# oauth2-proxy/oauth2-proxy

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/oauth2-proxy-oauth2-proxy).**

13,885 stars · 2,033 forks · Go · mit

## Links

- GitHub: https://github.com/oauth2-proxy/oauth2-proxy
- Homepage: https://oauth2-proxy.github.io/oauth2-proxy
- awesome-repositories: https://awesome-repositories.com/repository/oauth2-proxy-oauth2-proxy.md

## Topics

`cloud-infrastructure` `hacktoberfest` `oauth2-proxy` `ssl` `sso`

## Description

This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources.

The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or server-side storage backends, and it supports the extraction of identity claims to enable personalized application logic. Administrators can enforce access policies based on specific user attributes, such as email domains or group memberships, and inject verified identity information into request headers for downstream processing.

Beyond core authentication, the software provides comprehensive traffic management, including path-based routing, WebSocket support, and TLS termination. It offers a declarative configuration system that supports syntax validation and environment variable interpolation, allowing for complex security policies and custom authentication provider integrations. The proxy also handles static content serving and provides detailed operational logging for monitoring system and authentication events.

The software is distributed as precompiled binaries for direct execution or as container images for deployment in cloud-native environments.

## Tags

### Security & Cryptography

- [OAuth2 Providers](https://awesome-repositories.com/f/security-cryptography/oauth2-providers.md) — Integrates with OAuth2 and OIDC providers to validate user identity before granting access to internal web services.
- [Reverse Proxy Authentication](https://awesome-repositories.com/f/security-cryptography/reverse-proxy-authentication.md) — Acts as a reverse proxy that secures internal web services by enforcing authentication against external identity providers.
- [Web Application Security](https://awesome-repositories.com/f/security-cryptography/web-application-security.md) — Secures internal web applications by enforcing mandatory authentication against external identity providers. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/integrations/))
- [Attribute-based Access Controls](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/access-control-models/attribute-based-access-controls.md) — Restricts access to web services based on verified user attributes like email domains or group memberships.
- [Attribute-Based Access Control](https://awesome-repositories.com/f/security-cryptography/attribute-based-access-control.md) — Filters incoming traffic based on verified user attributes such as email address, domain membership, or group affiliation. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/))
- [Stateful Session Persistence](https://awesome-repositories.com/f/security-cryptography/identity-access-management/session-management/stateful-session-persistence.md) — Maintains authenticated user state across requests using either encrypted client-side cookies or server-side storage backends.
- [Session Persistence Strategies](https://awesome-repositories.com/f/security-cryptography/session-persistence-strategies.md) — Maintains authenticated user state across requests by storing encrypted session tokens in client-side cookies.
- [Identity Header Injections](https://awesome-repositories.com/f/security-cryptography/user-identity-management/identity-header-injections.md) — Injects user information and authentication headers into requests before passing them to backend applications for downstream processing. ([source](https://oauth2-proxy.github.io/oauth2-proxy/behaviour))
- [Authentication Providers](https://awesome-repositories.com/f/security-cryptography/authentication-providers.md) — Integrates with diverse external identity providers through a standardized, provider-agnostic authentication interface.
- [Server-Side Session Stores](https://awesome-repositories.com/f/security-cryptography/identity-access-management/session-management/server-side-session-stores.md) — Offloads session data to external databases or caches to support larger payloads and improved security revocation.
- [Proxy Authentication](https://awesome-repositories.com/f/security-cryptography/proxy-authentication.md) — Forwards requests to upstream services only after verifying user identity and enforcing access policies. ([source](https://oauth2-proxy.github.io/oauth2-proxy/features/endpoints))
- [Request Authentication Middleware](https://awesome-repositories.com/f/security-cryptography/request-authentication-middleware.md) — Intercepts network requests to validate user sessions and enforce access control before processing application logic.
- [Authentication Claims](https://awesome-repositories.com/f/security-cryptography/custom-attribution-tracking/authentication-claims.md) — Extracts custom attributes from authentication tokens to enable personalized application logic and header injection. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config))
- [TLS Management](https://awesome-repositories.com/f/security-cryptography/tls-management.md) — Handles encrypted traffic by providing certificate and key files, with options to enforce specific TLS versions and cipher suites. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/tls))
- [Custom Authentication Providers](https://awesome-repositories.com/f/security-cryptography/custom-authentication-providers.md) — Supports integration of custom identity providers through a standard interface and registration logic. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/))
- [Session Termination Services](https://awesome-repositories.com/f/security-cryptography/session-termination-services.md) — Clears local authentication cookies and redirects users to external providers to finalize the logout process. ([source](https://oauth2-proxy.github.io/oauth2-proxy/features/endpoints))
- [Session Token Refreshers](https://awesome-repositories.com/f/security-cryptography/session-token-refreshers.md) — Manages token expiration and refresh intervals to maintain secure access while reducing re-authentication frequency. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/session_storage))

### Networking & Communication

- [Reverse Proxies](https://awesome-repositories.com/f/networking-communication/networking/reverse-proxies.md) — Routes incoming HTTP traffic to upstream applications while enforcing access policies and authentication requirements.
- [Proxy Configurations](https://awesome-repositories.com/f/networking-communication/proxy-configurations.md) — Configures HTTP/HTTPS server endpoints with support for custom TLS certificates, cipher suites, and network binding. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config))
- [Request Routing](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/request-routing.md) — Maps incoming request paths to specific upstream services, supporting path rewriting, WebSocket proxying, and custom timeout settings. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config))
- [Declarative Proxy Configurations](https://awesome-repositories.com/f/networking-communication/declarative-proxy-configurations.md) — Defines routing rules and security policies using structured, declarative configuration files.
- [Proxy Configurations](https://awesome-repositories.com/f/networking-communication/proxy-servers/proxy-configurations.md) — Manages operational behavior through configuration files, environment variables, and command-line arguments. ([source](https://oauth2-proxy.github.io/oauth2-proxy/7.0.x/))

### Artificial Intelligence & ML

- [Session Storage Backends](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/authentication-strategies/session-state/stateless-session-authentication/session-storage-backends.md) — Maintains authenticated user state using either encrypted client-side cookies or server-side storage backends. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/session_storage))

### DevOps & Infrastructure

- [Configuration Validation](https://awesome-repositories.com/f/devops-infrastructure/configuration-management/configuration-validation.md) — Validates configuration files for errors and required fields before startup to prevent runtime failures. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview))
- [Containerized Deployments](https://awesome-repositories.com/f/devops-infrastructure/containerized-deployments.md) — Supports deployment using prebuilt container images and orchestration manifests for cloud-native environments. ([source](https://oauth2-proxy.github.io/oauth2-proxy/installation))

### Software Engineering & Architecture

- [YAML Configuration Files](https://awesome-repositories.com/f/software-engineering-architecture/application-lifecycle-management/configuration-management/configuration-formats-and-schemas/yaml-configuration-files.md) — Processes YAML-based configuration files with environment variable interpolation for sensitive data. ([source](https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config))