Comments (4)
If using with redirects, the path to be validated should be the redirect path
I think more explanation is needed.
It sounds like you're using the auth_request
mode, possibly with kubernetes nginx ingress?
If the user tries to access (or follows a link to) example.com/actual/app and it is not whitelisted, then oauth2_proxy returns a 40x for the auth_request, and nginx redirects to /oauth2/sign_in or /oauth2/start?rd=... and they have to sign in before being redirected to /actual/app.
However, if example.com/actual/app is whitelisted, they should never get the redirect, they should go right through on the first attempt.
from oauth2-proxy.
So what we are seeing in the logs is that whilst we set the pattern to be, for example, /health
the path being compared to is always the /oauth/auth
path that is coming from the NGINX Controller.
When using this parameter with the Kubernetes Ingress Controller it would mean that it needs to check the rd=
path and not the req.URL.Path
from oauth2-proxy.
Ah, right, if doing auth_request
then the actual request path is normally not included anywhere in the auth request. (The "rd" parameter has never been used for the /oauth2/auth
endpoint.) If you're doing auth_request
from an nginx config, then you can have some location blocks with no auth pretty easily. For Kubernetes ingress, I don't know.
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
Related Issues (20)
- [Bug]:/internal-auth/oauth2/auth not working HOT 1
- [Support]: show login screen instead of automatically redirecting to oAuth provider HOT 2
- [Bug]: Possible README Inaccuracy HOT 7
- [Support]: Can not get X-Auth-Request-Email and X-Auth-Request-User
- [Support]: Synology basic reverse proxy and sso server => oauth2-proxy => another docker application to protect by auth HOT 1
- [Support]: Getting CRSF cookie or cookie limit 4kb error HOT 2
- [Feature]: auto refresh token HOT 5
- "403: You do not have permission to access this resource." but only for some users HOT 1
- [Bug]: Docs - htpasswd-file description does not mention SHA1 encryption HOT 2
- [Bug]: 500 (Internal Server Error) on invalid cookie
- [Bug]: Infinite loop if the Csrf cookie is set twice
- [Support]: nginx + oauth2-proxy, logout configuration
- [Feature]: options for add files in /oauth2/static/ HOT 4
- [Feature]: Guides for rauthy and/or authelia
- [Bug]: Unable to use hyphen in JSON path for oidc-groups-claim option
- [Bug]: Invalid authentication via OAuth2 via Github for the owner of the organisation HOT 6
- [Bug]: Possible typo in source code for static upstreams HOT 2
- [Bug]: Incomplete source of request urls for skip_auth_routes feature
- [Bug]: Redirect after second google login to home page not working
- [Support]: 401 Authorization Required even finished authentication HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.