Add more env variable :

main.go

@@ -30,14 +30,16 @@ func main() {
 	flagSet.String("tls-cert", "", "path to certificate file")
 	flagSet.String("tls-key", "", "path to private key file")
 	flagSet.String("redirect-url", "", "the OAuth Redirect URL. ie: \"https://internalapp.yourcompany.com/oauth2/callback\"")
-	flagSet.Var(&upstreams, "upstream", "the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path")
+	flagSet.Var(&upstreams, "upstreams", "the http url(s) of the upstream endpoint(s) or file(s):// paths for static files. Routing is based on the path")
+	flagSet.String("upstream", "", "the http url of the upstream endpoint or file")
 	flagSet.Bool("pass-basic-auth", true, "pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream")
 	flagSet.String("basic-auth-password", "", "the password to set when passing the HTTP Basic Auth header")
 	flagSet.Bool("pass-access-token", false, "pass OAuth access_token to upstream via X-Forwarded-Access-Token header")
 	flagSet.Bool("pass-host-header", true, "pass the request Host Header to upstream")
 	flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)")
 
-	flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
+	flagSet.Var(&emailDomains, "email-domains", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
+	flagSet.String("email-domain", "", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
 	flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.")
 	flagSet.String("github-org", "", "restrict logins to members of this organisation")
 	flagSet.String("github-team", "", "restrict logins to members of this team")

oauthproxy.go

@@ -15,8 +15,8 @@ import (
 	"time"
 
 	"github.com/18F/hmacauth"
-	"github.com/bitly/oauth2_proxy/cookie"
-	"github.com/bitly/oauth2_proxy/providers"
+	"github.com/revinate-docker/oauth2_proxy/cookie"
+	"github.com/revinate-docker/oauth2_proxy/providers"
 )
 
 const SignatureHeader = "GAP-Signature"

oauthproxy_test.go

@@ -4,7 +4,7 @@ import (
 	"crypto"
 	"encoding/base64"
 	"github.com/18F/hmacauth"
-	"github.com/bitly/oauth2_proxy/providers"
+	"github.com/revinate-docker/oauth2_proxy/providers"
 	"github.com/bmizerany/assert"
 	"io"
 	"io/ioutil"

options.go

@@ -10,23 +10,24 @@ import (
 	"time"
 
 	"github.com/18F/hmacauth"
-	"github.com/bitly/oauth2_proxy/providers"
+	"github.com/revinate-docker/oauth2_proxy/providers"
 )
 
 // Configuration Options that can be set by Command Line Flag, or Config File
 type Options struct {
-	ProxyPrefix  string `flag:"proxy-prefix" cfg:"proxy-prefix"`
-	HttpAddress  string `flag:"http-address" cfg:"http_address"`
-	HttpsAddress string `flag:"https-address" cfg:"https_address"`
-	RedirectURL  string `flag:"redirect-url" cfg:"redirect_url"`
+	ProxyPrefix  string `flag:"proxy-prefix" cfg:"proxy-prefix" env:"OAUTH2_PROXY_PREFIX"`
+	HttpAddress  string `flag:"http-address" cfg:"http_address" env:"OAUTH2_PROXY_HTTP_ADDRESS"`
+	HttpsAddress string `flag:"https-address" cfg:"https_address" env:"OAUTH2_PROXY_HTTPS_ADDRESS"`
+	RedirectURL  string `flag:"redirect-url" cfg:"redirect_url" env:"OAUTH2_PROXY_REDIRECT_URL"`
 	ClientID     string `flag:"client-id" cfg:"client_id" env:"OAUTH2_PROXY_CLIENT_ID"`
 	ClientSecret string `flag:"client-secret" cfg:"client_secret" env:"OAUTH2_PROXY_CLIENT_SECRET"`
-	TLSCertFile  string `flag:"tls-cert" cfg:"tls_cert_file"`
-	TLSKeyFile   string `flag:"tls-key" cfg:"tls_key_file"`
+	TLSCertFile  string `flag:"tls-cert" cfg:"tls_cert_file" env:"OAUTH2_PROXY_TLS_CERT_FILE"`
+	TLSKeyFile   string `flag:"tls-key" cfg:"tls_key_file" env:"OAUTH2_PROXY_TLS_KEY_FILE"`
 
 	AuthenticatedEmailsFile  string   `flag:"authenticated-emails-file" cfg:"authenticated_emails_file"`
 	AzureTenant              string   `flag:"azure-tenant" cfg:"azure_tenant"`
-	EmailDomains             []string `flag:"email-domain" cfg:"email_domains"`
+	EmailDomains             []string `flag:"email-domains" cfg:"email_domains" env:"OAUTH2_PROXY_EMAIL_DOMAINS"`
+	EmailDomain              string   `flag:"email-domain" cfg:"email_domain" env:"OAUTH2_PROXY_EMAIL_DOMAIN"`
 	GitHubOrg                string   `flag:"github-org" cfg:"github_org"`
 	GitHubTeam               string   `flag:"github-team" cfg:"github_team"`
 	GoogleGroups             []string `flag:"google-group" cfg:"google_group"`
@@ -44,7 +45,8 @@ type Options struct {
 	CookieSecure   bool          `flag:"cookie-secure" cfg:"cookie_secure"`
 	CookieHttpOnly bool          `flag:"cookie-httponly" cfg:"cookie_httponly"`
 
-	Upstreams         []string `flag:"upstream" cfg:"upstreams"`
+	Upstreams         []string `flag:"upstreams" cfg:"upstreams" env:"OAUTH2_PROXY_UPSTREAMS"`
+	Upstream          string   `flag:"upstream" cfg:"upstream" env:"OAUTH2_PROXY_UPSTREAM"`
 	SkipAuthRegex     []string `flag:"skip-auth-regex" cfg:"skip_auth_regex"`
 	PassBasicAuth     bool     `flag:"pass-basic-auth" cfg:"pass_basic_auth"`
 	BasicAuthPassword string   `flag:"basic-auth-password" cfg:"basic_auth_password"`
@@ -84,12 +86,14 @@ func NewOptions() *Options {
 		ProxyPrefix:         "/oauth2",
 		HttpAddress:         "127.0.0.1:4180",
 		HttpsAddress:        ":443",
+		EmailDomain:         "",
 		DisplayHtpasswdForm: true,
 		CookieName:          "_oauth2_proxy",
 		CookieSecure:        true,
 		CookieHttpOnly:      true,
 		CookieExpire:        time.Duration(168) * time.Hour,
 		CookieRefresh:       time.Duration(0),
+		Upstream:            "",
 		PassBasicAuth:       true,
 		PassAccessToken:     false,
 		PassHostHeader:      true,
@@ -109,6 +113,12 @@ func parseURL(to_parse string, urltype string, msgs []string) (*url.URL, []strin
 
 func (o *Options) Validate() error {
 	msgs := make([]string, 0)
+	if o.Upstream != "" {
+		o.Upstreams = append(o.Upstreams, o.Upstream)
+	}
+	if o.EmailDomain != "" {
+		o.EmailDomains = append(o.EmailDomains, o.EmailDomain)
+	}
 	if len(o.Upstreams) < 1 {
 		msgs = append(msgs, "missing setting: upstream")
 	}
@@ -126,7 +136,7 @@ func (o *Options) Validate() error {
 	}
 
 	o.redirectURL, msgs = parseURL(o.RedirectURL, "redirect", msgs)
-
+	
 	for _, u := range o.Upstreams {
 		upstreamURL, err := url.Parse(u)
 		if err != nil {

options_test.go

@@ -125,7 +125,7 @@ func TestDefaultProviderApiSettings(t *testing.T) {
 	o := testOptions()
 	assert.Equal(t, nil, o.Validate())
 	p := o.provider.Data()
-	assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline",
+	assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=online",
 		p.LoginURL.String())
 	assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token",
 		p.RedeemURL.String())

providers/azure.go

@@ -3,7 +3,7 @@ package providers
 import (
 	"errors"
 	"fmt"
-	"github.com/bitly/oauth2_proxy/api"
+	"github.com/revinate-docker/oauth2_proxy/api"
 	"log"
 	"net/http"
 	"net/url"

providers/gitlab.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"net/url"
 
-	"github.com/bitly/oauth2_proxy/api"
+	"github.com/revinate-docker/oauth2_proxy/api"
 )
 
 type GitLabProvider struct {

providers/google.go

@@ -34,7 +34,7 @@ func NewGoogleProvider(p *ProviderData) *GoogleProvider {
 			Host: "accounts.google.com",
 			Path: "/o/oauth2/auth",
 			// to get a refresh token. see https://developers.google.com/identity/protocols/OAuth2WebServer#offline
-			RawQuery: "access_type=offline",
+			RawQuery: "access_type=online",
 		}
 	}
 	if p.RedeemURL.String() == "" {

providers/google_test.go

@@ -34,7 +34,7 @@ func TestGoogleProviderDefaults(t *testing.T) {
 	p := newGoogleProvider()
 	assert.NotEqual(t, nil, p)
 	assert.Equal(t, "Google", p.Data().ProviderName)
-	assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=offline",
+	assert.Equal(t, "https://accounts.google.com/o/oauth2/auth?access_type=online",
 		p.Data().LoginURL.String())
 	assert.Equal(t, "https://www.googleapis.com/oauth2/v3/token",
 		p.Data().RedeemURL.String())

providers/internal_util.go

@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"net/url"
 
-	"github.com/bitly/oauth2_proxy/api"
+	"github.com/revinate-docker/oauth2_proxy/api"
 )
 
 // validateToken returns true if token is valid

providers/linkedin.go

@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"net/url"
 
-	"github.com/bitly/oauth2_proxy/api"
+	"github.com/revinate-docker/oauth2_proxy/api"
 )
 
 type LinkedInProvider struct {

providers/myusa.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 	"net/url"
 
-	"github.com/bitly/oauth2_proxy/api"
+	"github.com/revinate-docker/oauth2_proxy/api"
 )
 
 type MyUsaProvider struct {

providers/provider_default.go

@@ -10,7 +10,7 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/bitly/oauth2_proxy/cookie"
+	"github.com/revinate-docker/oauth2_proxy/cookie"
 )
 
 func (p *ProviderData) Redeem(redirectURL, code string) (s *SessionState, err error) {

providers/providers.go

@@ -1,7 +1,7 @@
 package providers
 
 import (
-	"github.com/bitly/oauth2_proxy/cookie"
+	"github.com/revinate-docker/oauth2_proxy/cookie"
 )
 
 type Provider interface {

providers/session_state.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/bitly/oauth2_proxy/cookie"
+	"github.com/revinate-docker/oauth2_proxy/cookie"
 )
 
 type SessionState struct {

providers/session_state_test.go

@@ -5,7 +5,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/bitly/oauth2_proxy/cookie"
+	"github.com/revinate-docker/oauth2_proxy/cookie"
 	"github.com/bmizerany/assert"
 )