Skip to content

Commit

Permalink
Access token forwarding through nginx auth request
Browse files Browse the repository at this point in the history 
Related to oauth2-proxy#420.
  • Loading branch information
@patrickfuller
patrickfuller committed Jul 16, 2017
1 parent 3c51c91 commit b138872
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,8 +370,10 @@ server {
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
auth_request_set $token $upstream_http_x_auth_request_access_token; # Available with --pass-access-token flag
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
proxy_set_header X-Token $token;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
Expand Down
3 changes: 3 additions & 0 deletions oauthproxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
if session.Email != "" {
rw.Header().Set("X-Auth-Request-Email", session.Email)
}
if p.PassAccessToken && session.AccessToken != "" {
rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
}
}
if p.PassAccessToken && session.AccessToken != "" {
req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}
Expand Down

0 comments on commit b138872

Please sign in to comment.