Comments (15)
I want something similar - having a similar ability to -google-group
: specifying a group that the user must be a member of in order to be able to log in.
from oauth2-proxy.
This is the really needed feature. When it will get merged?
from oauth2-proxy.
Hello @JoelSpeed ,
Is this still on the radar?
Looking at the original PR, I don't see any breaking change on the Google provider (the requester kept the Google groups flags but mentioned them as deprecated).
Or is there something else preventing this fork to integrate this change?
from oauth2-proxy.
While trying to develop support for azure's app roles, I did notice it was very easy to trip the cookie size limit on the browser when Groups started being populated. I know AWS auto-splits the cookie, and that may be required (max 11k) to reasonably support this.
Background: I wanted access to Azure Application Roles, which forced having to create an Azure v2.0 provider, the current implementation is against the v1 api. I did base the changes off of the PR regarding Groups. So if we have a good direction on this, I'd like to see Roles get included (separate pr likely).
The WIP implementation is here.
from oauth2-proxy.
While trying to develop support for azure's app roles, I did notice it was very easy to trip the cookie size limit on the browser when Groups started being populated. I know AWS auto-splits the cookie, and that may be required (max 11k) to reasonably support this.
Just as an FYI, we have session cookie splitting built into the proxy so if you do start overflowing the 4k limit, we can handle that already 😄
https://github.com/pusher/oauth2_proxy/blob/908ac24257840b197163c6e0bec8954b56ca3656/oauthproxy.go#L325-L327
Also, we are making an effort to introduce sever-side sessions which will mitigate this problem (see #147 & #148)
from oauth2-proxy.
It can already be done via the Accesss-Token header which contains JWT token JSON
However this requires custom support to read this header in the application which only works in some scenarios.
In my setup X-Auth-Request-Access-Token contains JWT token with group information.
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
Any updates on this?
We really need this feature.
Thanks!
from oauth2-proxy.
Hello - I'm guessing this is still being discussed behind-the-scenes? Will it be considered?
from oauth2-proxy.
I would really like this too!
from oauth2-proxy.
I'd really like that as well!
+1 for the feature request!
from oauth2-proxy.
Hi all, I've had a pass over the original PR to bitly and think this is definitely something we should be supporting. I'm a bit concerned about the breaking changes it introduces though, we still need to work out how to handle those since taking over the project!
Does anyone have time to try and get a PR opened here based on the changes from the original PR? Perhaps @pasoroki?
from oauth2-proxy.
There are some outstanding comments on the PR, if the PR author can fix these then I'll re-review and hopefully it will be ready for merge
from oauth2-proxy.
Can the issue be reopen?
from oauth2-proxy.
@dekimsey have you succeed with your implementation? The link to your WIP is broken.
from oauth2-proxy.
Related Issues (20)
- [Support]: <Keycloak-OIDC failed> HOT 1
- [Bug]: GitHub private repo check throwing 500 instead of 403 when user does not have access
- [Bug]: Keycloak OIDC Provider Multiple Calls to Fetch Keys to Verify JWT in Auth Header
- [Support]: Add scope field inside bearer token
- [Support]: How to configure oauth2 with kubernetes HOT 1
- Trying to implement simple Oauth2-proxy/nginx configuration HOT 3
- [Bug]: wait-for-redis fails to detect redis with default image HOT 3
- [Support]: Connection refused to Keycloak instance running in the separate container
- [Bug]: Alpha-configuration environment variables are not being replaced HOT 1
- [Bug]: local-environment example for keycloak does not run HOT 1
- [--cookie-secret-file option]: new option to ease cookie-secret rotation HOT 1
- [Bug]: CVE-2024-24786 google.golang.org/protobuf HOT 1
- [Bug]: CVE-2023-45288 golang.org/x/net HOT 3
- [Bug]: CVE-2023-45288 github.com/go-jose/go-jose/v3 HOT 2
- [upstream with basic auth]: upstream may require basic auth
- [Feature]: Include sequence diagram in the documentation
- [Feature]: Don't require email for OIDC
- [Support]: unable to verify bearer token, failed to verify token: oidc: id token issued by a different provider HOT 1
- [Feature]: User.Read scope required for Azure Provider?
- [Support]: Problem with OAuth2 and Keycloak-oidc on Kibana in a Minikube Cluster
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.