From 158cad77b17a6f657348ffe9496f21475ca328ad Mon Sep 17 00:00:00 2001 From: "update-envoy[bot]" <135279899+update-envoy[bot]@users.noreply.github.com> Date: Wed, 3 Jan 2024 20:16:00 +0000 Subject: [PATCH] oauth2: Add default expiry for RFC compliance (#31499) Signed-off-by: Ryan Northey Mirrored from https://github.com/envoyproxy/envoy @ 3d67a3f940db59057a6f22db81fae8ecf2bcf5d3 --- envoy/extensions/filters/http/oauth2/v3/oauth.proto | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/envoy/extensions/filters/http/oauth2/v3/oauth.proto b/envoy/extensions/filters/http/oauth2/v3/oauth.proto index 8e0574af..666ebab5 100644 --- a/envoy/extensions/filters/http/oauth2/v3/oauth.proto +++ b/envoy/extensions/filters/http/oauth2/v3/oauth.proto @@ -7,6 +7,7 @@ import "envoy/config/route/v3/route_components.proto"; import "envoy/extensions/transport_sockets/tls/v3/secret.proto"; import "envoy/type/matcher/v3/path.proto"; +import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; import "udpa/annotations/status.proto"; @@ -73,7 +74,7 @@ message OAuth2Credentials { // OAuth config // -// [#next-free-field: 13] +// [#next-free-field: 14] message OAuth2Config { enum AuthType { // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body. @@ -130,6 +131,12 @@ message OAuth2Config { // `RFC 6749 section 6 `_), provided that the OAuth server supports that. // Default value is false. google.protobuf.BoolValue use_refresh_token = 12; + + // The default lifetime in seconds of the access token, if omitted by the authorization server. + // + // If this value is not set, it will default to ``0s``. In this case, the expiry must be set by + // the authorization server or the OAuth flow will fail. + google.protobuf.Duration default_expires_in = 13; } // Filter config.