|
1 | | -## Google Auth Proxy Config File |
2 | | -## https://github.com/bitly/google_auth_proxy |
| 1 | +## OAuth2 Proxy Config File |
| 2 | +## https://github.com/bitly/oauth2_proxy |
3 | 3 |
|
4 | 4 | ## <addr>:<port> to listen on for HTTP clients |
5 | 5 | # http_address = "127.0.0.1:4180" |
|
22 | 22 | ## when disabled the upstream Host is used as the Host Header |
23 | 23 | # pass_host_header = true |
24 | 24 |
|
25 | | -## Google Apps Domains to allow authentication for |
| 25 | +## Email Domains to allow authentication for (this whitelists any email on this domain) |
26 | 26 | # google_apps_domains = [ |
27 | 27 | # "yourcompany.com" |
28 | 28 | # ] |
29 | 29 |
|
30 | | - |
31 | | -## The Google OAuth Client ID, Secret |
| 30 | +## The OAuth Client ID, Secret |
32 | 31 | # client_id = "123456.apps.googleusercontent.com" |
33 | 32 | # client_secret = "" |
34 | 33 |
|
| 34 | +## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token" |
| 35 | +# pass_access_token = false |
| 36 | + |
35 | 37 | ## Authenticated Email Addresses File (one email per line) |
36 | 38 | # authenticated_emails_file = "" |
37 | 39 |
|
|
44 | 46 | ## optional directory with custom sign_in.html and error.html |
45 | 47 | # custom_templates_dir = "" |
46 | 48 |
|
47 | | - |
48 | 49 | ## Cookie Settings |
49 | 50 | ## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes |
50 | | -## for use with an AES cipher when cookie_refresh or pass_access_code |
| 51 | +## for use with an AES cipher when cookie_refresh or pass_access_token |
51 | 52 | ## is set |
52 | | -## Domain - optional cookie domain to force cookies to (ie: .yourcompany.com) |
53 | | -## Expire - expire timeframe for cookie |
54 | | -## Refresh - refresh the cookie when less than this much time remains before |
55 | | -## expiration; should be less than cookie_expire; set to 0 to disable |
| 53 | +## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com) |
| 54 | +## Expire - (duration) expire timeframe for cookie |
| 55 | +## Refresh - (duration) refresh the cookie when less than this much time remains before |
| 56 | +## expiration; should be less than cookie_expire; set to 0 to disable. |
| 57 | +## Refresh revalidated the OAuth token to ensure it is still valid. ie: 24h |
| 58 | +## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended) |
| 59 | +## HttpOnly - httponly cookies are not readable by javascript (recommended) |
56 | 60 | # cookie_secret = "" |
57 | 61 | # cookie_domain = "" |
58 | 62 | # cookie_expire = "168h" |
59 | | -# cookie_refresh = "144h" |
| 63 | +# cookie_refresh = "" |
60 | 64 | # cookie_secure = true |
61 | 65 | # cookie_httponly = true |
62 | | -# pass_access_code = true |
|
0 commit comments