-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Proposal for Official Fork #628
Comments
Agree. I think many of us would love to see some of these PRs get merged. Like it or not this is one of the simpler to use solutions for integration of OAuth2 or OIDC providers on top of Kubernetes. |
It is definitely a pity the project is kind of dead. Looks like a lot of people use it though. There is an interesting fork https://github.com/openshift/oauth-proxy but specialized on OpenShift. If I were proficient in Go I would love to help. Would be nice to know the maintainers opinion. |
Let's find a well-known OSS org on github that could manage having such fork. Security repos shouldn't be on any one personal account. It is important though to have @bitly's support and perhaps have their team add the official fork's releases as a tag on dockerhub. |
I agree with you @ermik. Finding an OSS organization which can take care of the project and assign people (not just one) which can approve PRs and manage the repository. |
This is used quite often with K8S. /cc @cncf if it has any suggestion of what group could take care of this. |
/cc @jbeda Do you know someone that could be interested to maintain this project active in a fork? |
Have @bitly stopped using this, hence the staleness of the project? If so it would be interesting to hear what they use instead. |
Everyone at bitly might be just drones and we are a part of their simulation. |
I have been in touch with people at bitly about the current state of the project. I will post another update when I have more information. |
If you're going for a hard fork, consider https://github.com/gofrs . |
I too would like to use this! I recently started using the free Access service from CloudFlare. I really like the concept. So being able to do the same in a stable way with NGINX would be amazing... |
I have exchanged emails with the CEO of @bitly. I thought we were going to get this resolved. Unfortunately once it was passed over to an engineer it died. I think it is pretty clear that this project is no longer a priority for bitly. For whatever reason they are unwilling to pass it over to new stewards. I propose the following actions:
|
That's sad to hear. Have you guys heard of https://github.com/buzzfeed/sso ? It seems to be built on top of OAuth2 proxy with more features. I'll try it out soon... |
There are many large companies with significant OSS presence that have forked this project and have pending PRs awaiting merge. Can one of these companies please come forward to adopt this project? There are many features that we require, which are stuck in unreviewed PRs. We are manually merging into our private forks, which is not sustainable! |
I'm not fluent in Go so I've been working on a node.js port. Would others here be interested in this? |
I will be interested to contributed to the maintenance of this project, since we built recently the https://github.com/jenkins-x/sso-operator on top of it and have a certain understanding of the code base. I like what @skwashd is proposing. It seems that |
If there are not takers by Oct 1st — let me add to @skwashd's list — we need to identify a group of maintainers that can commit (ok, this pun is just unavoidable) to working on newly forked org/repo for the near future while we try to build a community around it. In my opinion, here is a minimum of people required for this repo to continue being of the most wonderful tools out there:
feel free to adjust. Please volunteer yourselves with a brief description of your specialty, and please start reaching out to people to see if we have the support we need. |
cc/ @ohaiwalt — you pointed me to this repo and I'll never be more grateful; do you have any thoughts on the matter? |
@ermik the This project has a well established user base in the Kubernetes community. It must continue to be maintained. I would say, the simplest way to move forward, it is to create a new organisation with a group of maintainers, and then ask @skwashd Do you think, would this work on |
If we can't get any response from |
Please could someone from bitly provide an official statement to this issue? I am mentioning all current members of bitly organisation. Sorry for noise! @apriendeau @hlhendy @jctbitly @jehiah @kpurdon @lrmay @markrechler @mrwoof @russtacular @sioanis @tpherndon |
I tried a couple of times to reach the company via twitter. (first attempt and second attempt). The second one lead to a short email exchange with the CEO. It was passed onto @jehiah, who never responded. Bitly don't owe us anything. They are free to throw their code over the wall and do nothing else. That's how open source works. That said, it is disappointing that they won't engage with the community that they built. Priorities change, life moves on, we accept that. It would have been nice if they either came out and said why the tumbleweed is blowing around the project or worked with interested members of the community to move it to a new home. Sadly there appears to be no interest in either option. I would be happy to play a role in any fork, but I don't feel like I have the time nor the skills to provide the technical leadership. Without leadership we will remain an unruly mob moving pitch forks. With all this in mind I created 2bitproxy/oauth2_proxy. I picked the name as it includes bit as a reference to the bitly heritage and a tongue in cheek reference the negative "two bit". (It takes under a minute to rename it with I believe the first 3 points from the plan I posted last week have been resolved. Who wants to help with the remaining 2? |
Hi all ... I've reached out internally here at Bitly and will make sure we get a response here soon. Just wanted to drop a line here so you all know we are listening. |
@skwashd It's great we have a home for the time being — thanks for stashing away a nice org name! I think you have it right: we can work on improving the project while this gets resolved. A certain breathing room needs to be maintained for @bitly and other community members, as well as possible maintainers, to chime in to this conversation. @kpurdon Great news! I don't presume to speak for everyone, but I would say the key thing to resolve here is a managerial one. There is no need for a fork if and only if the team at @bitly is dedicated to working towards granting some community members merge permissions and working towards reinforcing the community support itself for this repository. |
Hello all, Sorry it's taken so long to respond—it's often difficult to acknowledge that you can no longer maintain something that you've built and nurtured for so many years. While this project has served us well internally for a while, we haven't been able to find someone on our team to push it forward and shepherd community contributions that weren't part of our roadmap. We've also since moved on to other priorities and are even investigating switching to buzzfeed/sso since it's a newer fork of oauth2_proxy. As a result, we've decided to make this read-only and archive this project at the end of September. We're happy to update the readme to point people to newer, maintained forks, so please update this issue (or start a new one) with possible successors in order to make this transition as easy as possible. |
Thanks for the update @russtacular |
SGTM. Please ping on this issue as updates happen. Gofrs would be another option and I can help get it moved over there. |
I am happy to transfer the organisation to someone he will run with the fork. As mentioned above we have decided to use an alternative product for our use cases. While I am interested in helping out it will all be in my limited spare time. My changes were a change I made to support github teams properly (PR #613) and some "rebranding". My email address is on my profile. It's probably easier to discuss things there. If you're planning to pull an npm event-stream stunt, don't waste your time emailing me. |
I've created a Gofrs issue to adopt the project and I'll volunteer time to work and improve the project. |
@xalexslx Could you update the original issue above with the list of forks to give people a migration path whilst community decides the fate of this? https://github.com/buzzfeed/sso Possibly going to be on gofrs gofrs/help-requests#32 |
Original issue updated with the links and official comment of russtacular regarding this project. |
Just by the way, if anyone needs a recent release while waiting for the pusher fork to be ready, I've incorporated the fsnotify/hmacauth import fixes on top of latest master, merged 8 other PRs from this repo (incl. google/github/gitlab groups enhancements, redirect-domain-whitelist, other bits), and made a couple of releases with decent changelogs and binary builds at my fork: https://github.com/ploxiln/oauth2_proxy/releases |
Thanks @ploxiln ! Could you push an image to Docker hub? |
EDITED (I don't want to spam this issue too much) Fixed link to my fork's docker image info: https://hub.docker.com/r/ploxiln/oauth2_proxy (it's also mentioned in the README at my fork) Further discussion of my fork should probably go in issues at my fork. Also note that the "pusher" fork will probably soon be the central/community repo, particularly when it transitions to CNCF. |
For those interested I have an update on the progress of the Pusher fork.
|
For interested parties, the new https://github.com/pusher/oauth2_proxy/releases/tag/v3.0.0 |
Thanks! Did you see the v3.0.0 image has a few known vulnerable libraries or alerts? The quay page 404's for me, but maybe they're visible to you? https://quay.io/repository/pusher/oauth2_proxy?tag=latest&tab=tags |
@JoelSpeed Great work! Looking forward to switching to the Pusher version. Do you know when you will merge in the changes from your fork such as OIDC session refresh? |
Noted, they are also 404'ing for me so I will try and look into this, I suspect they are vulnerabilities in the debian base image we are using
Working on that this week! See oauth2-proxy/oauth2-proxy#14 |
I recently released pomerium. Pomerium may be a good fit for new users, or those okay with significant breaking changes from oauth2_proxy. Like oauth2_proxy, pomerium is a reverse proxy but has additional goals of supporting dynamic policy, and identity/device aware access control similar to BeyondCorp. |
@desimone Hi, Pomerium looks nice, especially in terms of code quality and structure. I do miss a few features (e.g. a provider for GitLab) but would be willing to contribute them. Is there a Gitter/Slack/similar chat to discuss things? |
Hey Everyone! There are several good forks out there. We recommend looking at them and using them! I have listed out the ones that I found in this list and will add them to the README redirecting people there. |
@apriendeau I already have a PR open to add a notice that this repo is archived and list maintained forks, do you have the ability to review it? #684 |
@JoelSpeed Thanks for saving me the effort! It has been merged and I am going to lock this conversation 👍 |
Hi,
As everyone here can see, the project is almost abandoned.
I believe someone or preferable a group of people fluent in Go lang should create an 'official' fork of the project so the community can contribute with PRs which won't be waiting forever at "Pull Requests" tab.
I'm not fluent in Go but I can help with docker images or something like that if needed.
====== Edit =====
According to @russtacular comment on 29 Aug 2018 this project is oficially discontinued. Therefore, while the community is discussing where it will be 'oficially' forked and supported, there are several projects already taking place as a migration path:
https://github.com/pusher/oauth2_proxy (see #628 (comment))
https://github.com/buzzfeed/sso
https://github.com/openshift/oauth-proxy
https://github.com/ploxiln/oauth2_proxy (see #628 (comment) and #628 (comment))
Also, there is a discussion on gofrs gofrs/help-requests#32 (comment)
The text was updated successfully, but these errors were encountered: