Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Restrict access to an application using oauth2_proxy and Gitlab as its provider

Tags:

gitlab

oauth-2.0

I have currently set up a web-based application, to which I have added an authentication method using oauth2_proxy (with gitlab as authentication provider). What I need to know is if there's way that I can restrict the access to this app using a Gitlab group or something like that? Because as of now - oauth is configured to allow access to any user on gitlab which has a @foor.bar email domain (-email-domain=foo.bar directive on oauth config). However I'm looking to control this method in a more restricted manner, so for instance I will create a group on Gitlab, to which I will add only relevant users & other groups to which access should be granted. Is there a way to do it?

like image 937
Moshe Shitrit Avatar asked May 15 '17 19:05

Moshe Shitrit

People also ask

What is oath2?

OAuth 2.0, which stands for “Open Authorization”, is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. It replaced OAuth 1.0 in 2012 and is now the de facto industry standard for online authorization.

How does oauth2 proxy work?

oauth2-proxy makes an HTTP request to Google containing the ID token along with a client ID and client secret that Google has uniquely assigned to your instance of oauth2-proxy. This step is a necessary part of the OAuth flow. A malicious user could spoof the request with a made-up ID token.

What is oauth2 proxy cookie secret?

The OAuth2 Proxy uses a Cookie to track user sessions and will store the session data in one of the available session storage backends. At present the available backends are (as passed to --session-store-type ): cookie (default)

What is an OAuth provider?

An OAuth service provider is defined with the oauthProvider element in the server. xml file. You can define an OAuth service provider by editing the server. xml file or by using the WebSphere® Application Server Development Tools for Liberty. This task describes how to define a minimal OAuth configuration.

1 Answers

Not sure if it's what you're looking for but regards documentation you could use --authenticated-emails-file param to provide authenticated emails list.

like image 97
amon3k Avatar answered Oct 11 '22 20:10

amon3k
Sign in to Comment

Related questions

Getting OAuth2 refresh token
Facebook iOS app not redirecting to mobile Safari after fbauth//
accessing to /api methods in oauth2 server
muteHttpExceptions = true throws authentication failure
Google Cloud Endpoints authentication using webapp2 sessions
Web api owin OAuth 2.0 sliding expiration
How to implement OAuth 2.0 like token based authentication for rest API which is accessed from mobile and javascript web applications
Allowing multiple accounts when signing in with Google+
Confusion over LOCAL AUTHORITY claims and External Provider claims
Google Oauth flow in Meteor
How to use Samsung OAuth login on Android Device?
How to implement a refresh token process with JWT for Android apps
DotNetOpenAuth vs Owin OAuth
Google OAuth 2.0. javascript API doesn't stay "logged in" after page refresh
spring security oauth2 (2.0.8) getting Invalid access token used InMemory tokenstore
OAuth 2.0 client secret for Electron
Authorization has been denied for this request - Azure Active Directory - What logs are available?
3rd party User Auth with Electron
Google analytics .dat file missing, falling back to noauth_local_webserver

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!