oauth2-proxy: unknown flag: --oidc-groups-claim when using image v6.1.1

We are tracking the final two PRs to go across the line in the v7 project. Both PRs are very near to completion and should hopefully merge over the next few days, once they have done so we will start the release process. I would expect us to have this sorted by EOW if everything goes smoothly

Any chance enabling pushing the prereleases to the repo from your GH actions? It would be highly useful integrating and evaluating features such as this while waiting for the proper release.

January most likely. With the holiday season approaching, there will be a lot less work until 2021 and we are back in normal working cadences.

This PR is looking to handle string values for a groups claim: https://github.com/oauth2-proxy/oauth2-proxy/pull/816

It will unfortunately treat that whole string as a single group though.

As an aside, I know groups isn’t an official OIDC claim, but there’s pretty universal conventions most IdPs have established. Why do some IdPs keep doing weird stuff like this 🤣

Apologies for the docs not representing the current release, we are aware of the issue (#550) and are hoping to come up with a solution for it eventually.

We had our last release at the end of August so I would expect we would cut v7 no later than the end of November, but we may decide to cut it earlier if we get a reasonable number of PRs merged. I need to evaluate all the upcoming breaking changes and try to make sure we capture as many as possible in this release.

proxy returns 403 if token has no required group nginx redirects to …/start URL

Can you share a snippet of your Nginx configuration? Nginx should only be redirecting to the start on a 401 response, not on a 403. I would expect the OAuth2 Proxy to show some unauthenticated page if the user is not in the correct group, are you not seeing this?

I think oidc group authorization support (including oidc-groups-claim parameter) will be available from release v7.0