Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Redirect after second google login to home page not working #2625

Open
Denguido opened this issue Apr 30, 2024 · 0 comments
Open

[Bug]: Redirect after second google login to home page not working #2625

Denguido opened this issue Apr 30, 2024 · 0 comments
Labels
bug help wanted

Comments

@Denguido
Copy link

Denguido commented Apr 30, 2024
edited

OAuth2-Proxy Version

v7.6.0

Provider

google

Expected Behaviour

If the first attempt fails to login due to a non autorized google email address (because it's not listed in the authenticated-emails-file) you get a 403 message. If you then click on the sign in button again and login with an authorized google email address you should be redirected to the home page of the requested url.

Current Behaviour

If the first attempt fails to login due to a non autorized google email address (because it's not listed in the authenticated-emails-file) you get a 403 message.

image

If you then click on the sign in button again and login with an authorized google email address you should be redirected to the home page of the requested url but instead you get a 403 message again. (Although the _oauth2_proxy cookie is set)

image

Steps To Reproduce

Running on Ubuntu 20.04 with nginx 1.18.0

Oauth2-Proxy config:

ExecStart=/opt/oauth2_proxy/oauth2_proxy \
  --authenticated-emails-file=/xxx/xxxx/users \
  --client-id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com \
  --client-secret=xxxxxxxxxxxxxxxxxxxxxxxxxx \
  --cookie-secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
  --cookie-domain=.my-domain.com \
  --cookie-expire=168h \
  --cookie-secure=true \
  --cookie-httponly=true \
  --cookie-csrf-per-request=true \
  --set-xauthrequest=true \
  --pass-user-headers=true \
  --custom-sign-in-logo=/var/www/my-domain.com/my-logo.png \
  --footer=-

Nginx config:

    location / {
      auth_request /oauth2/auth;
      error_page 401 = /oauth2/sign_in;
      # pass information via X-User and X-Email headers to backend
      # requires running with --set-xauthrequest flag 
      auth_request_set $user $upstream_http_x_auth_request_user;
      auth_request_set $email $upstream_http_x_auth_request_email;
      proxy_set_header X-User $user;
      proxy_set_header X-Email $email;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 			
      proxy_pass_header Server;
      proxy_connect_timeout 3s;
      proxy_read_timeout 10s;

      # if you enabled --cookie-refresh, this is needed for it to work with auth_request
      auth_request_set $auth_cookie $upstream_http_set_cookie; 				
      add_header Set-Cookie $auth_cookie;
      # proxy_pass http://127.0.0.1:8080;
    }

Possible Solutions

No response

Configuration details or additional information

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Denguido