MCPcopy
hub / github.com/oauth2-proxy/oauth2-proxy

github.com/oauth2-proxy/oauth2-proxy @v7.15.3 sqlite

repository ↗ · DeepWiki ↗ · release v7.15.3 ↗
1,632 symbols 6,609 edges 241 files 711 documented · 44%
README

Continuous Integration Go Report Card GoDoc MIT licensed Maintainability Code Coverage OpenSSF Scorecard OpenSSF Best Practices FOSSA Status

OAuth2 Proxy

OAuth2 Proxy is a flexible, open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. It provides a simple and secure way to protect your web applications with OAuth2 / OIDC authentication. As a reverse proxy, it intercepts requests to your application and redirects users to an OAuth2 provider for authentication. As a middleware, it can be seamlessly integrated into your existing infrastructure to handle authentication for multiple applications.

OAuth2 Proxy supports a lot of OAuth2 as well as OIDC providers. Either through a generic OIDC client or a specific implementation for Google, Microsoft Entra ID, GitHub, login.gov and others. Through specialised provider implementations oauth2-proxy can extract more details about the user like preferred usernames and groups. Those details can then be forwarded as HTTP headers to your upstream applications.

Simplified Architecture

Get Started

OAuth2 Proxy's Installation Docs cover how to install and configure your setup. Additionally you can take a further look at the example setup files.

Releases

Binaries

We publish oauth2-proxy as compiled binaries on GitHub for all major architectures as well as more exotic ones like ppc64le as well as s390x.

Check out the latest release.

Images

From v7.6.0 and up the base image has been changed from Alpine to GoogleContainerTools/distroless. This image comes with even fewer installed dependencies and thus should improve security. The image therefore is also slightly smaller than Alpine. For debugging purposes (and those who really need it. e.g. armv6) we still provide images based on Alpine. The tags of these images are suffixed with -alpine.

Since 2023-11-18 we build nightly images directly from the master branch and provide them at quay.io/oauth2-proxy/oauth2-proxy-nightly. These images are considered unstable and therefore should NOT be used for production purposes unless you know what you're doing.

Sponsors

Would you like to sponsor the project then please contact us at sponsors@oauth2-proxy.dev

SAP

SAP Open Source Program

Former Sponsors

Microsoft

Microsoft Azure credits for open source projects

Getting Involved

Slack

Join the #oauth2-proxy Slack channel to chat with other users of oauth2-proxy or reach out to the maintainers directly. Use the public invite link to get an invite for the Gopher Slack space.

OAuth2 Proxy is a community-driven project. We rely on the contribut️ions of our users to continually improve it. While review times can vary, we appreciate your patience and understanding. As a volunteer-driven project, we strive to keep this project stable and might take longer to merge changes.

If you want to contribute to the project. Please see our Contributing guide.

Thanks to all the people who already contributed ❤

Made with contrib.rocks.

Security

If you believe you have found a vulnerability within OAuth2 Proxy or any of its dependencies, please do NOT open an issue or PR on GitHub, please do NOT post any details publicly.

Security disclosures MUST be done in private. If you have found an issue that you would like to bring to the attention of the maintainers, please compose an email and send it to the list of people listed in our MAINTAINERS.md file.

For more details read our full Security Docs

Security Notice for v6.0.0 and older

If you are running a version older than v6.0.0 we strongly recommend to the current version.

See open redirect vulnerability for details.

Repository History

2018-11-27: This repository was forked from bitly/OAuth2_Proxy. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the CHANGELOG.

2020-03-29: This project was formerly hosted as pusher/oauth2_proxy but has been renamed to oauth2-proxy/oauth2-proxy. Going forward, all images shall be available at quay.io/oauth2-proxy/oauth2-proxy and binaries will be named oauth2-proxy.

Code of Conduct

Participation in the OAuth2 Proxy project is governed by the CNCF Code of Conduct.

License

OAuth2 Proxy is distributed under The MIT License.

FOSSA Status

Trademarks

OAuth2 Proxy is a Cloud Native Computing Foundation Sandbox project.

CNCF

The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.

Extension points exported contracts — how you extend this code

Verifiable (Interface)
Verifiable an interface for an object that has a connection to external data source and exports a function to validate t [6 …
pkg/middleware/readynesscheck.go
SessionStore (Interface)
SessionStore is an interface to storing user sessions in the proxy [5 implementers]
pkg/apis/sessions/interfaces.go
Server (Interface)
Server represents an HTTP or HTTPS server. [4 implementers]
pkg/proxyhttp/server.go
Cipher (Interface)
Cipher provides methods to encrypt and decrypt [3 implementers]
pkg/encryption/cipher.go
Store (Interface)
Store is used for persistent session stores (IE not Cookie) Implementing this interface allows it to easily use the pers [2 …
pkg/sessions/persistence/interfaces.go
IDTokenVerifier (Interface)
idTokenVerifier allows an ID Token to be verified against the issue and provided keys. [2 implementers]
pkg/providers/oidc/verifier.go
Provider (Interface)
Provider represents an upstream identity provider implementation [1 implementers]
providers/providers.go
Result (Interface)
Result is the result of a request created by a Builder [1 implementers]
pkg/requests/result.go

Core symbols most depended-on inside this repo

String
called by 332
pkg/apis/sessions/session_state.go
To
called by 189
pkg/util/ptr/ptr.go
Data
called by 136
providers/providers.go
Close
called by 122
pkg/sessions/redis/redis_store_tls_test.go
Get
called by 108
pkg/sessions/redis/client.go
WriteHeader
called by 103
pkg/middleware/request_logger.go
Error
called by 103
pkg/requests/result.go
Write
called by 78
pkg/middleware/request_logger.go

Shape

Function 783
Method 527
Struct 274
Interface 25
FuncType 14
TypeAlias 9

Languages

Go100%

Modules by API surface

oauthproxy_test.go109 symbols
oauthproxy.go55 symbols
pkg/logger/logger.go52 symbols
pkg/cookies/csrf.go32 symbols
providers/github.go28 symbols
providers/github_test.go27 symbols
pkg/apis/options/legacy_options.go26 symbols
pkg/sessions/redis/client.go20 symbols
pkg/middleware/stored_session_test.go20 symbols
pkg/apis/options/providers.go20 symbols
pkg/providers/oidc/provider_verifier.go19 symbols
pkg/authentication/hmacauth/hmacauth_test.go19 symbols

Dependencies from manifests, versioned

cloud.google.com/go/authv0.20.0 · 1×
cloud.google.com/go/auth/oauth2adaptv0.2.8 · 1×
cloud.google.com/go/compute/metadatav0.9.0 · 1×
github.com/Bose/minisentinelv0.0.0-2020013022041 · 1×
github.com/Masterminds/semver/v3v3.5.0 · 1×
github.com/a8m/envsubstv1.4.3 · 1×
github.com/alicebob/miniredis/v2v2.38.0 · 1×
github.com/beorn7/perksv1.0.1 · 1×
github.com/bitly/go-simplejsonv0.5.1 · 1×
github.com/bsm/redislockv0.10.0 · 1×
github.com/cespare/xxhash/v2v2.3.0 · 1×
github.com/coreos/go-oidc/v3v3.18.0 · 1×

For agents

$ claude mcp add oauth2-proxy \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact