[Support]: Can not get X-Auth-Request-Email and X-Auth-Request-User

[gsnable]

OAuth2-Proxy Version

7.6

Provider

gitlab

Current Behaviour of your Problem

We are using gitlab provider along with oauth2 proxy and nginx.Authentication is successful but we are not able to get X-Auth-Request-Email and X-Auth-Request-User from response header.Oauth2-proxy is running in a docker container.
Here is the architecture.

user
|
v
nginx ----> oauth2-proxy
|
v
upstream

I have been trying to find the cause of the problem from previous issues, and have tried many times, but all failed.Thanks for your help!

Configuration details or additional information

docker-compose.yml

version: "3.7"
services:
  oauth2-proxy:
    image: quay.io/oauth2-proxy/oauth2-proxy
    container_name: oauth2
    restart: always
    command: --config /oauth2-proxy.cfg
    ports:
      - 8180:4180
    volumes:
      - "oauth2-proxy-nginx.cfg:/oauth2-proxy.cfg"
    network_mode: "host"

oauth2-proxy-nginx.cfg

http_address="0.0.0.0:8180"
cookie_secret="..."
provider="gitlab"
email_domains="*"
client_id="..."
client_secret="..."
cookie_secure=false
whitelist_domains=".mydomain.com"
redirect_url="https://www.mydomain.com/oauth2/callback"
oidc_issuer_url = "https://git.mydomain.com"

reverse_proxy=true
upstreams=["static://202"]

pass_basic_auth = true

pass_user_headers = true
pass_authorization_header = true
pass_access_token = true

#behind nginx
set_authorization_header = true
set_xauthrequest = true

ssl_insecure_skip_verify=true

standard_logging =true
auth_logging=true
request_logging=true

nginx config

upstream oauth {
    server 127.0.0.1:8180;
}
upstream backend_server {
    server 127.0.0.1:8003;
}
server {
    listen 443 ssl http2;
    server_name www.mydomain.com;
    ssl_certificate /etc/nginx/cert/cert.cer;
    ssl_certificate_key /etc/nginx/cert/cert.key;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security max-age=31536000;
  
    location / {
      root /www;
    }

    location /oauth2/ {
    proxy_pass http://oauth;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
  }

  location /oauth2/auth {
    proxy_pass http://oauth;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header Content-Length   "";
    proxy_pass_request_body off;
    add_header X-Test "testvalue";
  }

  location /ide/ {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/sign_in?rd=https://$host$request_uri;

    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;
    # if you enabled --pass-access-token, this will pass the token to the backend
    # auth_request_set $token  $upstream_http_x_auth_request_access_token;
    # proxy_set_header X-Access-Token $token;
    auth_request_set $token $upstream_http_authorization;
    proxy_set_header Authorization $token;

    # just test
    add_header "X-Test1" "test1";
    auth_request_set $test $upstream_http_x_test;
    auth_request_set $test2 $upstream_status;
    add_header X-Test $test;
    add_header X-Test2 $test2;

    proxy_pass http://backend_server/;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection upgrade;
    proxy_set_header Accept-Encoding gzip;
  }

For testing purposes, I added a few lines of code to the nginx configuration, but I can only see below in the response headers of /ide.
X-Test1:test1 X-Test2:202
There is no X-User or X-Email.

This is part of the oauth2-proxy log.
oauth2 | 10.70.21.120 - 1e4c975f-88c0-4ba4-a4c5-2202d690fe9b - [email protected] [2024/04/01 03:09:02] [AuthSuccess] Authenticated via OAuth2: Session{email:[email protected] user:12345678 PreferredUsername: token:true id_token:true created:2024-04-01 03:09:02.9017934 +0000 UTC m=+161.767625176 expires:2024-04-01 04:23:28.811716347 +0000 UTC m=+4627.677548123 refresh_token:true}

Steps To Reproduce

1.run oauth2-proxy
2.run nginx
3.open chrome and open https://www.mydomain.com/ide
4.click 'Sign in with GitLab' and redirect https://git.mydomain.com/users/sign_in
5.enter name and password and click Login
6 press F12,check"Network-->Name: ide/ -->Headers -->Response Headers"

[github-actions]

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.