Pierce Lopez

It looks like `OAuthStartPath` could have the same problem as `SignInPath`

Looks good to me.

There will be no more merges or releases for this repository - see https://github.com/bitly/oauth2_proxy/issues/628#issuecomment-417121636 and read down to see discussion of a maintained fork. I've started my own fork, and...

The cookie is not refreshed until `-cookie-refresh` and it should re-check auth at that time. There is no way to invalidate the cookie separately/individually before it is refreshed or expired....

just btw, seems like the conclusion of #569 was that the gopkg.in redirect was fixed to work-around this issue

seems like this is needed (still? again?)

The test panic is: ``` --- FAIL: TestAuthOnlyEndpointSetXAuthRequestHeaders (0.00s) panic: runtime error: invalid memory address or nil pointer dereference [recovered] ... github.com/bitly/oauth2_proxy.NewOAuthProxy(0xc4201f9800, 0xc42021e070, 0xc42021e060) /home/travis/gopath/src/github.com/bitly/oauth2_proxy/oauthproxy.go:163 +0x590 github.com/bitly/oauth2_proxy.TestAuthOnlyEndpointSetXAuthRequestHeaders(0xc4201f66c0) /home/travis/gopath/src/github.com/bitly/oauth2_proxy/oauthproxy_test.go:628 +0x1fe ```...

fwiw, I don't think the more strict provider option is a bad idea, just unrelated :) (I would still have it default to google, but right now it accepts any...

Someone mentioned `auth_request`, someone mentioned XHR aka ajax requests. I think these are all separate issues from a possible google 3600 second thing. For `auth_request` (which I'm now trying to...

This works for me, for refreshing the cookie via `auth_request`: ```nginx location / { auth_request /oauth2/auth; error_page 401 = /oauth2/sign_in; auth_request_set $auth_cookie $upstream_http_set_cookie; proxy_pass http://apps; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto...