Send X-Auth-Request-Access-Token in response to auth requests

This is supposed to be in 2.3, but bitly/oauth2_proxy#424 isn't merged yet.
jbarnette · Nov 2, 2017 · 521366f · 521366f
1 parent 40f6f96
commit 521366f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,15 @@
-FROM debian:stretch-slim as build
+FROM golang as build
 
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --yes curl
+RUN go get -d github.com/bitly/oauth2_proxy
+WORKDIR /go/src/github.com/bitly/oauth2_proxy
 
-ARG URL=https://github.com/bitly/oauth2_proxy/releases/download/v2.2/oauth2_proxy-2.2.0.linux-amd64.go1.8.1.tar.gz
-RUN curl -L $URL | tar xzvf - --strip-components=1
+COPY token.patch ./
+RUN git apply token.patch
+RUN CGO_ENABLED=0 go install
 
 FROM scratch
 
-COPY --from=build oauth2_proxy /
+COPY --from=build /go/bin/oauth2_proxy /
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 
 ENTRYPOINT ["/oauth2_proxy"]
diff --git a/token.patch b/token.patch
@@ -0,0 +1,14 @@
+diff --git a/oauthproxy.go b/oauthproxy.go
+index dd2b58e..19ed0e3 100644
+--- a/oauthproxy.go
++++ b/oauthproxy.go
+@@ -680,6 +680,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
+ 		if session.Email != "" {
+ 			rw.Header().Set("X-Auth-Request-Email", session.Email)
+ 		}
++		if p.PassAccessToken && session.AccessToken != "" {
++			rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
++		}
+ 	}
+ 	if p.PassAccessToken && session.AccessToken != "" {
+ 		req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}