Oauth2 lifetime of refresh token (#32278)

Signed-off-by: Alexcei <lex9.darovskoi@gmail.com> Co-authored-by: Kateryna Nezdolii <kateryna.nezdolii@docker.com> Mirrored from https://github.com/envoyproxy/envoy @ 21832d158c1447a3bb0af5c1ea58f63cfa56dc16
8 months ago · 2a8f86c009
parent d01a3ea0a5
commit 2a8f86c009
1 changed files with 8 additions and 1 deletions
--- a/envoy/extensions/filters/http/oauth2/v3/oauth.proto
+++ b/envoy/extensions/filters/http/oauth2/v3/oauth.proto
@ -74,7 +74,7 @@ message OAuth2Credentials {

 // OAuth config
 //
-// [#next-free-field: 15]
+// [#next-free-field: 16]
 message OAuth2Config {
  enum AuthType {
    // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body.
@ -142,6 +142,13 @@ message OAuth2Config {
  // Automatic access token refresh will be performed for these requests, if enabled.
  // This behavior can be useful for AJAX requests.
  repeated config.route.v3.HeaderMatcher deny_redirect_matcher = 14;
+
+  // The default lifetime in seconds of the refresh token, if the exp (expiration time) claim is omitted in the refresh token or the refresh token is not JWT.
+  //
+  // If this value is not set, it will default to ``604800s``. In this case, the cookie with the refresh token will be expired
+  // in a week.
+  // This setting is only considered if ``use_refresh_token`` is set to true, otherwise the authorization server expiration or ``defaul_expires_in`` is used.
+  google.protobuf.Duration default_refresh_token_expires_in = 15;
 }

 // Filter config.