Merge bitly#424 (x-auth-request access-token)

ploxiln · ploxiln · commit d9c79866342f · 2018-11-22T13:19:20.000-05:00
rebased+squashed version of bitly PR 424
diff --git a/README.md b/README.md
@@ -409,6 +409,10 @@ server {
     proxy_set_header X-User  $user;
     proxy_set_header X-Email $email;
 
+    # if you enabled --pass-access-token, this will pass the token to the backend
+    auth_request_set $token  $upstream_http_x_auth_request_access_token;
+    proxy_set_header X-Token $token;
+
     # if you enabled --cookie-refresh, this is needed for it to work with auth_request
     auth_request_set $auth_cookie $upstream_http_set_cookie;
     add_header Set-Cookie $auth_cookie;
diff --git a/oauthproxy.go b/oauthproxy.go
@@ -694,6 +694,9 @@ func (p *OAuthProxy) Authenticate(rw http.ResponseWriter, req *http.Request) int
 		if session.Email != "" {
 			rw.Header().Set("X-Auth-Request-Email", session.Email)
 		}
+		if p.PassAccessToken && session.AccessToken != "" {
+			rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)
+		}
 	}
 	if p.PassAccessToken && session.AccessToken != "" {
 		req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}

Original file line number	Diff line number	Diff line change
`@@ -694,6 +694,9 @@ func (p OAuthProxy) Authenticate(rw http.ResponseWriter, req http.Request) int`
`694`	`694`	`if session.Email != "" {`
`695`	`695`	`rw.Header().Set("X-Auth-Request-Email", session.Email)`
`696`	`696`	`}`
	`697`	`+ if p.PassAccessToken && session.AccessToken != "" {`
	`698`	`+ rw.Header().Set("X-Auth-Request-Access-Token", session.AccessToken)`
	`699`	`+ }`
`697`	`700`	`}`
`698`	`701`	`if p.PassAccessToken && session.AccessToken != "" {`
`699`	`702`	`req.Header["X-Forwarded-Access-Token"] = []string{session.AccessToken}`