Access token forwarding through nginx auth request #424
Conversation
README.md
Outdated
| @@ -370,8 +370,10 @@ server { | |||
| # requires running with --set-xauthrequest flag | |||
| auth_request_set $user $upstream_http_x_auth_request_user; | |||
| auth_request_set $email $upstream_http_x_auth_request_email; | |||
| auth_request_set $token $upstream_http_x_auth_request_access_token; # Available with --pass-access-token flag | |||
There was a problem hiding this comment.
This line is a bit long - I'd put the comment on a separate line just above.
(You could also group with proxy_set_header line, like --cookie-refresh group just below.)
There was a problem hiding this comment.
Done - followed the cookie-refresh example.
|
Looks good to me. |
|
Is this going to be merged any time soon? This would be really useful for me |
This is supposed to be in 2.3, but bitly/oauth2_proxy#424 isn't merged yet.
|
Agreed, this would be useful for me as well. |
|
Hi, can we have this merged soon, please? |
|
Agree with Isde. This should be merged. Running into same issue where I would like to have token be usable in nginx that is in front of oauth2_proxy. Please merge. |
rebased+squashed version of bitly PR 424
|
Any update on merging this? will be super helpful |
|
There will be no more merges or releases for this repository - see #628 (comment) and read down to see discussion of a maintained fork. I've started my own fork, and made a v2.3 release which includes this change, see https://github.com/ploxiln/oauth2_proxy/releases |
Related to #420.
This enables expected behavior when using:
If both of these are set, the access token will be included in an
X-Auth-Request-Access-Tokenheader, following theX-Auth-Request-*pattern used forUserandEmail.The access token allows for further validation by upstream services. In my case, I use the token to get more user information, which is then used to set read-only / read-write / admin permissions on internal software.