oauth2: Add default expiry for RFC compliance (#31499)

Signed-off-by: Ryan Northey <ryan@synca.io>

Mirrored from https://github.com/envoyproxy/envoy @ 3d67a3f940db59057a6f22db81fae8ecf2bcf5d3
main
update-envoy[bot] 11 months ago
parent 160e5af4c3
commit 158cad77b1
  1. 9
      envoy/extensions/filters/http/oauth2/v3/oauth.proto

@ -7,6 +7,7 @@ import "envoy/config/route/v3/route_components.proto";
import "envoy/extensions/transport_sockets/tls/v3/secret.proto"; import "envoy/extensions/transport_sockets/tls/v3/secret.proto";
import "envoy/type/matcher/v3/path.proto"; import "envoy/type/matcher/v3/path.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto"; import "google/protobuf/wrappers.proto";
import "udpa/annotations/status.proto"; import "udpa/annotations/status.proto";
@ -73,7 +74,7 @@ message OAuth2Credentials {
// OAuth config // OAuth config
// //
// [#next-free-field: 13] // [#next-free-field: 14]
message OAuth2Config { message OAuth2Config {
enum AuthType { enum AuthType {
// The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body. // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body.
@ -130,6 +131,12 @@ message OAuth2Config {
// `RFC 6749 section 6 <https://datatracker.ietf.org/doc/html/rfc6749#section-6>`_), provided that the OAuth server supports that. // `RFC 6749 section 6 <https://datatracker.ietf.org/doc/html/rfc6749#section-6>`_), provided that the OAuth server supports that.
// Default value is false. // Default value is false.
google.protobuf.BoolValue use_refresh_token = 12; google.protobuf.BoolValue use_refresh_token = 12;
// The default lifetime in seconds of the access token, if omitted by the authorization server.
//
// If this value is not set, it will default to ``0s``. In this case, the expiry must be set by
// the authorization server or the OAuth flow will fail.
google.protobuf.Duration default_expires_in = 13;
} }
// Filter config. // Filter config.

Loading…
Cancel
Save