OAuth Provider Configuration
You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it
with Redirect URI(s) for the domain you intend to run oauth2-proxy on.
Valid providers are :
- ADFS
- Bitbucket
- DigitalOcean
- Gitea
- GitHub
- GitLab
- Google default
- Keycloak (Deprecated)
- Keycloak OIDC
- login.gov
- Microsoft Azure (Deprecated)
- Microsoft Entra ID
- Nextcloud
- OpenID Connect
The provider can be selected using the provider configuration value, or set in the providers array using AlphaConfig. However, the feature to implement multiple providers is not complete.
Please note that not all providers support all claims. The preferred_username claim is currently only supported by the
OpenID Connect provider.
Email Authentication
To authorize a specific email-domain use --email-domain=yourcompany.com. To authorize individual email addresses use
--authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.
Adding a new Provider
Follow the examples in the providers package to define a new
Provider instance. Add a new case to
providers.New() to allow oauth2-proxy to use the
new Provider.