oauth filter: preserve existing auth header (#34470)

Allows to preserve the exsting authorization header in oauth2 filter Signed-off-by: Dennis Kniep <kniepdennis@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ 7fcc47414c9ebc3915616730612b0608031ea8e9
6 months ago · c5c5f8fc19
parent bf59f2d652
commit c5c5f8fc19
1 changed files with 7 additions and 1 deletions
--- a/envoy/extensions/filters/http/oauth2/v3/oauth.proto
+++ b/envoy/extensions/filters/http/oauth2/v3/oauth.proto
@ -74,7 +74,7 @@ message OAuth2Credentials {

 // OAuth config
 //
-// [#next-free-field: 16]
+// [#next-free-field: 17]
 message OAuth2Config {
  enum AuthType {
    // The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body.
@ -111,6 +111,12 @@ message OAuth2Config {
  // Forward the OAuth token as a Bearer to upstream web service.
  bool forward_bearer_token = 7;

+  // If set to true, preserve the existing authorization header.
+  // By default Envoy strips the existing authorization header before forwarding upstream.
+  // Can not be set to true if forward_bearer_token is already set to true.
+  // Default value is false.
+  bool preserve_authorization_header = 16;
+
  // Any request that matches any of the provided matchers will be passed through without OAuth validation.
  repeated config.route.v3.HeaderMatcher pass_through_matcher = 8;