From 3d203a1a03834a9b0c80c96b09983a552c8483a1 Mon Sep 17 00:00:00 2001 From: Jakub Holy Date: Mon, 5 Oct 2020 11:34:42 +0200 Subject: [PATCH] Home: Add a brief description of the behavior (#794) * Home: Add a brief description of the behavior I could not find this information anywhere and think it is quite important for understanding how to use and configure the proxy for different use cases. (Especially the Ajax part is not mentioned anywhere else I believe.) I tried to keep it general enough so that it won't need updating often yet useful enough to have good value :) * Update docs/0_index.md Co-authored-by: Joel Speed Co-authored-by: Joel Speed --- docs/0_index.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/0_index.md b/docs/0_index.md index e724e0f..860ba37 100644 --- a/docs/0_index.md +++ b/docs/0_index.md @@ -21,3 +21,12 @@ A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md) ## Architecture ![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png) + +## Behavior + +1. Any request passing through the proxy (and not matched by `--skip-auth-regex`) is checked for the proxy's session cookie (`--cookie-name`) (or, if allowed, a JWT token - see `--skip-jwt-bearer-tokens`). +2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with `Accept: application/json`, in which case 401 Unauthorized is returned) +3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set +4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) + +Notice that the proxy also provides a number of useful [endpoints](/oauth2-proxy/endpoints).