oauth2_proxy configured with oidc provider quietly does not sign in about oauth2-proxy HOT 4 CLOSED

Hey @Ghazgkull,

I appreciate our Documentation currently sucks, I have a personal project on-going in which I hope to improve the situation of our documentation but it may take some time before that is done. Please bear with us!

It looks to me like the problem you are having is that the proxy-prefix isn't being honoured when redirecting to start by the start button, GET - "/oauth2/start?rd=%2F" should be GET - "/logs/oauth2/start?rd=%2F" right?

from oauth2-proxy.

@JoelSpeed Yes, the proxy-prefix setting was the issue. Or rather, my interpretation of how it should behave.

I expected that proxy-prefix is a way for me to configure the proxy path that oauth2_proxy is behind. I expected that oauth2_proxy would prepend proxy-prefix to any paths it gives out. But I didn't expect proxy-prefix to affect the route handling within oauth2_proxy itself. I realize now that proxy-prefix really just means path-prefix and it's a way to tell oauth2-proxy what paths to expect.

Armed with this new understanding, I was able to get oauth2_proxy to start working with my OIDC provider (Okta).

I would really like a way to tell oauth2_proxy that it's behind another proxy, though, the same way I can configure Kibana with what they call server.basePath. It would allow to more seamlessly add oauth2_proxy to setups like mine where I'm doing path-based routing to a particular microservice behind a single hostname and I want oauth2_proxy to provide authorization just for that route. In my example, I want to route the public path /logs to oauth2_proxy using URL re-writing to remove the /logs prefix of the path before it ever gets to the proxy. So oauth2_proxy would receive traffic at its default routes. But any time it handed out a URL (like on the signup page), it would have to prepend `/logs.

from oauth2-proxy.

@Ghazgkull do you remember how you got it to work in the end We are also using a proxy (ambassador) in front of the oauth2 proxy.

when we go through Ambassador to reach /dashboard, we redirect to oauth2_proxy but the /dashboard is always kept...

from oauth2-proxy.

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

from oauth2-proxy.