oauth2-proxy
X-Auth-Request-Groups missing when cookie_refresh enabled
Hi,
I'm running v7.2.1 with below args:
- '--cookie-expire=24h0m0s'
- '--cookie-refresh=30m'
- '--session-store-type=redis'
I'm using okta oidc provider, and I enabled "Refresh Token" in the okta app. I use traefik forward auth in k8s, with middleware like this:
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: oauth2-proxy-auth-redirect
spec:
forwardAuth:
address: https://${my_proxy_domain_name}/
trustForwardHeader: true
authResponseHeaders:
- X-Auth-Request-Access-Token
- X-Auth-Request-User
- X-Auth-Request-Email
- X-Auth-Request-Preferred-Username
- X-Auth-Request-Groups
- Authorization
When I login my site for the first time, I can see the response header:
X-Auth-Request-Groups: Everyone
But after 30 minutes, I can't see the header anymore, I don't understand what happens to it and not sure if it is oauth2-proxy issue or okta issue, please help, thanks.
Which provider are you using? And how have you configured group extraction for OAuth2 proxy? It's possible that either we aren't extracting the groups correctly or Okta isn't returning the groups in the refreshed token
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm not sure what changed in v7.3.x or v7.4.x, after I upgraded version from v7.2.1 to v7.4.0 the issue was gone.