Roles header with refresh configuration

[sto1t]

This enhancement provides a new configuration to send roles as a header with an implementation for the Github provider.

Roles are not stored in the cookie (per https://github.com/bitly/oauth2_proxy/issues/174#issuecomment-1578273584) but in the case of a restart of the oauth2_proxy application, the roles are retrieved.

Additionally, metered updates of roles can be enabled with the cookie-refresh configuration to apply privilege changes to the current session.

[statik]

This feature enables using oauth2_proxy in front of Rundeck, and then roles in rundeck can be mapped from github team membership. Super handy! See https://github.com/rundeck/rundeck/pull/1883

[kfowlks]

This same functionality would also be useful for GitLab users. I believe the analogous to "Teams" in GitHub would be to use the "Groups" in GitLab

http://docs.gitlab.com/ee/api/groups.html#list-groups

[olvesh]

Looks like a useful feature. What is missing to get this merged? (apart from solving the conflicts..)

[therc]

I had opened feature request #386 but somehow managed to miss this until now. It would be nice to have the change merged, of course, but also have the parameter be a string, rather than a boolean, specifying the name of the header, for broader compatibility with upstreams.

[statik]

See issue #428

[vpm-bradleyhession]

bump. Any likelihood of a merge?

[vpm-bradleyhession]

@tpherndon

[hany]

Been looking for this for some time. Any chance this will get merged soon?

[gargrag]

Hi IT would be nice to have this feature, what's missing for merging?

[martin-loetzsch]

Fyi: there is an active discussion about forking this project here: #628