From 2a8f86c0090112cf700e9ffae4577ca3ea9037eb Mon Sep 17 00:00:00 2001 From: "update-envoy[bot]" <135279899+update-envoy[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 18:09:42 +0000 Subject: [PATCH] Oauth2 lifetime of refresh token (#32278) Signed-off-by: Alexcei Co-authored-by: Kateryna Nezdolii Mirrored from https://github.com/envoyproxy/envoy @ 21832d158c1447a3bb0af5c1ea58f63cfa56dc16 --- envoy/extensions/filters/http/oauth2/v3/oauth.proto | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/envoy/extensions/filters/http/oauth2/v3/oauth.proto b/envoy/extensions/filters/http/oauth2/v3/oauth.proto index 48524521..aa5f70b2 100644 --- a/envoy/extensions/filters/http/oauth2/v3/oauth.proto +++ b/envoy/extensions/filters/http/oauth2/v3/oauth.proto @@ -74,7 +74,7 @@ message OAuth2Credentials { // OAuth config // -// [#next-free-field: 15] +// [#next-free-field: 16] message OAuth2Config { enum AuthType { // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body. @@ -142,6 +142,13 @@ message OAuth2Config { // Automatic access token refresh will be performed for these requests, if enabled. // This behavior can be useful for AJAX requests. repeated config.route.v3.HeaderMatcher deny_redirect_matcher = 14; + + // The default lifetime in seconds of the refresh token, if the exp (expiration time) claim is omitted in the refresh token or the refresh token is not JWT. + // + // If this value is not set, it will default to ``604800s``. In this case, the cookie with the refresh token will be expired + // in a week. + // This setting is only considered if ``use_refresh_token`` is set to true, otherwise the authorization server expiration or ``defaul_expires_in`` is used. + google.protobuf.Duration default_refresh_token_expires_in = 15; } // Filter config.