v2.1.0
Changelog
Note: This release includes changes to how users are validated using email domains, email addresses, and email groups. With each of these 'validator' mechanisms that is configured, the user will be allowed access as long at least one passes, rather than requiring all to pass.
Please see #253 for more information.
Features
- proxy: Allow injection of request headers - ability to add headers to the request before sending to the proxied service.
- sso_proxy: ability to define allowed email address/domain in upstream config - adds ability to define allowed email addresses and allowed domains directly into upstream configs, rather than only globally.
- sso-proxy: add websocket support - adds support for upstreams using websockets.
- sso_proxy: add test for websockets and update docs - adds some tests for websocket functionality, and updates documentation accordingly.
- sso_*: allow simultaneous use of Validators - reworks 'validator' mechanism and abstractions, and allow request through providing at least one of the validators passes.
Bugs and Fixes
- bug: remove auth code secret - Clears up usage of
AUTH_CODE_SECRET. - sso_auth: add default for groupcache settings - fixes groupcache bug causing panic if particular config variable is unset.
- sso_*: fix 500 error caused by expired Okta refresh token - fixes handling of error and UX caused by an expired Okta refresh token.
Documentation
- Update google_provider_setup.md - Updates Google provider config variable documentation
- docs: outline env vars and fix provider setup documentation - adds documentation around available configuration variables for
sso_authand their types.