A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
Note: This repository was forked from bitly/OAuth2_Proxy on 27/11/2018. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.
Note: This project was formerly hosted as
pusher/oauth2_proxy but has been renamed as of 29/03/2020 to
Going forward, all images shall be available at
quay.io/oauth2-proxy/oauth2-proxy and binaries will be named
Choose how to deploy:
a. Download Prebuilt Binary (current release is
b. Build with
$ go install github.com/oauth2-proxy/oauth2-proxy/v7@latestwhich will put the binary in
c. Using the prebuilt docker image quay.io/oauth2-proxy/oauth2-proxy (AMD64, PPC64LE, ARMv6, ARMv8 and ARM64 available)
Prebuilt binaries can be validated by extracting the file and verifying it against the
sha256sum.txtchecksum file provided for each release starting with version
sha256sum -c sha256sum.txt 2>&1 | grep OK oauth2-proxy-x.y.z.linux-amd64: OK
Select a Provider and Register an OAuth Application with a Provider
Configure OAuth2 Proxy using config file, command line options, or environment variables
Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
If you are running a version older than v6.0.0 we strongly recommend you please update to a current version. See open redirect vulnerability for details.
Read the docs on our Docs site.
If you would like to reach out to the maintainers, come talk to us in the
#oauth2-proxy channel in the Gophers slack.
Please see our Contributing guidelines. For releasing see our release creation guide.