You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
And as of the --reverse-proxy option, that should be sufficient:
X-Forwarded-{Proto,Host,Uri}
Current Behaviour
The information on that endpoint to compare against the to be skipped expressions is just the X-Forwarded-Uri header.
See isAllowedPath in oauthproxy.go:578 and GetRequestURI in util.go:38.
As an effect, oauth2-proxy cannot check if the request URL given in X-Forwarded-* has a match in the skip-auth regexes.
Steps To Reproduce
Parametrise oauth2-proxy with params --reverse-proxy --skip-auth-regex '.well-known/home$'
curl localhost/.well-known/home <-- not passing through, redirected to identity provider
Possible Solutions
At least give a more explicit hint in the docs or use the common proxy headers and build the requesting URL from them.
OAuth2-Proxy Version
7.6.0
Provider
oidc
Expected Behaviour
In my kubernetes/nginx-ingress setup oauth2-proxy is used as auth-url endpoint. The nginx config forwards proxy headers to the oauth2-proxy:
And as of the
--reverse-proxy
option, that should be sufficient:Current Behaviour
The information on that endpoint to compare against the to be skipped expressions is just the X-Forwarded-Uri header.
See
isAllowedPath
inoauthproxy.go:578
andGetRequestURI
inutil.go:38
.As an effect, oauth2-proxy cannot check if the request URL given in X-Forwarded-* has a match in the skip-auth regexes.
Steps To Reproduce
--reverse-proxy --skip-auth-regex '.well-known/home$'
curl localhost/.well-known/home
<-- not passing through, redirected to identity providerPossible Solutions
At least give a more explicit hint in the docs or use the common proxy headers and build the requesting URL from them.
Configuration details or additional information
No response
The text was updated successfully, but these errors were encountered: