[Support]: authenticated_emails_file per request? about oauth2-proxy HOT 4 CLOSED

For testing i implemented something in nginx to achieve this:

map $email $conditional_access {
    default "/forbidden";
    "[email protected]" "@proxy";
}


    location /forbidden {
        return 403;
    }


    location / {
       # oauth-proxy stuff here

        try_files "" $conditional_access;
    }

    location @proxy {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;

        set $upstream_app backend_server;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }

from oauth2-proxy.

No this is not possible. You will have to deploy multiple instances of oauth2-proxy. Each with another email file. It would be a huge security risk exposing this functionality, this way a malicious user could overwrite which email auth file to use just by setting it in the query parameters.

from oauth2-proxy.

If you have so many users and roles that you even need to think about separating them into different files on a path / endpoint level. I would recommend to you to start using keycloak or something similar with user federation to Google and do user grouping / mapping with a proper identity management tool.

from oauth2-proxy.

Thanks. Currently have a couple of users only. Might look into keycloak in the future, looks more scalable and interesting to learn.

from oauth2-proxy.