diff --git a/.travis.yml b/.travis.yml
index c0db4d087..8c830da6d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,7 @@
language: go
go:
- 1.7.5
- - 1.8
+ - 1.8.1
script:
- curl -s https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm > gpm
- chmod +x gpm
diff --git a/README.md b/README.md
index 68a8138a3..be73f3639 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,6 @@
oauth2_proxy
=================
-(This project was renamed from Google Auth Proxy - May 2015)
-
A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others)
to validate accounts by email, domain or group.
@@ -17,7 +15,7 @@ to validate accounts by email, domain or group.
## Installation
-1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.1`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
+1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.2`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
2. Select a Provider and Register an OAuth Application with a Provider
3. Configure OAuth2 Proxy using config file, command line options, or environment variables
4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
@@ -159,54 +157,56 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i
```
Usage of oauth2_proxy:
- -approval-prompt="force": Oauth approval_prompt
- -authenticated-emails-file="": authenticate against emails via file (one per line)
- -azure-tenant="common": go to a tenant-specific or common (tenant-independent) endpoint.
- -basic-auth-password="": the password to set when passing the HTTP Basic Auth header
- -client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
- -client-secret="": the OAuth Client Secret
- -config="": path to config file
- -cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)*
- -cookie-expire=168h0m0s: expire timeframe for cookie
- -cookie-httponly=true: set HttpOnly cookie flag
- -cookie-name="_oauth2_proxy": the name of the cookie that the oauth_proxy creates
- -cookie-refresh=0: refresh the cookie after this duration; 0 to disable
- -cookie-secret="": the seed string for secure cookies
- -cookie-secure=true: set secure (HTTPS) cookie flag
- -custom-templates-dir="": path to custom html templates
- -display-htpasswd-form=true: display username / password login form if an htpasswd file is provided
- -email-domain=: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
- -github-org="": restrict logins to members of this organisation
- -github-team="": restrict logins to members of this team
- -google-admin-email="": the google admin to impersonate for api calls
- -google-group=: restrict logins to members of this google group (may be given multiple times).
- -google-service-account-json="": the path to the service account json credentials
- -htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
- -http-address="127.0.0.1:4180": [http://]: or unix:// to listen on for HTTP clients
- -https-address=":443": : to listen on for HTTPS clients
- -login-url="": Authentication endpoint
- -pass-access-token=false: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
- -pass-basic-auth=true: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
- -pass-user-headers=true: pass X-Forwarded-User and X-Forwarded-Email information to upstream
- -pass-host-header=true: pass the request Host Header to upstream
- -profile-url="": Profile access endpoint
- -provider="google": OAuth provider
- -proxy-prefix="/oauth2": the url root path that this proxy should be nested under (e.g. //sign_in)
- -redeem-url="": Token redemption endpoint
- -redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
- -resource="": the resource that is being protected. ie: "https://graph.windows.net". Currently only used in the Azure provider.
- -request-logging=true: Log requests to stdout
- -scope="": Oauth scope specification
- -signature-key="": GAP-Signature request signature key (algorithm:secretkey)
- -skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times)
- -skip-auth-preflight=false: bypass authentication for OPTIONAL requests so preflight requests could succeed when using CORS
- -skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start
+ -approval-prompt string: OAuth approval_prompt (default "force")
+ -authenticated-emails-file string: authenticate against emails via file (one per line)
+ -azure-tenant string: go to a tenant-specific or common (tenant-independent) endpoint. (default "common")
+ -basic-auth-password string: the password to set when passing the HTTP Basic Auth header
+ -client-id string: the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
+ -client-secret string: the OAuth Client Secret
+ -config string: path to config file
+ -cookie-domain string: an optional cookie domain to force cookies to (ie: .yourcompany.com)*
+ -cookie-expire duration: expire timeframe for cookie (default 168h0m0s)
+ -cookie-httponly: set HttpOnly cookie flag (default true)
+ -cookie-name string: the name of the cookie that the oauth_proxy creates (default "_oauth2_proxy")
+ -cookie-refresh duration: refresh the cookie after this duration; 0 to disable
+ -cookie-secret string: the seed string for secure cookies (optionally base64 encoded)
+ -cookie-secure: set secure (HTTPS) cookie flag (default true)
+ -custom-templates-dir string: path to custom html templates
+ -display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
+ -email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
+ -footer string: custom footer string. Use "-" to disable default footer.
+ -github-org string: restrict logins to members of this organisation
+ -github-team string: restrict logins to members of this team
+ -google-admin-email string: the google admin to impersonate for api calls
+ -google-group value: restrict logins to members of this google group (may be given multiple times).
+ -google-service-account-json string: the path to the service account json credentials
+ -htpasswd-file string: additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
+ -http-address string: [http://]: or unix:// to listen on for HTTP clients (default "127.0.0.1:4180")
+ -https-address string: : to listen on for HTTPS clients (default ":443")
+ -login-url string: Authentication endpoint
+ -pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
+ -pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
+ -pass-host-header: pass the request Host Header to upstream (default true)
+ -pass-user-headers: pass X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
+ -profile-url string: Profile access endpoint
+ -provider string: OAuth provider (default "google")
+ -proxy-prefix string: the url root path that this proxy should be nested under (e.g. //sign_in) (default "/oauth2")
+ -redeem-url string: Token redemption endpoint
+ -redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
+ -request-logging: Log requests to stdout (default true)
+ -resource string: The resource that is protected (Azure AD only)
+ -scope string: OAuth scope specification
+ -set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
+ -signature-key string: GAP-Signature request signature key (algorithm:secretkey)
+ -skip-auth-preflight: will skip authentication for OPTIONS requests
+ -skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)
+ -skip-provider-button: will skip sign-in-page to directly reach the next step: oauth/start
-ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
- -tls-cert="": path to certificate file
- -tls-key="": path to private key file
- -upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
- -validate-url="": Access token validation endpoint
- -version=false: print version string
+ -tls-cert string: path to certificate file
+ -tls-key string: path to private key file
+ -upstream value: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
+ -validate-url string: Access token validation endpoint
+ -version: print version string
```
See below for provider specific options
diff --git a/version.go b/version.go
index 954119fdc..b6074ba4c 100644
--- a/version.go
+++ b/version.go
@@ -1,3 +1,3 @@
package main
-const VERSION = "2.2.0-alpha"
+const VERSION = "2.2.0"