envoyproxy/envoy

[OAUTH2] Forward ID Token and Refresh Token

Open

#15.489 geöffnet am 15. März 2021

Auf GitHub ansehen
 (7 Kommentare) (6 Reaktionen) (1 zugewiesene Person)C++ (5.373 Forks)batch import
area/oauthenhancementhelp wanted

Repository-Metriken

Stars
 (27.997 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 8T) (378 gemergte PRs in 30 T)

Beschreibung

Title: Allow oauth2 forwarding of refresh/id token

Description:

We are trying to use the oauth2 filter to manage an auth2 /oidc flow, but the current implementation can only forward the access token through the filter chain/to downstream and not other tokens potentially returned from the id provider (i.e. refresh token, id token).

I believe this would require an extension of https://github.com/envoyproxy/envoy/blob/23a97fbb237b51f10c19c8c228f74faf7ec65370/source/extensions/filters/http/oauth2/oauth_client.cc#L32

The desired behavior i think would be options of embedding more than just access token in the cookie - perhaps via an additional config to optionally determine which response keys from the /token endpoint should be embedded in the cookie and forwarded using forward_bearer_token: true

Contributor Guide