-skip-auth-regex flag does not work when using a redirect about oauth2-proxy HOT 4 CLOSED

If using with redirects, the path to be validated should be the redirect path

I think more explanation is needed.

It sounds like you're using the auth_request mode, possibly with kubernetes nginx ingress?

If the user tries to access (or follows a link to) example.com/actual/app and it is not whitelisted, then oauth2_proxy returns a 40x for the auth_request, and nginx redirects to /oauth2/sign_in or /oauth2/start?rd=... and they have to sign in before being redirected to /actual/app.

However, if example.com/actual/app is whitelisted, they should never get the redirect, they should go right through on the first attempt.

from oauth2-proxy.

So what we are seeing in the logs is that whilst we set the pattern to be, for example, /health the path being compared to is always the /oauth/auth path that is coming from the NGINX Controller.

When using this parameter with the Kubernetes Ingress Controller it would mean that it needs to check the rd= path and not the req.URL.Path

from oauth2-proxy.

Ah, right, if doing auth_request then the actual request path is normally not included anywhere in the auth request. (The "rd" parameter has never been used for the /oauth2/auth endpoint.) If you're doing auth_request from an nginx config, then you can have some location blocks with no auth pretty easily. For Kubernetes ingress, I don't know.

from oauth2-proxy.

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

from oauth2-proxy.