start by the start button, GET - "/oauth2/start?rd=%2F"
should be GET - "/logs/oauth2/start?rd=%2F"
right?
from oauth2-proxy.
@JoelSpeed Yes, the proxy-prefix
setting was the issue. Or rather, my interpretation of how it should behave.
I expected that proxy-prefix
is a way for me to configure the proxy path that oauth2_proxy
is behind. I expected that oauth2_proxy
would prepend proxy-prefix
to any paths it gives out. But I didn't expect proxy-prefix
to affect the route handling within oauth2_proxy
itself. I realize now that proxy-prefix
really just means path-prefix
and it's a way to tell oauth2-proxy
what paths to expect.
Armed with this new understanding, I was able to get oauth2_proxy
to start working with my OIDC provider (Okta).
I would really like a way to tell oauth2_proxy
that it's behind another proxy, though, the same way I can configure Kibana with what they call server.basePath
. It would allow to more seamlessly add oauth2_proxy
to setups like mine where I'm doing path-based routing to a particular microservice behind a single hostname and I want oauth2_proxy
to provide authorization just for that route. In my example, I want to route the public path /logs
to oauth2_proxy
using URL re-writing to remove the /logs
prefix of the path before it ever gets to the proxy. So oauth2_proxy
would receive traffic at its default routes. But any time it handed out a URL (like on the signup page), it would have to prepend `/logs.
from oauth2-proxy.
@Ghazgkull do you remember how you got it to work in the end We are also using a proxy (ambassador) in front of the oauth2 proxy.
when we go through Ambassador to reach /dashboard, we redirect to oauth2_proxy but the /dashboard is always kept...
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
Related Issues (20)
- [Bug]: Setting `proxy-prefix` in helm seems to break login
- [Bug]: Azure provider: problem with ProfileURL/ userInfoURL (duplicate of closed issue #2162 ) HOT 3
- [Support]: <Keycloak-OIDC failed> HOT 1
- [Bug]: GitHub private repo check throwing 500 instead of 403 when user does not have access
- [Bug]: Keycloak OIDC Provider Multiple Calls to Fetch Keys to Verify JWT in Auth Header
- [Support]: Add scope field inside bearer token
- [Support]: How to configure oauth2 with kubernetes HOT 1
- Trying to implement simple Oauth2-proxy/nginx configuration HOT 3
- [Bug]: wait-for-redis fails to detect redis with default image HOT 3
- [Support]: Connection refused to Keycloak instance running in the separate container
- [Bug]: Alpha-configuration environment variables are not being replaced HOT 1
- [Bug]: local-environment example for keycloak does not run HOT 1
- [--cookie-secret-file option]: new option to ease cookie-secret rotation HOT 1
- [Bug]: CVE-2024-24786 google.golang.org/protobuf HOT 1
- [Bug]: CVE-2023-45288 golang.org/x/net HOT 3
- [Bug]: CVE-2023-45288 github.com/go-jose/go-jose/v3 HOT 2
- [upstream with basic auth]: upstream may require basic auth
- [Feature]: Include sequence diagram in the documentation
- [Feature]: Don't require email for OIDC
- [Support]: unable to verify bearer token, failed to verify token: oidc: id token issued by a different provider HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.