Code Monkey home page Code Monkey logo

Comments (4)

ploxiln avatar ploxiln commented on August 20, 2024

If you use oauth2_proxy in the original proxy mode, instead of the more flexible and complicated auth_request mode, then you can do this with the --pass-basic-auth flag. (The password put in the basic auth to the upstream can be set with the --basic-auth-password flag.)

You can get the username from auth_request but putting it into a basic auth header for the upstream is not easy. You may try to adapt from this part of the example at the bottom of the README:

    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;

from oauth2_proxy.

adilinden avatar adilinden commented on August 20, 2024

Right, only x_auth_request_user and x_auth_request_email work in auth_request mode as oauth2_proxy can only pass header back to nginx, not insert into the stream going to the client. Didn't think of it until you clarified.

I guess this leaves me with 3 options:

  1. Modify the backend server to accept a definable HTTP header containing username instead of a basic auth line.
  2. Modify oauth2_proxy to pass a header with base64 encoded username to nginx.
  3. Figure out if nginx can base64 encode a string, after receiving it from outh2_proxy to add the new header.

from oauth2_proxy.

adilinden avatar adilinden commented on August 20, 2024

I guess I need to learn more about HTTP headers. Although my backend application states "Basic Web Authentication" it does not look only for the Authentication header, but also a number of others, such as REMOTE_USER. The information you provided will accomplish what I need by setting the REMOTE_USER header appropriately. I am already doing just that with another backend.

Interestingly enough, I didn't know that the RFC requires REMOTE_USER to be set to the user ID supplied when Basic Authentication is used. RFC 3875 - The Common Gateway Interface (CGI) Version 1.1 section 4.1.11.

I think that answers my question. Thank you so much for the quick and very helpful response!

from oauth2_proxy.

ploxiln avatar ploxiln commented on August 20, 2024

I'm glad you got it working :)

from oauth2_proxy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.