Comments (13)
Hi @loispostula,
Just a couple of thoughts on this. Does the error persist when you have --pass-authorization-header=false
? What happens in this case?
Have you also tried --cookie-secure=true
? I notice your redirect URL is on HTTPS so the cookie should be set to HTTPS also
from oauth2-proxy.
@JoelSpeed - No matter the combination of settings that I do, I keep on getting " Error loading cookied session: Cookie "_oauth2_proxy" not present" persistently with 401 in Nginx ingress logs.
Configuration currently been used:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
name: pages-test-ingress
spec:
rules:
- host: xxx-test.infra.xxx.eu
http:
paths:
- backend:
serviceName: nginx-pages
servicePort: 80
path: /
tls:
- hosts:
- xxx-test.infra.xxx.eu
secretName: pages-test-tls
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: oauth2-proxy
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: xxx-test.infra.xxx.eu
http:
paths:
- backend:
serviceName: oauth2-proxy
servicePort: 4180
path: /oauth2
tls:
- hosts:
- xxx-test.infra.xxx.eu
secretName: pages-test-tls
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: oauth2-proxy
name: oauth2-proxy
spec:
replicas: 1
selector:
matchLabels:
k8s-app: oauth2-proxy
template:
metadata:
labels:
k8s-app: oauth2-proxy
spec:
containers:
- args:
- --provider=gitlab
- --email-domain=*
- --http-address=0.0.0.0:4180
- --upstream=file:///dev/null
- -cookie-domain=.xxx-test.infra.xxx.eu
- -whitelist-domain=.xxx-test.infra.xxx.eu
# Register a new application
env:
- name: OAUTH2_PROXY_REDIRECT_URL
value: https://xxx-test.infra.xxx.eu/oauth2/auth
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: REDACTED
#- name: OAUTH2_PROXY_PASS_ACCESS_TOKEN
# value: "true"
- name: OAUTH2_PROXY_SET_AUTHORIZATION_HEADER
value: "true"
#- name: OAUTH2_PROXY_SET_AUTHREQUEST
# value: "true"
#- name: OAUTH2_PROXY_SKIP_PROVIDER_BUTTON
# value: "true"
- name: OAUTH2_PROXY_CLIENT_ID
value: REDACTED
- name: OAUTH2_PROXY_CLIENT_SECRET
value: REDACTED
- name: OAUTH2_PROXY_COOKIE_SECRET
value: REDACTED
image: quay.io/pusher/oauth2_proxy:latest
imagePullPolicy: Always
name: oauth2-proxy
ports:
- containerPort: 4180
protocol: TCP
from oauth2-proxy.
@ap1969 I had almost the same issue.
I'm using the oauth_proxy in a Kubernetes cluster, the issue was with the nginx-ingress-controller:
upstream sent too big header while reading response header from upstream,
I just had to increase the buffer size : https://andrewlock.net/fixing-nginx-upstream-sent-too-big-header-error-when-running-an-ingress-controller-in-kubernetes/
from oauth2-proxy.
Edit: My issue is that I was using http but never set the OAUTH2_PROXY_COOKIE_SECURE=false. After doing this it worked.
I have now deployed this properly and it's working!
--- Original
Same as @infinitydon above, there is NO cookie when redirected back to the OAuth2_proxy.
I checked in the logs and "inspected" in the browser.
I am working with a self hosted GitLab instance, which seems like that might be the case with @infinitydon too.
I see the below in the logs:
[AuthFailure] Invalid authentication via OAuth2: unable too obtain CSRF cookie
What does that mean?
from oauth2-proxy.
Hi,
I know this issue is old, but I'm seeing the same thing, so thought I'd:
A) Check if @loispostula got the issue resolved? And if so, can you share any details?
B) Provide some details for my own set up, where I'm trying pass the JWT from my OIDC provider to my upstream system.
I'm running oauth2_proxy on kubernetes, proxying requests to an Angular single-page app running in a different container based on the nginx:stable-alpine docker image.
I've tried a few setups, all of which correctly intercept the initial request, present the login page, redirect out to Auth0.com and return back to my URL. However:
WITHOUT AUTH HEADER, WITHOUT SECURE COOKIE
--http-address=0.0.0.0:4180 --cookie-httponly=false --cookie-name=_oauth2_proxy_cp --email-domain=\* --oidc-issuer-url=https://xxx.auth0.com/ --provider=oidc --proxy-prefix=/oauth2 --upstream=http://controlpanel --config=/etc/oauth2_proxy/oauth2_proxy.cfg
--pass-authorization-header=false --cookie-secure false
This redirects to the upstream app, but there is no auth header. Cookie exists.
WITH AUTH HEADER, WITHOUT SECURE COOKIE
--http-address=0.0.0.0:4180 --cookie-httponly=false --cookie-name=_oauth2_proxy_cp --email-domain=\* --oidc-issuer-url=https://xxx.auth0.com/ --provider=oidc --proxy-prefix=/oauth2 --upstream=http://controlpanel --config=/etc/oauth2_proxy/oauth2_proxy.cfg
--pass-authorization-header=true --cookie-secure false
This generates a 502 error. No cookie. Log entries are:
146.162.240.243 - - [02/May/2019:09:44:12 +0000] cp.dev.env.notifium.com GET - "/oauth2/callback?code=iQMzt5I1t75vxxx&state=xxxb97c24a6bcaf2136152131d1723%3A%2Fauth%2Flogin" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36" 302 34 0.312
2019/05/02 09:44:13 oauthproxy.go:745: 167.99.86.85:35596 ("146.162.240.243") authentication complete Session{email:[email protected] user: token:true id_token:true expires:2019-05-03 09:44:12.936531323 +0000 UTC m=+86440.405422668}
2019/05/02 09:44:13 oauthproxy.go:796: 167.99.86.85:35640 ("146.162.240.243") Cookie "_oauth2_proxy_cp" not present
WITH AUTH HEADER, WITH SECURE COOKIE
--http-address=0.0.0.0:4180 --cookie-httponly=false --cookie-name=_oauth2_proxy_cp --email-domain=\* --oidc-issuer-url=https://xxx.auth0.com/ --provider=oidc --proxy-prefix=/oauth2 --upstream=http://controlpanel --config=/etc/oauth2_proxy/oauth2_proxy.cfg
--pass-authorization-header=true --cookie-secure true
This generates a 502 error. No cookie. Log entries as above
WITHOUT AUTH HEADER, WITH SECURE COOKIE
--http-address=0.0.0.0:4180 --cookie-httponly=false --cookie-name=_oauth2_proxy_cp --email-domain=\* --oidc-issuer-url=https://xxx.auth0.com/ --provider=oidc --proxy-prefix=/oauth2 --upstream=http://controlpanel --config=/etc/oauth2_proxy/oauth2_proxy.cfg
--pass-authorization-header=false --cookie-secure true
This redirects to app, but no auth header. Cookie exists.
Between each test, I'm clearing all cookies, and the _csrf cookie is set when I am directed to the login page.
I've also tried all the above 4 cases with --set-authorization-header=true, and they all go to 502 page.
Any help would be REALLY appreciated!
Regards,
Andy
from oauth2-proxy.
Hi @ap1969, one thing I would recommend trying is to use the browser debug console to inspect the requests/responses from a login flow. One of the responses from the OAuth2 Proxy should have in it a set-cookie
header. Check the domain that this is being set on, I suspect it is not the one you want!
You can set the cookie domain explicitly using the --cookie-domain
flag 😀
from oauth2-proxy.
Hi Joel,
Thanks for getting back so quick.
I can see the set-cookie in the initial load when rendering the login page:
Set-Cookie: _oauth2_proxy_cp=; Path=/; Domain=cp.domain.com; Expires=Thu, 02 May 2019 10:37:16 GMT; Secure
Then on return to callback, there's an initial hit to /oauth2/callback, with a 308 redirect to what seems to the same URL, and that redirect has no set-cookie header.
Then the final /oauth2/callback request returns the 502 error, also with no set-cookie header.
Does that help?
Andy
from oauth2-proxy.
Hi Joel,
I've compiled a version of oauth2_proxy with some extra debugging lines in it, but I'm still stuck.
SaveSession() calls SetSessionCookie(), which is trying to write two cookies:
"_oauth2_proxy_0=eyJBY2Nlc3NUb2tlbiI6IjJIbVlsNG9tOVFWNGV0UzhkbjZMUDR2OUw3Q1hGTkpjaGZZSDFhRjllckV5UGcyNHNja0V3NWdwdzhnVlQzeUUiLCJJRFRva2VuIjoibG9aWlBnSFViU1NrTVJ3Wnd5dmcwK2h4UzA4SkJ2NEVYTEpzcnRXZTRUY01JdTF2SHlidW1JL0wyWlBreUR3THpHb2dpbExRaGFPWXZoWldETjlHSnpiOVh0dFByalJ1OFAxRDYyd2QwZ01XTlJPeU1YZkhMUkgzQVJYYzhEZDl2T1ptZUhxRzRONHRSRUNhSVVQRW9zU0p0QlFyallwbFNyTXdZNXR2VmZIRk9uTWJQYldEOGVYUGlBWGVLbm1OSk1oRFhSSkEzTTR2TnlxWlNCUTJmSlAwdnVjUTB4MmpxOUFnR1ZzT1lHMy9raW9XLzlFamQ0WmxQaWJMUEEyQVNkaHNmeFFOV1FnK1ZSN3VrWXBVempLU1FPOTJxSHhUMVBaTU5obzQzVWlqUUZWY01OYWx1bVpZYXBFVGNDRC9BdFc5dXp1Z294Q1B0QXBsTnBGK0V4Q3RQNTllU2N3YWVvRlZTaVlYTUxwTkdLTW51KzlyN1Flb2QxbGVGZUVnbDNHRUNXL3hWTVVNcGRVemVhQVpNWWN5TVNzT1ZORk56RlZWZFc2akQzM1kvTG1jUVpXVW5Rb0prRnhUaXFrUkVpZm8vR1V1RCsrTDd5TjdSRzFPY0tTUDhXbzI4dk1zd0NXdTMzY29sd3YveTdRL3JiUkNzL3hGR0RZSm1pN0lMOXZHdnI1aUl5RDRUclFReFRWa1NHdGpFK3dJekRrMzFsZHgvUUdHU1R0aXVxS1RyM2Q0N2dETXVHOTJoWUdTZisrMGQxZ28yRTVnS1RlZzFWb0NJcThld0svUDNIMlQvZWczbENwYVNNbitzQUJheWtVMEd2aHRrWmZXU20zRWhXTHN1WFd3c2k2V25zQUZDekt2RzNycWhZMTVkWFpyTWhoQ2N1OVVDVHRhY1cvWlZrMFQybXR4YmsyVFdkdzEvUmRCWEYxUWVnWkloWW1PTnVoZjdYdDk1dHE4NHBVYWM0SEZNK0lFWmJsN2l2NzZUYS9ORm9QTmwwYW8wSmttKzYxMDVranp1QnJMUnRjME9IZ3hZSXNHcmZtaHI3UHViU1EyU0VoVCsxanVsbGZwVFByUHNSaHNqallTQVhFYVlOT1RORnFZU1M3anBGakp6RFhrZ29tZ3o1cFlEbTlFY1RXcStlUlY3cUR2NGZUVEFYcVpXRWZpMHFOM3lmSUVMZGI3NlJFaWlrZ1Y4KzNzRWU1TU1wdEFlTWpiQXB0QXV0dXIzY1lZaDN6QzR3d3AwaGtxSUliUHpvQXZDRVNPTmNVTVBGMnZIY2grNnBRNUZVQU9EcHpTMndrNkFpMFUvbGx2Z004azNSa2prWWkwcmN1MkplMWhGZU5Oa1dzYU5OdDh2M0tzbXY5WUZFTjNxMUhoTXhZZWZUczBWOCtoWUpVZGdZalVhQnJHY20yT0xnTWZabXR5Q0RzRHhEb2RwYTRXM3l2SVBRcHNFYkR1cmgxMUoxZE5BejdXeWhtVGZTeENWNjVpL0hrRlViK0IzM0FNK0h6cHcwblF3cGtZTlVzVnFnZGliUEV2Vnp0ak5iZGpYMlF0WEhySzAyR2FyRzJBTDQwZEo2Ly8wK1FzbDlUMFF5T1pmRG9ZSDd5cjN5YlIxd1plbmFPT2ZFUG1pRjlCVXlhN2M2bnMvUmJ4bVhHTC9KbnJvdUZ3RmJyM2xIWVh5bnR3UDlBQU0rWStCaE5WTFJBRThSQzFuRDduSkZrM1lUckVBNHRLRFdYMElVM1FlRTZQdCtzWit6Q0k3aUNpcUNFYXlUNnJPbytUT1ZMcHNzYlZwaGpnY3BOeldk
MVhMZDJwTlE3L2lOd3I4Ky93MHdaMXZuc2U4Ykczd0R2Um1wWUZOVVJWZHphNkJxTVVRNXM1b1p5SndFYWpZdERhWEx5T09DN3ZLcThUTHNWSkE3Nk5mc1BnQmZjVEJyNk96NWVNbHp1VEo2eWxLK3FCQm9haEFpRFVMVHZsUkxKcnNUMDhSWm5EdElzSzVGVE90YXlLWHRvSWg2dzYyUVJZMkdkOEFKbDdPT01Gek9PcEl1bVdMc0JqbDVBWElzU1JuMDEyc00yRGpQeWVHYkM2OGNYUmtTR0UxS2xFMUlWb3Q4ajhDUUdOaVlpM0pBUWxGQ0FtNnZ0dUhpM2JXaUVMbk8yc08xSXhjRS9lVzlPS3MyY29odngzczdHbU04dHdMb21MZDh1ZDYrWjUvYklta09oQkN3cllTdFAyanNoVklpVnRMaHdhYzlrU241UmdUMmFDUks4RnZIaUsrWjRianlRZTBwUkVLQmNOaGxxdHQ2bktSVmlWMHE1R0lCSjFKOUtqelJZN1Y1Um9GcCsvN2RDdXh3VVhzTzBzem0yQjFIL25TOEtjOGZuTHRnaEx0U0J5NStWemZqcWFEbDRRMjkwckxmM0V4K3pWWjJpaG01VnpBNkdDT3dLVnRSRVdpUmJNWHZYR2dUaytkUGtsdkM4NFkrdlZCVTBwbUhJVUd4SERGM0JnVDdoZXB4QTh5emR2NGFKY3Z1Q3A0aGJUUVpndTFXazlpZHFWNWZCcHU0OVZsOTE3QUdwMlRTcy9LMnJEQkhMRmtndDdwRnRrSW9JVnV6K0RFczc3azBIN0ZqUGRwc0NNNURLc1dRYVBXb3NaZjhzT29SdjJrYSszUnJ4c01qWklvenhBNFc0eGxXSG9zVElUYVB6QjZUaXhyendGQk8raElHTkdGaGVXeWtzUnBtNGdXSjltUWVqQ3YyTy8vbXZBSG5CbmYrRVEwS3krS2J6OEo2MzZCQXp1NjZMdHY3WmRZdm5iN2lEK0FlemgvUFRSTU1aUnIxZlpRMVZ5NDQvdW9PN1dSWU1QT05Xa3VPcWlFVnhYL0JKV0JrREYySTRvbGRoUGo5SkFzY2taSERoYXlUMXVRWU42QTFadTlCeVpQWVFpN3YweXI3WEpOcVJueHJ6b01VclZIZ3doeUxMWFhwMVFEdVlPMmlSaSt1d3B3MXVpZDBhcWlLNlYvV2hTdm41YWppS2I3dEliSU91NHJrMEpYSHRZZmNqMWJPdFZkc1YwZTZ5QnVrOU5hWEJDVytITHVzdWNCYVVScGlVS2ZpL3BqOXlLdHRiRGlsREIyZE52UjErbzFveVdWdm5kSDdGa0FsZTM4eS9XWm9RUVN2clI5TDVmdjRLb0dZcHRYaW9POWhHajN2SnZkTmZOd1pxQmNjcTRZZWt3dWpXZEQ4Z3hSZ0RMOVZnZFA0aGhIYzNWVTBvNGxheEZzMHdNazl4VDVFY0xVSEtDY3JDZHlPS3ZzanUvQ1dIWk5Ma0lrZWJjdnF6MElpQWhmWklYTENEM1ZKQlRuaGZEa3NlamFqTEdiWHBSa0l0eGFtUjIxTjBlMDNhem50Z1NVSHZ5ZGJoSnFJMldHQlVXTG1CNzNidXRPZGlPZDY1WXRkTTZrYnlWeERJUE53UmhKOGJLMnJOaFRxUEM4R2p4aTRRM1Q0MUtBa3RnSk9vMWFCZWF4QndiL3QzS1gra0J2WXZwN2FPTkZGd1AzUU9nd2ozTUNhMlFLWGxncTd4RGpLdkNZbjdPR1dicG1vQ1J6UDFBOEhNaWkxMFgvRVdIZ08vRno5Q2NuV2p1aHF1Ty9ub2tGenI1UzNaWkhuRjFZZ1ZXZHBZN1doK3dwd2Y5aTFLN2JWNWhFVVBnelF5a1hNb0d0SW15cThO; Path=/; Expires=Fri, 10 May 2019 13:58:52 GMT"
and
"_oauth2_proxy_1=cUxzaHAyYmp5Sm8yanVCSnhUODNSVllZMnBVdll0dGY1RStWRmFNTGd3eEtKM3RjclY3R0JNeXMyZ2xXdFBBQ1doNytmWGFSR1lrQUF6S09YU2tOYmRPTlBsMzdzK3VBcWpPSm5xby9SV1Y1Nm5KZUhSZFhYM04xODk5bDhLWWZtb2k3Mkt1RXNtUk8yN1Rua2p3a2t5eHJSTTRIS1FDTXFad2l4VTAzck8rYXYvU2hLb0UrWFk1dEcvRzlRbEpLckY2bjM0clg1ZjBqU1J1VzZ4eU9VeEkyeWhaN24yMzNaTjJBUU01NnFpVVB2MjAxR3ZwQzltY1hRd1ZjSVVlN1JHWjhqcmhManYzNGorOWErMlpYOHNMaTBycWhtRFl2amIvRFZHeGdsT0hwWG1NUnFBWWhSMFQ3cXpHcUtqRU9makRKaXZoK294dlU1ZXFMN0k5UmwvbE5taThsMWZpaFBncEhlNFhwOERnaWNMWlNMeFc5clBmaU1SL2M3WWJxazl0K2FmN3hTNXMxWE1aSW9uQ0lwWmFOR3JzaGt4VFRPa2VLWXRqWDlERExGRmxaaVNES2lOK0NDNWdGRFRzVmc5UkswSkduUGRxL2ZEbXJDY043VlE5VmRnb1h1MXdmRTlDbEtGM3JqVVdZWlU0Szd6bUpyaVFFOE5QTFBtRnhUS29xRUxma0NBUnlXeUJ2cnM3MkRxcTF0RWdVR0xmRkVZajduUFI1Z1pQK2ExNGgyNTJKWVZadWcwUjBBWE1aY0VEcE5GK0ZhZ25kZlpJRXFxaTVzQkFhTVpXVEd4R3U1L3c9PSIsIkVtYWlsIjoiU2tQQ1JucGpmQ3Q0UWhUbjBxdkpOdmg1VWNnQ2ZMZlFBNVBxaUNrUm1PUy9UeVhsK050WVZhczVKZz09IiwiRXhwaXJlc09uIjoiMjAxOS0wNS0wNFQxMzo1ODo1Mi45Mzg2MjEyMjRaIn0=|1556891932|98JRJQmNFB2iwPZ3Tqh_X7EojtA=; Path=/; Expires=Fri, 10 May 2019 13:58:52 GMT"
However, neither of those actually seem to be set in the browser, which is odd as the next line in SetSessionCookie is http.SetCookie(rw, c), which should work just fine as it's the core http module, if I understand correctly (I'm new to Go).
And I'm definitely not able to find any set-cookie headers in the request to oauth2_proxy's /callback.
Any thoughts?
from oauth2-proxy.
OK, I'm making some progress. I see from the nginx conf example, when using --set-authorization-header flag, some provider's cookies can exceed the 4kb, so that explains the output in the code above.
However, I'm still not setting the cookie headers.
from oauth2-proxy.
And I'm definitely not able to find any set-cookie headers in the request to oauth2_proxy's /callback.
Just to double check you mean the response here rather than the request? Do you have the --cookie-domain
flag set? If not could you try it with this set?
Could you please also supply your complete configuration including the config file and flags? (redacting any sensitive information of course)
Could you also supply a snippet of the logs you get when you are trying this?
from oauth2-proxy.
Could you also try running a build from the latest master please?
from oauth2-proxy.
@infinitydon why do some of the args you are passing to oauth2_proxy
start with 2 hyphens, and others 1 hyphen?
- args:
- --provider=gitlab
- --email-domain=*
- --http-address=0.0.0.0:4180
- --upstream=file:///dev/null
- -cookie-domain=.xxx-test.infra.xxx.eu
- -whitelist-domain=.xxx-test.infra.xxx.eu
According to the oauth2_proxy --help
, all arguments use a single hyphen (-
)
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
Related Issues (20)
- [Bug]: Redirect after second google login to home page not working
- [Support]: 401 Authorization Required even finished authentication HOT 1
- [Feature]: use username (or any other attribute from the provider) in basic auth header instead of the ID
- [Feature]: JWT validation only mode HOT 8
- [Bug]: An invalid redirect to a non-whitelisted domain creates a valid session cookie after redirecting to "/"
- Pass bearer token to the backend with nginx
- [Support]: Multi-Domain Forward-Auth with Traefik/k3s
- [Feature]: [Azure] Support certificate-based flow for requesting access token HOT 1
- [Feature]: Support for dry-run
- [Support]: failed to verify id token signature
- [Bug]: Setting `proxy-prefix` in helm seems to break login
- [Bug]: Azure provider: problem with ProfileURL/ userInfoURL (duplicate of closed issue #2162 )
- [Support]: <Keycloak-OIDC failed> HOT 1
- [Bug]: GitHub private repo check throwing 500 instead of 403 when user does not have access
- [Bug]: Keycloak OIDC Provider Multiple Calls to Fetch Keys to Verify JWT in Auth Header
- [Support]: Add scope field inside bearer token
- [Support]: How to configure oauth2 with kubernetes HOT 1
- Trying to implement simple Oauth2-proxy/nginx configuration HOT 3
- [Bug]: wait-for-redis fails to detect redis with default image HOT 3
- [Support]: Connection refused to Keycloak instance running in the separate container
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.