New
v7.14.2
Release Highlights
- Revert AuthOnly endpoint change from v7.14.1 that caused issues when using
skip-provider-buttonenabled
Important Notes
- This release reverts the change made in v7.14.1 that caused issues when using the
skip-provider-buttonenabled. Now, when a session does not exist, the AuthOnly endpoint will send a 401 status code as expected instead of a 302 redirect. And instead we extended the documentation to clarify the behavior when usingnginxwithauth_requestandskip-provider-buttonand how to properly configure redirects for browser and API routes.
Excerpt from v7.14.0 release letter:
This release introduces a breaking change for Alpha Config users and moves us significantly closer to removing legacy configuration parameters, making the codebase of OAuth2 Proxy more future proof and extensible.
From v7.14.0 onward, header injection sources must be explicitly nested. If you previously relied on squashed fields, update to the new structure before upgrading:
# before v7.14.0
injectRequestHeaders:
- name: X-Forwarded-User
values:
- claim: user
- name: X-Custom-Secret-header
values:
- value: my-super-secret
# v7.14.0 and later
injectRequestHeaders:
- name: X-Forwarded-User
values:
- claimSource:
claim: user
- name: X-Custom-Secret-header
values:
- secretSource:
value: my-super-secret