oauth: support authentication methods for client to oauth server requests (#22122)

Signed-off-by: Amila Senadheera <amila.15@cse.mrt.ac.lk> Mirrored from https://github.com/envoyproxy/envoy @ 817cfee4b1188d4e6ce57b2ab0964c317b36130f
3 years ago · 5bc91a43b1
parent dac4c7ddee
commit 5bc91a43b1
1 changed files with 14 additions and 1 deletions
--- a/envoy/extensions/filters/http/oauth2/v3/oauth.proto
+++ b/envoy/extensions/filters/http/oauth2/v3/oauth.proto
@ -62,8 +62,17 @@ message OAuth2Credentials {

 // OAuth config
 //
-// [#next-free-field: 11]
+// [#next-free-field: 12]
 message OAuth2Config {
+  enum AuthType {
+    // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body.
+    // This type should only be used when Auth server does not support Basic authentication.
+    URL_ENCODED_BODY = 0;
+
+    // The ``client_id`` and ``client_secret`` will be sent using HTTP Basic authentication scheme.
+    BASIC_AUTH = 1;
+  }
+
  // Endpoint on the authorization server to retrieve the access token from.
  config.core.v3.HttpUri token_endpoint = 1;

@ -101,6 +110,10 @@ message OAuth2Config {
  // Optional resource parameter for authorization request
  // RFC: https://tools.ietf.org/html/rfc8707
  repeated string resources = 10;
+
+  // Defines how ``client_id`` and ``client_secret`` are sent in OAuth client to OAuth server requests.
+  // RFC https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
+  AuthType auth_type = 11 [(validate.rules).enum = {defined_only: true}];
 }

 // Filter config.