OAuth2: add a nonce to the state parameter (#35919)

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ b6c24ab35f5227f3e524f3d77f3e2a8ff3e24a15
5 months ago · 6fc49e18e8
parent 63290ff348
commit 6fc49e18e8
1 changed files with 5 additions and 1 deletions
--- a/envoy/extensions/filters/http/oauth2/v3/oauth.proto
+++ b/envoy/extensions/filters/http/oauth2/v3/oauth.proto
@ -27,7 +27,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;

 // [#next-free-field: 6]
 message OAuth2Credentials {
-  // [#next-free-field: 6]
+  // [#next-free-field: 7]
  message CookieNames {
    // Cookie name to hold OAuth bearer token value. When the authentication server validates the
    // client and returns an authorization token back to the OAuth filter, no matter what format
@ -52,6 +52,10 @@ message OAuth2Credentials {
    // Cookie name to hold the refresh token. Defaults to ``RefreshToken``.
    string refresh_token = 5
        [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
+
+    // Cookie name to hold the nonce value. Defaults to ``OauthNonce``.
+    string oauth_nonce = 6
+        [(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
  }

  // The client_id to be used in the authorize calls. This value will be URL encoded when sent to the OAuth server.