Merge pull request #380 from jehiah/release_380

Release v2.2

Author: jehiah

.travis.yml

@@ -1,7 +1,7 @@
 language: go
 go:
   - 1.7.5
-  - 1.8
+  - 1.8.1
 script:
   - curl -s https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm > gpm
   - chmod +x gpm

README.md

@@ -1,8 +1,6 @@
 oauth2_proxy
 =================
 
-<small>(This project was renamed from Google Auth Proxy - May 2015)</small>
-
 A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others)
 to validate accounts by email, domain or group.
 
@@ -17,7 +15,7 @@ to validate accounts by email, domain or group.
 
 ## Installation
 
-1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.1`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
+1. Download [Prebuilt Binary](https://github.com/bitly/oauth2_proxy/releases) (current release is `v2.2`) or build with `$ go get github.com/bitly/oauth2_proxy` which will put the binary in `$GOROOT/bin`
 2. Select a Provider and Register an OAuth Application with a Provider
 3. Configure OAuth2 Proxy using config file, command line options, or environment variables
 4. Configure SSL or Deploy behind a SSL endpoint (example provided for Nginx)
@@ -159,54 +157,56 @@ An example [oauth2_proxy.cfg](contrib/oauth2_proxy.cfg.example) config file is i
 
 ```
 Usage of oauth2_proxy:
-  -approval-prompt="force": Oauth approval_prompt
-  -authenticated-emails-file="": authenticate against emails via file (one per line)
-  -azure-tenant="common": go to a tenant-specific or common (tenant-independent) endpoint.
-  -basic-auth-password="": the password to set when passing the HTTP Basic Auth header
-  -client-id="": the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
-  -client-secret="": the OAuth Client Secret
-  -config="": path to config file
-  -cookie-domain="": an optional cookie domain to force cookies to (ie: .yourcompany.com)*
-  -cookie-expire=168h0m0s: expire timeframe for cookie
-  -cookie-httponly=true: set HttpOnly cookie flag
-  -cookie-name="_oauth2_proxy": the name of the cookie that the oauth_proxy creates
-  -cookie-refresh=0: refresh the cookie after this duration; 0 to disable
-  -cookie-secret="": the seed string for secure cookies
-  -cookie-secure=true: set secure (HTTPS) cookie flag
-  -custom-templates-dir="": path to custom html templates
-  -display-htpasswd-form=true: display username / password login form if an htpasswd file is provided
-  -email-domain=: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
-  -github-org="": restrict logins to members of this organisation
-  -github-team="": restrict logins to members of this team
-  -google-admin-email="": the google admin to impersonate for api calls
-  -google-group=: restrict logins to members of this google group (may be given multiple times).
-  -google-service-account-json="": the path to the service account json credentials
-  -htpasswd-file="": additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
-  -http-address="127.0.0.1:4180": [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients
-  -https-address=":443": <addr>:<port> to listen on for HTTPS clients
-  -login-url="": Authentication endpoint
-  -pass-access-token=false: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
-  -pass-basic-auth=true: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
-  -pass-user-headers=true: pass X-Forwarded-User and X-Forwarded-Email information to upstream
-  -pass-host-header=true: pass the request Host Header to upstream
-  -profile-url="": Profile access endpoint
-  -provider="google": OAuth provider
-  -proxy-prefix="/oauth2": the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in)
-  -redeem-url="": Token redemption endpoint
-  -redirect-url="": the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
-  -resource="": the resource that is being protected. ie: "https://graph.windows.net". Currently only used in the Azure provider.
-  -request-logging=true: Log requests to stdout
-  -scope="": Oauth scope specification
-  -signature-key="": GAP-Signature request signature key (algorithm:secretkey)
-  -skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times)
-  -skip-auth-preflight=false: bypass authentication for OPTIONAL requests so preflight requests could succeed when using CORS
-  -skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start
+  -approval-prompt string: OAuth approval_prompt (default "force")
+  -authenticated-emails-file string: authenticate against emails via file (one per line)
+  -azure-tenant string: go to a tenant-specific or common (tenant-independent) endpoint. (default "common")
+  -basic-auth-password string: the password to set when passing the HTTP Basic Auth header
+  -client-id string: the OAuth Client ID: ie: "123456.apps.googleusercontent.com"
+  -client-secret string: the OAuth Client Secret
+  -config string: path to config file
+  -cookie-domain string: an optional cookie domain to force cookies to (ie: .yourcompany.com)*
+  -cookie-expire duration: expire timeframe for cookie (default 168h0m0s)
+  -cookie-httponly: set HttpOnly cookie flag (default true)
+  -cookie-name string: the name of the cookie that the oauth_proxy creates (default "_oauth2_proxy")
+  -cookie-refresh duration: refresh the cookie after this duration; 0 to disable
+  -cookie-secret string: the seed string for secure cookies (optionally base64 encoded)
+  -cookie-secure: set secure (HTTPS) cookie flag (default true)
+  -custom-templates-dir string: path to custom html templates
+  -display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
+  -email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
+  -footer string: custom footer string. Use "-" to disable default footer.
+  -github-org string: restrict logins to members of this organisation
+  -github-team string: restrict logins to members of this team
+  -google-admin-email string: the google admin to impersonate for api calls
+  -google-group value: restrict logins to members of this google group (may be given multiple times).
+  -google-service-account-json string: the path to the service account json credentials
+  -htpasswd-file string: additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
+  -http-address string: [http://]<addr>:<port> or unix://<path> to listen on for HTTP clients (default "127.0.0.1:4180")
+  -https-address string: <addr>:<port> to listen on for HTTPS clients (default ":443")
+  -login-url string: Authentication endpoint
+  -pass-access-token: pass OAuth access_token to upstream via X-Forwarded-Access-Token header
+  -pass-basic-auth: pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
+  -pass-host-header: pass the request Host Header to upstream (default true)
+  -pass-user-headers: pass X-Forwarded-User and X-Forwarded-Email information to upstream (default true)
+  -profile-url string: Profile access endpoint
+  -provider string: OAuth provider (default "google")
+  -proxy-prefix string: the url root path that this proxy should be nested under (e.g. /<oauth2>/sign_in) (default "/oauth2")
+  -redeem-url string: Token redemption endpoint
+  -redirect-url string: the OAuth Redirect URL. ie: "https://internalapp.yourcompany.com/oauth2/callback"
+  -request-logging: Log requests to stdout (default true)
+  -resource string: The resource that is protected (Azure AD only)
+  -scope string: OAuth scope specification
+  -set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
+  -signature-key string: GAP-Signature request signature key (algorithm:secretkey)
+  -skip-auth-preflight: will skip authentication for OPTIONS requests
+  -skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)
+  -skip-provider-button: will skip sign-in-page to directly reach the next step: oauth/start
   -ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
-  -tls-cert="": path to certificate file
-  -tls-key="": path to private key file
-  -upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
-  -validate-url="": Access token validation endpoint
-  -version=false: print version string
+  -tls-cert string: path to certificate file
+  -tls-key string: path to private key file
+  -upstream value: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path
+  -validate-url string: Access token validation endpoint
+  -version: print version string
 ```
 
 See below for provider specific options

version.go

@@ -1,3 +1,3 @@
 package main
 
-const VERSION = "2.2.0-alpha"
+const VERSION = "2.2.0"