oauth filter: make IdToken and RefreshToken cookie names customizable (#24828)

Signed-off-by: Stefan Schönbächler <stefan@schonbachler.org> Mirrored from https://github.com/envoyproxy/envoy @ 4e6956f77ce9685237f9a523e0aa59ef5f171455
2 years ago · 39cfdcdc6f
parent 21982b8fd5
commit 39cfdcdc6f
1 changed files with 9 additions and 0 deletions
--- a/envoy/extensions/filters/http/oauth2/v3/oauth.proto
+++ b/envoy/extensions/filters/http/oauth2/v3/oauth.proto
@ -22,6 +22,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 //

 message OAuth2Credentials {
+  // [#next-free-field: 6]
  message CookieNames {
    // Cookie name to hold OAuth bearer token value. When the authentication server validates the
    // client and returns an authorization token back to the OAuth filter, no matter what format
@ -38,6 +39,14 @@ message OAuth2Credentials {
    // Cookie name to hold OAuth expiry value. Defaults to ``OauthExpires``.
    string oauth_expires = 3
        [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
+
+    // Cookie name to hold the id token. Defaults to ``IdToken``.
+    string id_token = 4
+        [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
+
+    // Cookie name to hold the refresh token. Defaults to ``RefreshToken``.
+    string refresh_token = 5
+        [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
  }

  // The client_id to be used in the authorize calls. This value will be URL encoded when sent to the OAuth server.