Home: Add a brief description of the behavior (oauth2-proxy#794)

* Home: Add a brief description of the behavior I could not find this information anywhere and think it is quite important for understanding how to use and configure the proxy for different use cases. (Especially the Ajax part is not mentioned anywhere else I believe.) I tried to keep it general enough so that it won't need updating often yet useful enough to have good value :) * Update docs/0_index.md Co-authored-by: Joel Speed <[email protected]> Co-authored-by: Joel Speed <[email protected]>
dynata · Oct 5, 2020 · 3d203a1 · 3d203a1
1 parent dc7dbc5
commit 3d203a1
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/docs/0_index.md b/docs/0_index.md
@@ -21,3 +21,12 @@ A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md)
 ## Architecture
 
 ![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png)
+
+## Behavior
+
+1. Any request passing through the proxy (and not matched by `--skip-auth-regex`) is checked for the proxy's session cookie (`--cookie-name`) (or, if allowed, a JWT token - see `--skip-jwt-bearer-tokens`). 
+2. If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with `Accept: application/json`, in which case 401 Unauthorized is returned)
+3. After returning from the authentication provider, the oauth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set
+4. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration)
+
+Notice that the proxy also provides a number of useful [endpoints](/oauth2-proxy/endpoints).