OAuth2-Proxy is a flexible, open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. It provides a simple and secure way to protect your web applications with OAuth2 / OIDC authentication. As a reverse proxy, it intercepts requests to your application and redirects users to an OAuth2 provider for authentication. As a middleware, it can be seamlessly integrated into your existing infrastructure to handle authentication for multiple applications.
OAuth2-Proxy supports a lot of OAuth2 as well as OIDC providers. Either through a generic OIDC client or a specific implementation for Google, Microsoft Entra ID, GitHub, login.gov and others. Through specialised provider implementations oauth2-proxy can extract more details about the user like preferred usernames and groups. Those details can then be forwarded as HTTP headers to your upstream applications.
OAuth2-Proxy's Installation Docs cover how to install and configure your setup. Additionally you can take a further look at the example setup files.
We publish oauth2-proxy as compiled binaries on GitHub for all major architectures as well as more exotic ones like ppc64le as well as s390x.
Check out the latest release.
From v7.6.0 and up the base image has been changed from Alpine to GoogleContainerTools/distroless.
This image comes with even fewer installed dependencies and thus should improve security. The image therefore is also slightly smaller than Alpine.
For debugging purposes (and those who really need it. e.g. armv6) we still provide images based on Alpine. The tags of these images are suffixed with -alpine.
Since 2023-11-18 we build nightly images directly from the master branch and provide them at quay.io/oauth2-proxy/oauth2-proxy-nightly.
These images are considered unstable and therefore should NOT be used for production purposes unless you know what you're doing.
Would you like to sponsor the project then please contact us at sponsors@oauth2-proxy.dev
Join the #oauth2-proxy Slack channel to chat with other users of oauth2-proxy or reach out to the maintainers directly. Use the public invite link to get an invite for the Gopher Slack space.
OAuth2-Proxy is a community-driven project. We rely on the contribut️ions of our users to continually improve it. While review times can vary, we appreciate your patience and understanding. As a volunteer-driven project, we strive to keep this project stable and might take longer to merge changes.
If you want to contribute to the project. Please see our Contributing guide.
Who uses OAuth2-Proxy? Have a look at our new ADOPTERS file and feel free to open a PR to add your organisation.
Thanks to all the people who already contributed ❤
Made with contrib.rocks.
If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly.
Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintainers, please compose an email and send it to the list of people listed in our MAINTAINERS file.
For more details read our full Security Docs
If you are running a version older than v6.0.0 we strongly recommend to the current version.
See open redirect vulnerability for details.
2018-11-27: This repository was forked from bitly/OAuth2_Proxy. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.
2020-03-29: This project was formerly hosted as pusher/oauth2_proxy but has been renamed to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries will be named oauth2-proxy.
OAuth2-Proxy is distributed under The MIT License.
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
