Version: 7.7.x

OAuth Provider Configuration

You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run oauth2-proxy on.

Valid providers are :

Google default
Azure
ADFS
Facebook
GitHub
Gitea
Keycloak/Keycloak OIDC
GitLab
LinkedIn
Microsoft Azure AD
OpenID Connect
login.gov
Nextcloud
DigitalOcean
Bitbucket

The provider can be selected using the provider configuration value.

Please note that not all providers support all claims. The preferred_username claim is currently only supported by the OpenID Connect provider.

Email Authentication

To authorize a specific email-domain use --email-domain=yourcompany.com. To authorize individual email addresses use --authenticated-emails-file=/path/to/file with one email per line. To authorize all email addresses use --email-domain=*.

Adding a new Provider

Follow the examples in the providers package to define a new Provider instance. Add a new case to providers.New() to allow oauth2-proxy to use the new Provider.

Email Authentication​

Adding a new Provider​

Email Authentication

Adding a new Provider