Comments (5)
code-and-such
commented on June 2, 2024
After reading the tickets involved I must confess I do not really understand whether token refresh is completely broken, or it's just some aspect of it that do not work properly/according to spec. I assume the latter
We do have problems with our Cognito/Oauth2-proxy setup, and I thought it might have had to do with this, but it might as well be misaligned cookie expire/refresh values, which we now modified (and we are now waiting for user feedback)
But it would be nice to get some kind of clarification if token refreshing works in most cases?
from oauth2-proxy.
xXluki98Xx
commented on June 2, 2024
Hi, I had the same/similar Problem.
I am using Zitadel as IdP and want Oauth2Proxy as Middleware.
tl;dr: The Session Refresh Handling seems to be broken if you use only cookie. I added Redis for session handling and it works.
But I am not sure if its a solution for your situation.
from oauth2-proxy.
devildant
commented on June 2, 2024
Hi, I had the same/similar Problem.
I am using Zitadel as IdP and want Oauth2Proxy as Middleware.
tl;dr: The Session Refresh Handling seems to be broken if you use only cookie. I added Redis for session handling and it works.
But I am not sure if its a solution for your situation.
Interesting, could you tell me more? you mount a docker container redis that you have link to oauth2_proxy? Do you have an example configuration? ;)
from oauth2-proxy.
xXluki98Xx
commented on June 2, 2024
sure:
please note that is using the keydb, but i found that it does currently not run on amd cpus.
compose.yml:
...
oauth-cache:
# image: redis:6.2-alpine
image: eqalpha/keydb:latest
restart: always
networks:
- localdev
ports:
- '6379:6379'
command:
- keydb-server
- --save 20 1
- --loglevel warning
oauth2proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
restart: unless-stopped
networks:
- localdev
depends_on:
- oauth-cache
ports:
- 4180:4180
volumes:
- ./oauth2proxy.config:/etc/config.cfg
command: >
--config "/etc/config.cfg"
oauth2proxy.config:
...
# session handling
session_store_type="redis"
redis_connection_url = "redis://oauth-cache:6379/0"
cookie_refresh = "30m"
cookie_expire = "24h"
from oauth2-proxy.
devildant
commented on June 2, 2024
sure:
please note that is using the keydb, but i found that it does currently not run on amd cpus.
compose.yml:
... oauth-cache: # image: redis:6.2-alpine image: eqalpha/keydb:latest restart: always networks: - localdev ports: - '6379:6379' command: - keydb-server - --save 20 1 - --loglevel warning oauth2proxy: image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 restart: unless-stopped networks: - localdev depends_on: - oauth-cache ports: - 4180:4180 volumes: - ./oauth2proxy.config:/etc/config.cfg command: > --config "/etc/config.cfg"oauth2proxy.config:
... # session handling session_store_type="redis" redis_connection_url = "redis://oauth-cache:6379/0" cookie_refresh = "30m" cookie_expire = "24h"
perfect, I also wanted to use keydb instead of redis, that's good :)
Thx a lot
from oauth2-proxy.
Related Issues (20)
- [Support]: nginx + oauth2-proxy, logout configuration
- [Feature]: options for add files in /oauth2/static/ HOT 4
- [Feature]: Guides for rauthy and/or authelia
- [Bug]: Unable to use hyphen in JSON path for oidc-groups-claim option
- [Bug]: Invalid authentication via OAuth2 via Github for the owner of the organisation HOT 8
- [Bug]: Possible typo in source code for static upstreams HOT 2
- [Bug]: Incomplete source of request urls for skip_auth_routes feature
- [Bug]: Redirect after second google login to home page not working
- [Support]: 401 Authorization Required even finished authentication HOT 1
- [Feature]: use username (or any other attribute from the provider) in basic auth header instead of the ID
- [Feature]: JWT validation only mode HOT 8
- [Bug]: An invalid redirect to a non-whitelisted domain creates a valid session cookie after redirecting to "/"
- Pass bearer token to the backend with nginx
- [Support]: Multi-Domain Forward-Auth with Traefik/k3s
- [Feature]: [Azure] Support certificate-based flow for requesting access token HOT 1
- [Feature]: Support for dry-run
- [Support]: failed to verify id token signature
- [Bug]: Setting `proxy-prefix` in helm seems to break login
- [Bug]: Azure provider: problem with ProfileURL/ userInfoURL (duplicate of closed issue #2162 )
- [Support]: <Keycloak-OIDC failed>
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.