oauth2v3

package
v1.36.11-2026041321000... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: unknown License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const OAuth2Credentials_HmacSecret_case case_OAuth2Credentials_TokenFormation = 3
View Source 
const OAuth2Credentials_TokenFormation_not_set_case case_OAuth2Credentials_TokenFormation = 0

Variables

View Source 
var (
	CookieConfig_SameSite_name = map[int32]string{
		0: "DISABLED",
		1: "STRICT",
		2: "LAX",
		3: "NONE",
	}
	CookieConfig_SameSite_value = map[string]int32{
		"DISABLED": 0,
		"STRICT":   1,
		"LAX":      2,
		"NONE":     3,
	}
)

Enum value maps for CookieConfig_SameSite.

View Source 
var (
	OAuth2Config_AuthType_name = map[int32]string{
		0: "URL_ENCODED_BODY",
		1: "BASIC_AUTH",
	}
	OAuth2Config_AuthType_value = map[string]int32{
		"URL_ENCODED_BODY": 0,
		"BASIC_AUTH":       1,
	}
)

Enum value maps for OAuth2Config_AuthType.

View Source 
var File_envoy_extensions_filters_http_oauth2_v3_oauth_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type CookieConfig 

type CookieConfig struct {

	// The value used for the SameSite cookie attribute.
	SameSite CookieConfig_SameSite `` /* 153-byte string literal not displayed */
	// The path attribute for the cookie.
	//
	// This controls the scope of the cookie and is useful for path-based routing scenarios
	// where different logical boundaries or applications may operate with different OAuth2 clients.
	// The CSRF cookie (nonce cookie) can be configured with a different path than session cookies
	// to support flows where the callback URL is on a different path.
	//
	// If not specified, defaults to “/“.
	Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"`
	// If true, the “Partitioned“ attribute will be set on the cookie.
	//
	// Modern browsers (Firefox, Chrome with third-party cookie deprecation) warn or block
	// "foreign" cookies unless they carry the “Partitioned“ attribute alongside “SameSite=None; Secure“.
	// When Envoy is used in a gateway/IdP flow that sets OAuth/OIDC cookies for a parent domain
	// (e.g., “Domain=.example.com“) while running on a different host, those cookies are
	// considered third-party and will be rejected without “Partitioned“.
	//
	// See `CHIPS <https://developers.google.com/privacy-sandbox/3pcd/chips>`_ for more information.
	//
	// Default is false.
	Partitioned bool `protobuf:"varint,3,opt,name=partitioned,proto3" json:"partitioned,omitempty"`
	// contains filtered or unexported fields
}

OAuth cookie configuration attributes.

func (*CookieConfig) GetPartitioned 

func (x *CookieConfig) GetPartitioned() bool

func (*CookieConfig) GetPath 

func (x *CookieConfig) GetPath() string

func (*CookieConfig) GetSameSite 

func (x *CookieConfig) GetSameSite() CookieConfig_SameSite

func (*CookieConfig) ProtoMessage 

func (*CookieConfig) ProtoMessage()

func (*CookieConfig) ProtoReflect 

func (x *CookieConfig) ProtoReflect() protoreflect.Message

func (*CookieConfig) Reset 

func (x *CookieConfig) Reset()

func (*CookieConfig) SetPartitioned 

func (x *CookieConfig) SetPartitioned(v bool)

func (*CookieConfig) SetPath 

func (x *CookieConfig) SetPath(v string)

func (*CookieConfig) SetSameSite 

func (x *CookieConfig) SetSameSite(v CookieConfig_SameSite)

func (*CookieConfig) String 

func (x *CookieConfig) String() string

type CookieConfig_SameSite 

type CookieConfig_SameSite int32
const (
	CookieConfig_DISABLED CookieConfig_SameSite = 0
	CookieConfig_STRICT   CookieConfig_SameSite = 1
	CookieConfig_LAX      CookieConfig_SameSite = 2
	CookieConfig_NONE     CookieConfig_SameSite = 3
)

func (CookieConfig_SameSite) Descriptor 

func (CookieConfig_SameSite) Descriptor() protoreflect.EnumDescriptor

func (CookieConfig_SameSite) Enum 

func (x CookieConfig_SameSite) Enum() *CookieConfig_SameSite

func (CookieConfig_SameSite) Number 

func (x CookieConfig_SameSite) Number() protoreflect.EnumNumber

func (CookieConfig_SameSite) String 

func (x CookieConfig_SameSite) String() string

func (CookieConfig_SameSite) Type 

func (CookieConfig_SameSite) Type() protoreflect.EnumType

type CookieConfig_builder 

type CookieConfig_builder struct {

	// The value used for the SameSite cookie attribute.
	SameSite CookieConfig_SameSite
	// The path attribute for the cookie.
	//
	// This controls the scope of the cookie and is useful for path-based routing scenarios
	// where different logical boundaries or applications may operate with different OAuth2 clients.
	// The CSRF cookie (nonce cookie) can be configured with a different path than session cookies
	// to support flows where the callback URL is on a different path.
	//
	// If not specified, defaults to “/“.
	Path string
	// If true, the “Partitioned“ attribute will be set on the cookie.
	//
	// Modern browsers (Firefox, Chrome with third-party cookie deprecation) warn or block
	// "foreign" cookies unless they carry the “Partitioned“ attribute alongside “SameSite=None; Secure“.
	// When Envoy is used in a gateway/IdP flow that sets OAuth/OIDC cookies for a parent domain
	// (e.g., “Domain=.example.com“) while running on a different host, those cookies are
	// considered third-party and will be rejected without “Partitioned“.
	//
	// See `CHIPS <https://developers.google.com/privacy-sandbox/3pcd/chips>`_ for more information.
	//
	// Default is false.
	Partitioned bool
	// contains filtered or unexported fields
}

func (CookieConfig_builder) Build 

func (b0 CookieConfig_builder) Build() *CookieConfig

type CookieConfigs 

type CookieConfigs struct {

	// Configuration for the bearer token cookie.
	BearerTokenCookieConfig *CookieConfig `` /* 134-byte string literal not displayed */
	// Configuration for the OAuth HMAC cookie.
	OauthHmacCookieConfig *CookieConfig `` /* 128-byte string literal not displayed */
	// Configuration for the OAuth expires cookie.
	OauthExpiresCookieConfig *CookieConfig `` /* 137-byte string literal not displayed */
	// Configuration for the ID token cookie.
	IdTokenCookieConfig *CookieConfig `protobuf:"bytes,4,opt,name=id_token_cookie_config,json=idTokenCookieConfig,proto3" json:"id_token_cookie_config,omitempty"`
	// Configuration for the refresh token cookie.
	RefreshTokenCookieConfig *CookieConfig `` /* 137-byte string literal not displayed */
	// Configuration for the OAuth nonce cookie.
	OauthNonceCookieConfig *CookieConfig `` /* 131-byte string literal not displayed */
	// Configuration for the code verifier cookie.
	CodeVerifierCookieConfig *CookieConfig `` /* 137-byte string literal not displayed */
	// contains filtered or unexported fields
}

[#next-free-field: 8]

func (*CookieConfigs) ClearBearerTokenCookieConfig 

func (x *CookieConfigs) ClearBearerTokenCookieConfig()

func (*CookieConfigs) ClearCodeVerifierCookieConfig 

func (x *CookieConfigs) ClearCodeVerifierCookieConfig()

func (*CookieConfigs) ClearIdTokenCookieConfig 

func (x *CookieConfigs) ClearIdTokenCookieConfig()

func (*CookieConfigs) ClearOauthExpiresCookieConfig 

func (x *CookieConfigs) ClearOauthExpiresCookieConfig()

func (*CookieConfigs) ClearOauthHmacCookieConfig 

func (x *CookieConfigs) ClearOauthHmacCookieConfig()

func (*CookieConfigs) ClearOauthNonceCookieConfig 

func (x *CookieConfigs) ClearOauthNonceCookieConfig()

func (*CookieConfigs) ClearRefreshTokenCookieConfig 

func (x *CookieConfigs) ClearRefreshTokenCookieConfig()

func (*CookieConfigs) GetBearerTokenCookieConfig 

func (x *CookieConfigs) GetBearerTokenCookieConfig() *CookieConfig

func (*CookieConfigs) GetCodeVerifierCookieConfig 

func (x *CookieConfigs) GetCodeVerifierCookieConfig() *CookieConfig

func (*CookieConfigs) GetIdTokenCookieConfig 

func (x *CookieConfigs) GetIdTokenCookieConfig() *CookieConfig

func (*CookieConfigs) GetOauthExpiresCookieConfig 

func (x *CookieConfigs) GetOauthExpiresCookieConfig() *CookieConfig

func (*CookieConfigs) GetOauthHmacCookieConfig 

func (x *CookieConfigs) GetOauthHmacCookieConfig() *CookieConfig

func (*CookieConfigs) GetOauthNonceCookieConfig 

func (x *CookieConfigs) GetOauthNonceCookieConfig() *CookieConfig

func (*CookieConfigs) GetRefreshTokenCookieConfig 

func (x *CookieConfigs) GetRefreshTokenCookieConfig() *CookieConfig

func (*CookieConfigs) HasBearerTokenCookieConfig 

func (x *CookieConfigs) HasBearerTokenCookieConfig() bool

func (*CookieConfigs) HasCodeVerifierCookieConfig 

func (x *CookieConfigs) HasCodeVerifierCookieConfig() bool

func (*CookieConfigs) HasIdTokenCookieConfig 

func (x *CookieConfigs) HasIdTokenCookieConfig() bool

func (*CookieConfigs) HasOauthExpiresCookieConfig 

func (x *CookieConfigs) HasOauthExpiresCookieConfig() bool

func (*CookieConfigs) HasOauthHmacCookieConfig 

func (x *CookieConfigs) HasOauthHmacCookieConfig() bool

func (*CookieConfigs) HasOauthNonceCookieConfig 

func (x *CookieConfigs) HasOauthNonceCookieConfig() bool

func (*CookieConfigs) HasRefreshTokenCookieConfig 

func (x *CookieConfigs) HasRefreshTokenCookieConfig() bool

func (*CookieConfigs) ProtoMessage 

func (*CookieConfigs) ProtoMessage()

func (*CookieConfigs) ProtoReflect 

func (x *CookieConfigs) ProtoReflect() protoreflect.Message

func (*CookieConfigs) Reset 

func (x *CookieConfigs) Reset()

func (*CookieConfigs) SetBearerTokenCookieConfig 

func (x *CookieConfigs) SetBearerTokenCookieConfig(v *CookieConfig)

func (*CookieConfigs) SetCodeVerifierCookieConfig 

func (x *CookieConfigs) SetCodeVerifierCookieConfig(v *CookieConfig)

func (*CookieConfigs) SetIdTokenCookieConfig 

func (x *CookieConfigs) SetIdTokenCookieConfig(v *CookieConfig)

func (*CookieConfigs) SetOauthExpiresCookieConfig 

func (x *CookieConfigs) SetOauthExpiresCookieConfig(v *CookieConfig)

func (*CookieConfigs) SetOauthHmacCookieConfig 

func (x *CookieConfigs) SetOauthHmacCookieConfig(v *CookieConfig)

func (*CookieConfigs) SetOauthNonceCookieConfig 

func (x *CookieConfigs) SetOauthNonceCookieConfig(v *CookieConfig)

func (*CookieConfigs) SetRefreshTokenCookieConfig 

func (x *CookieConfigs) SetRefreshTokenCookieConfig(v *CookieConfig)

func (*CookieConfigs) String 

func (x *CookieConfigs) String() string

type CookieConfigs_builder 

type CookieConfigs_builder struct {

	// Configuration for the bearer token cookie.
	BearerTokenCookieConfig *CookieConfig
	// Configuration for the OAuth HMAC cookie.
	OauthHmacCookieConfig *CookieConfig
	// Configuration for the OAuth expires cookie.
	OauthExpiresCookieConfig *CookieConfig
	// Configuration for the ID token cookie.
	IdTokenCookieConfig *CookieConfig
	// Configuration for the refresh token cookie.
	RefreshTokenCookieConfig *CookieConfig
	// Configuration for the OAuth nonce cookie.
	OauthNonceCookieConfig *CookieConfig
	// Configuration for the code verifier cookie.
	CodeVerifierCookieConfig *CookieConfig
	// contains filtered or unexported fields
}

func (CookieConfigs_builder) Build 

func (b0 CookieConfigs_builder) Build() *CookieConfigs

type OAuth2 

type OAuth2 struct {

	// Leave this empty to disable OAuth2 for a specific route, using per filter config.
	Config *OAuth2Config `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
	// contains filtered or unexported fields
}

Filter config.

func (*OAuth2) ClearConfig 

func (x *OAuth2) ClearConfig()

func (*OAuth2) GetConfig 

func (x *OAuth2) GetConfig() *OAuth2Config

func (*OAuth2) HasConfig 

func (x *OAuth2) HasConfig() bool

func (*OAuth2) ProtoMessage 

func (*OAuth2) ProtoMessage()

func (*OAuth2) ProtoReflect 

func (x *OAuth2) ProtoReflect() protoreflect.Message

func (*OAuth2) Reset 

func (x *OAuth2) Reset()

func (*OAuth2) SetConfig 

func (x *OAuth2) SetConfig(v *OAuth2Config)

func (*OAuth2) String 

func (x *OAuth2) String() string

type OAuth2Config 

type OAuth2Config struct {

	// Endpoint on the authorization server to retrieve the access token from.
	TokenEndpoint *v31.HttpUri `protobuf:"bytes,1,opt,name=token_endpoint,json=tokenEndpoint,proto3" json:"token_endpoint,omitempty"`
	// Specifies the retry policy for requests to the OAuth server. If not specified, then no retries will be performed.
	RetryPolicy *v31.RetryPolicy `protobuf:"bytes,18,opt,name=retry_policy,json=retryPolicy,proto3" json:"retry_policy,omitempty"`
	// The endpoint redirect to for authorization in response to unauthorized requests.
	AuthorizationEndpoint string `protobuf:"bytes,2,opt,name=authorization_endpoint,json=authorizationEndpoint,proto3" json:"authorization_endpoint,omitempty"`
	// The endpoint at the authorization server to request the user be logged out of the Authorization server.
	// This field is optional and should be set only if openid is in the auth_scopes and the authorization server
	// supports the OpenID Connect RP-Initiated Logout specification.
	// For more information, see https://openid.net/specs/openid-connect-rpinitiated-1_0.html
	//
	// If configured, the OAuth2 filter will redirect users to this endpoint when they access the signout_path.
	EndSessionEndpoint string `protobuf:"bytes,23,opt,name=end_session_endpoint,json=endSessionEndpoint,proto3" json:"end_session_endpoint,omitempty"`
	// Credentials used for OAuth.
	Credentials *OAuth2Credentials `protobuf:"bytes,3,opt,name=credentials,proto3" json:"credentials,omitempty"`
	// The redirect URI passed to the authorization endpoint. Supports header formatting
	// tokens. For more information, including details on header value syntax, see the
	// documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
	//
	// This URI should not contain any query parameters.
	RedirectUri string `protobuf:"bytes,4,opt,name=redirect_uri,json=redirectUri,proto3" json:"redirect_uri,omitempty"`
	// Matching criteria used to determine whether a path appears to be the result of a redirect from the authorization server.
	RedirectPathMatcher *v32.PathMatcher `protobuf:"bytes,5,opt,name=redirect_path_matcher,json=redirectPathMatcher,proto3" json:"redirect_path_matcher,omitempty"`
	// The path to sign a user out, clearing their credential cookies.
	SignoutPath *v32.PathMatcher `protobuf:"bytes,6,opt,name=signout_path,json=signoutPath,proto3" json:"signout_path,omitempty"`
	// Forward the OAuth token as a Bearer to upstream web service.
	ForwardBearerToken bool `protobuf:"varint,7,opt,name=forward_bearer_token,json=forwardBearerToken,proto3" json:"forward_bearer_token,omitempty"`
	// If set to true, preserve the existing authorization header.
	// By default the client strips the existing authorization header before forwarding upstream.
	// Can not be set to true if forward_bearer_token is already set to true.
	// Default value is false.
	PreserveAuthorizationHeader bool `` /* 146-byte string literal not displayed */
	// Any request that matches any of the provided matchers will be passed through without OAuth validation.
	PassThroughMatcher []*v33.HeaderMatcher `protobuf:"bytes,8,rep,name=pass_through_matcher,json=passThroughMatcher,proto3" json:"pass_through_matcher,omitempty"`
	// Optional list of OAuth scopes to be claimed in the authorization request. If not specified,
	// defaults to "user" scope.
	// OAuth RFC https://tools.ietf.org/html/rfc6749#section-3.3
	AuthScopes []string `protobuf:"bytes,9,rep,name=auth_scopes,json=authScopes,proto3" json:"auth_scopes,omitempty"`
	// Optional resource parameter for authorization request
	// RFC: https://tools.ietf.org/html/rfc8707
	Resources []string `protobuf:"bytes,10,rep,name=resources,proto3" json:"resources,omitempty"`
	// Defines how “client_id“ and “client_secret“ are sent in OAuth client to OAuth server requests.
	// RFC https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
	AuthType OAuth2Config_AuthType `` /* 154-byte string literal not displayed */
	// If set to true, allows automatic access token refresh using the associated refresh token (see
	// `RFC 6749 section 6 <https://datatracker.ietf.org/doc/html/rfc6749#section-6>`_), provided that the OAuth server supports that.
	// Default value is true.
	UseRefreshToken *wrapperspb.BoolValue `protobuf:"bytes,12,opt,name=use_refresh_token,json=useRefreshToken,proto3" json:"use_refresh_token,omitempty"`
	// The default lifetime in seconds of the access token, if omitted by the authorization server.
	//
	// If this value is not set, it will default to “0s“. In this case, the expiry must be set by
	// the authorization server or the OAuth flow will fail.
	DefaultExpiresIn *durationpb.Duration `protobuf:"bytes,13,opt,name=default_expires_in,json=defaultExpiresIn,proto3" json:"default_expires_in,omitempty"`
	// Any request that matches any of the provided matchers won't be redirected to OAuth server when tokens are not valid.
	// Automatic access token refresh will be performed for these requests, if enabled.
	// This behavior can be useful for AJAX requests.
	DenyRedirectMatcher []*v33.HeaderMatcher `protobuf:"bytes,14,rep,name=deny_redirect_matcher,json=denyRedirectMatcher,proto3" json:"deny_redirect_matcher,omitempty"`
	// The default lifetime in seconds of the refresh token, if the exp (expiration time) claim is omitted in the refresh token or the refresh token is not JWT.
	//
	// If this value is not set, it will default to “604800s“. In this case, the cookie with the refresh token will be expired
	// in a week.
	// This setting is only considered if “use_refresh_token“ is set to true, otherwise the authorization server expiration or “default_expires_in“ is used.
	DefaultRefreshTokenExpiresIn *durationpb.Duration `` /* 152-byte string literal not displayed */
	// If set to true, the client will not set a cookie for ID Token even if one is received from the Identity Provider. This may be useful in cases where the ID
	// Token is too large for HTTP cookies (longer than 4096 characters). Enabling this option will only disable setting the cookie response header, the filter
	// will still process incoming ID Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
	// sessions would not set the IdToken cookie header.
	DisableIdTokenSetCookie bool `` /* 138-byte string literal not displayed */
	// If set to true, the client will not set a cookie for Access Token even if one is received from the Identity Provider.
	// Enabling this option will only disable setting the cookie response header, the filter
	// will still process incoming Access Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
	// sessions would not set the Access Token cookie header.
	DisableAccessTokenSetCookie bool `` /* 150-byte string literal not displayed */
	// If set to true, the client will not set a cookie for Refresh Token even if one is received from the Identity Provider.
	// Enabling this option will only disable setting the cookie response header, the filter
	// will still process incoming Refresh Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
	// sessions would not set the Refresh Token cookie header.
	DisableRefreshTokenSetCookie bool `` /* 153-byte string literal not displayed */
	// Controls for attributes that can be set on the cookies.
	CookieConfigs *CookieConfigs `protobuf:"bytes,21,opt,name=cookie_configs,json=cookieConfigs,proto3" json:"cookie_configs,omitempty"`
	// Optional additional prefix to use when emitting statistics.
	StatPrefix string `protobuf:"bytes,22,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"`
	// Optional expiration time for the CSRF protection token cookie.
	// The CSRF token prevents cross-site request forgery attacks during the OAuth2 flow.
	// If not specified, defaults to “600s“ (10 minutes), which should provide sufficient time
	// for users to complete the OAuth2 authorization flow.
	CsrfTokenExpiresIn *durationpb.Duration `protobuf:"bytes,24,opt,name=csrf_token_expires_in,json=csrfTokenExpiresIn,proto3" json:"csrf_token_expires_in,omitempty"`
	// Optional expiration time for the code verifier cookie.
	// The code verifier is stored in a secure, HTTP-only cookie during the OAuth2 authorization process.
	// If not specified, defaults to “600s“ (10 minutes), which should provide sufficient time
	// for users to complete the OAuth2 authorization flow.
	CodeVerifierTokenExpiresIn *durationpb.Duration `` /* 146-byte string literal not displayed */
	// Disable token encryption. When set to true, both the access token and the ID token will be stored in plain text.
	// This option should only be used in secure environments where token encryption is not required.
	// Default is false (tokens are encrypted).
	DisableTokenEncryption bool `` /* 131-byte string literal not displayed */
	// contains filtered or unexported fields
}

OAuth config

[#next-free-field: 27]

func (*OAuth2Config) ClearCodeVerifierTokenExpiresIn 

func (x *OAuth2Config) ClearCodeVerifierTokenExpiresIn()

func (*OAuth2Config) ClearCookieConfigs 

func (x *OAuth2Config) ClearCookieConfigs()

func (*OAuth2Config) ClearCredentials 

func (x *OAuth2Config) ClearCredentials()

func (*OAuth2Config) ClearCsrfTokenExpiresIn 

func (x *OAuth2Config) ClearCsrfTokenExpiresIn()

func (*OAuth2Config) ClearDefaultExpiresIn 

func (x *OAuth2Config) ClearDefaultExpiresIn()

func (*OAuth2Config) ClearDefaultRefreshTokenExpiresIn 

func (x *OAuth2Config) ClearDefaultRefreshTokenExpiresIn()

func (*OAuth2Config) ClearRedirectPathMatcher 

func (x *OAuth2Config) ClearRedirectPathMatcher()

func (*OAuth2Config) ClearRetryPolicy 

func (x *OAuth2Config) ClearRetryPolicy()

func (*OAuth2Config) ClearSignoutPath 

func (x *OAuth2Config) ClearSignoutPath()

func (*OAuth2Config) ClearTokenEndpoint 

func (x *OAuth2Config) ClearTokenEndpoint()

func (*OAuth2Config) ClearUseRefreshToken 

func (x *OAuth2Config) ClearUseRefreshToken()

func (*OAuth2Config) GetAuthScopes 

func (x *OAuth2Config) GetAuthScopes() []string

func (*OAuth2Config) GetAuthType 

func (x *OAuth2Config) GetAuthType() OAuth2Config_AuthType

func (*OAuth2Config) GetAuthorizationEndpoint 

func (x *OAuth2Config) GetAuthorizationEndpoint() string

func (*OAuth2Config) GetCodeVerifierTokenExpiresIn 

func (x *OAuth2Config) GetCodeVerifierTokenExpiresIn() *durationpb.Duration

func (*OAuth2Config) GetCookieConfigs 

func (x *OAuth2Config) GetCookieConfigs() *CookieConfigs

func (*OAuth2Config) GetCredentials 

func (x *OAuth2Config) GetCredentials() *OAuth2Credentials

func (*OAuth2Config) GetCsrfTokenExpiresIn 

func (x *OAuth2Config) GetCsrfTokenExpiresIn() *durationpb.Duration

func (*OAuth2Config) GetDefaultExpiresIn 

func (x *OAuth2Config) GetDefaultExpiresIn() *durationpb.Duration

func (*OAuth2Config) GetDefaultRefreshTokenExpiresIn 

func (x *OAuth2Config) GetDefaultRefreshTokenExpiresIn() *durationpb.Duration

func (*OAuth2Config) GetDenyRedirectMatcher 

func (x *OAuth2Config) GetDenyRedirectMatcher() []*v33.HeaderMatcher

func (*OAuth2Config) GetDisableAccessTokenSetCookie 

func (x *OAuth2Config) GetDisableAccessTokenSetCookie() bool

func (*OAuth2Config) GetDisableIdTokenSetCookie 

func (x *OAuth2Config) GetDisableIdTokenSetCookie() bool

func (*OAuth2Config) GetDisableRefreshTokenSetCookie 

func (x *OAuth2Config) GetDisableRefreshTokenSetCookie() bool

func (*OAuth2Config) GetDisableTokenEncryption 

func (x *OAuth2Config) GetDisableTokenEncryption() bool

func (*OAuth2Config) GetEndSessionEndpoint 

func (x *OAuth2Config) GetEndSessionEndpoint() string

func (*OAuth2Config) GetForwardBearerToken 

func (x *OAuth2Config) GetForwardBearerToken() bool

func (*OAuth2Config) GetPassThroughMatcher 

func (x *OAuth2Config) GetPassThroughMatcher() []*v33.HeaderMatcher

func (*OAuth2Config) GetPreserveAuthorizationHeader 

func (x *OAuth2Config) GetPreserveAuthorizationHeader() bool

func (*OAuth2Config) GetRedirectPathMatcher 

func (x *OAuth2Config) GetRedirectPathMatcher() *v32.PathMatcher

func (*OAuth2Config) GetRedirectUri 

func (x *OAuth2Config) GetRedirectUri() string

func (*OAuth2Config) GetResources 

func (x *OAuth2Config) GetResources() []string

func (*OAuth2Config) GetRetryPolicy 

func (x *OAuth2Config) GetRetryPolicy() *v31.RetryPolicy

func (*OAuth2Config) GetSignoutPath 

func (x *OAuth2Config) GetSignoutPath() *v32.PathMatcher

func (*OAuth2Config) GetStatPrefix 

func (x *OAuth2Config) GetStatPrefix() string

func (*OAuth2Config) GetTokenEndpoint 

func (x *OAuth2Config) GetTokenEndpoint() *v31.HttpUri

func (*OAuth2Config) GetUseRefreshToken 

func (x *OAuth2Config) GetUseRefreshToken() *wrapperspb.BoolValue

func (*OAuth2Config) HasCodeVerifierTokenExpiresIn 

func (x *OAuth2Config) HasCodeVerifierTokenExpiresIn() bool

func (*OAuth2Config) HasCookieConfigs 

func (x *OAuth2Config) HasCookieConfigs() bool

func (*OAuth2Config) HasCredentials 

func (x *OAuth2Config) HasCredentials() bool

func (*OAuth2Config) HasCsrfTokenExpiresIn 

func (x *OAuth2Config) HasCsrfTokenExpiresIn() bool

func (*OAuth2Config) HasDefaultExpiresIn 

func (x *OAuth2Config) HasDefaultExpiresIn() bool

func (*OAuth2Config) HasDefaultRefreshTokenExpiresIn 

func (x *OAuth2Config) HasDefaultRefreshTokenExpiresIn() bool

func (*OAuth2Config) HasRedirectPathMatcher 

func (x *OAuth2Config) HasRedirectPathMatcher() bool

func (*OAuth2Config) HasRetryPolicy 

func (x *OAuth2Config) HasRetryPolicy() bool

func (*OAuth2Config) HasSignoutPath 

func (x *OAuth2Config) HasSignoutPath() bool

func (*OAuth2Config) HasTokenEndpoint 

func (x *OAuth2Config) HasTokenEndpoint() bool

func (*OAuth2Config) HasUseRefreshToken 

func (x *OAuth2Config) HasUseRefreshToken() bool

func (*OAuth2Config) ProtoMessage 

func (*OAuth2Config) ProtoMessage()

func (*OAuth2Config) ProtoReflect 

func (x *OAuth2Config) ProtoReflect() protoreflect.Message

func (*OAuth2Config) Reset 

func (x *OAuth2Config) Reset()

func (*OAuth2Config) SetAuthScopes 

func (x *OAuth2Config) SetAuthScopes(v []string)

func (*OAuth2Config) SetAuthType 

func (x *OAuth2Config) SetAuthType(v OAuth2Config_AuthType)

func (*OAuth2Config) SetAuthorizationEndpoint 

func (x *OAuth2Config) SetAuthorizationEndpoint(v string)

func (*OAuth2Config) SetCodeVerifierTokenExpiresIn 

func (x *OAuth2Config) SetCodeVerifierTokenExpiresIn(v *durationpb.Duration)

func (*OAuth2Config) SetCookieConfigs 

func (x *OAuth2Config) SetCookieConfigs(v *CookieConfigs)

func (*OAuth2Config) SetCredentials 

func (x *OAuth2Config) SetCredentials(v *OAuth2Credentials)

func (*OAuth2Config) SetCsrfTokenExpiresIn 

func (x *OAuth2Config) SetCsrfTokenExpiresIn(v *durationpb.Duration)

func (*OAuth2Config) SetDefaultExpiresIn 

func (x *OAuth2Config) SetDefaultExpiresIn(v *durationpb.Duration)

func (*OAuth2Config) SetDefaultRefreshTokenExpiresIn 

func (x *OAuth2Config) SetDefaultRefreshTokenExpiresIn(v *durationpb.Duration)

func (*OAuth2Config) SetDenyRedirectMatcher 

func (x *OAuth2Config) SetDenyRedirectMatcher(v []*v33.HeaderMatcher)

func (*OAuth2Config) SetDisableAccessTokenSetCookie 

func (x *OAuth2Config) SetDisableAccessTokenSetCookie(v bool)

func (*OAuth2Config) SetDisableIdTokenSetCookie 

func (x *OAuth2Config) SetDisableIdTokenSetCookie(v bool)

func (*OAuth2Config) SetDisableRefreshTokenSetCookie 

func (x *OAuth2Config) SetDisableRefreshTokenSetCookie(v bool)

func (*OAuth2Config) SetDisableTokenEncryption 

func (x *OAuth2Config) SetDisableTokenEncryption(v bool)

func (*OAuth2Config) SetEndSessionEndpoint 

func (x *OAuth2Config) SetEndSessionEndpoint(v string)

func (*OAuth2Config) SetForwardBearerToken 

func (x *OAuth2Config) SetForwardBearerToken(v bool)

func (*OAuth2Config) SetPassThroughMatcher 

func (x *OAuth2Config) SetPassThroughMatcher(v []*v33.HeaderMatcher)

func (*OAuth2Config) SetPreserveAuthorizationHeader 

func (x *OAuth2Config) SetPreserveAuthorizationHeader(v bool)

func (*OAuth2Config) SetRedirectPathMatcher 

func (x *OAuth2Config) SetRedirectPathMatcher(v *v32.PathMatcher)

func (*OAuth2Config) SetRedirectUri 

func (x *OAuth2Config) SetRedirectUri(v string)

func (*OAuth2Config) SetResources 

func (x *OAuth2Config) SetResources(v []string)

func (*OAuth2Config) SetRetryPolicy 

func (x *OAuth2Config) SetRetryPolicy(v *v31.RetryPolicy)

func (*OAuth2Config) SetSignoutPath 

func (x *OAuth2Config) SetSignoutPath(v *v32.PathMatcher)

func (*OAuth2Config) SetStatPrefix 

func (x *OAuth2Config) SetStatPrefix(v string)

func (*OAuth2Config) SetTokenEndpoint 

func (x *OAuth2Config) SetTokenEndpoint(v *v31.HttpUri)

func (*OAuth2Config) SetUseRefreshToken 

func (x *OAuth2Config) SetUseRefreshToken(v *wrapperspb.BoolValue)

func (*OAuth2Config) String 

func (x *OAuth2Config) String() string

type OAuth2Config_AuthType 

type OAuth2Config_AuthType int32
const (
	// The “client_id“ and “client_secret“ will be sent in the URL encoded request body.
	// This type should only be used when Auth server does not support Basic authentication.
	OAuth2Config_URL_ENCODED_BODY OAuth2Config_AuthType = 0
	// The “client_id“ and “client_secret“ will be sent using HTTP Basic authentication scheme.
	OAuth2Config_BASIC_AUTH OAuth2Config_AuthType = 1
)

func (OAuth2Config_AuthType) Descriptor 

func (OAuth2Config_AuthType) Descriptor() protoreflect.EnumDescriptor

func (OAuth2Config_AuthType) Enum 

func (x OAuth2Config_AuthType) Enum() *OAuth2Config_AuthType

func (OAuth2Config_AuthType) Number 

func (x OAuth2Config_AuthType) Number() protoreflect.EnumNumber

func (OAuth2Config_AuthType) String 

func (x OAuth2Config_AuthType) String() string

func (OAuth2Config_AuthType) Type 

func (OAuth2Config_AuthType) Type() protoreflect.EnumType

type OAuth2Config_builder 

type OAuth2Config_builder struct {

	// Endpoint on the authorization server to retrieve the access token from.
	TokenEndpoint *v31.HttpUri
	// Specifies the retry policy for requests to the OAuth server. If not specified, then no retries will be performed.
	RetryPolicy *v31.RetryPolicy
	// The endpoint redirect to for authorization in response to unauthorized requests.
	AuthorizationEndpoint string
	// The endpoint at the authorization server to request the user be logged out of the Authorization server.
	// This field is optional and should be set only if openid is in the auth_scopes and the authorization server
	// supports the OpenID Connect RP-Initiated Logout specification.
	// For more information, see https://openid.net/specs/openid-connect-rpinitiated-1_0.html
	//
	// If configured, the OAuth2 filter will redirect users to this endpoint when they access the signout_path.
	EndSessionEndpoint string
	// Credentials used for OAuth.
	Credentials *OAuth2Credentials
	// The redirect URI passed to the authorization endpoint. Supports header formatting
	// tokens. For more information, including details on header value syntax, see the
	// documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.
	//
	// This URI should not contain any query parameters.
	RedirectUri string
	// Matching criteria used to determine whether a path appears to be the result of a redirect from the authorization server.
	RedirectPathMatcher *v32.PathMatcher
	// The path to sign a user out, clearing their credential cookies.
	SignoutPath *v32.PathMatcher
	// Forward the OAuth token as a Bearer to upstream web service.
	ForwardBearerToken bool
	// If set to true, preserve the existing authorization header.
	// By default the client strips the existing authorization header before forwarding upstream.
	// Can not be set to true if forward_bearer_token is already set to true.
	// Default value is false.
	PreserveAuthorizationHeader bool
	// Any request that matches any of the provided matchers will be passed through without OAuth validation.
	PassThroughMatcher []*v33.HeaderMatcher
	// Optional list of OAuth scopes to be claimed in the authorization request. If not specified,
	// defaults to "user" scope.
	// OAuth RFC https://tools.ietf.org/html/rfc6749#section-3.3
	AuthScopes []string
	// Optional resource parameter for authorization request
	// RFC: https://tools.ietf.org/html/rfc8707
	Resources []string
	// Defines how “client_id“ and “client_secret“ are sent in OAuth client to OAuth server requests.
	// RFC https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
	AuthType OAuth2Config_AuthType
	// If set to true, allows automatic access token refresh using the associated refresh token (see
	// `RFC 6749 section 6 <https://datatracker.ietf.org/doc/html/rfc6749#section-6>`_), provided that the OAuth server supports that.
	// Default value is true.
	UseRefreshToken *wrapperspb.BoolValue
	// The default lifetime in seconds of the access token, if omitted by the authorization server.
	//
	// If this value is not set, it will default to “0s“. In this case, the expiry must be set by
	// the authorization server or the OAuth flow will fail.
	DefaultExpiresIn *durationpb.Duration
	// Any request that matches any of the provided matchers won't be redirected to OAuth server when tokens are not valid.
	// Automatic access token refresh will be performed for these requests, if enabled.
	// This behavior can be useful for AJAX requests.
	DenyRedirectMatcher []*v33.HeaderMatcher
	// The default lifetime in seconds of the refresh token, if the exp (expiration time) claim is omitted in the refresh token or the refresh token is not JWT.
	//
	// If this value is not set, it will default to “604800s“. In this case, the cookie with the refresh token will be expired
	// in a week.
	// This setting is only considered if “use_refresh_token“ is set to true, otherwise the authorization server expiration or “default_expires_in“ is used.
	DefaultRefreshTokenExpiresIn *durationpb.Duration
	// If set to true, the client will not set a cookie for ID Token even if one is received from the Identity Provider. This may be useful in cases where the ID
	// Token is too large for HTTP cookies (longer than 4096 characters). Enabling this option will only disable setting the cookie response header, the filter
	// will still process incoming ID Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
	// sessions would not set the IdToken cookie header.
	DisableIdTokenSetCookie bool
	// If set to true, the client will not set a cookie for Access Token even if one is received from the Identity Provider.
	// Enabling this option will only disable setting the cookie response header, the filter
	// will still process incoming Access Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
	// sessions would not set the Access Token cookie header.
	DisableAccessTokenSetCookie bool
	// If set to true, the client will not set a cookie for Refresh Token even if one is received from the Identity Provider.
	// Enabling this option will only disable setting the cookie response header, the filter
	// will still process incoming Refresh Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
	// sessions would not set the Refresh Token cookie header.
	DisableRefreshTokenSetCookie bool
	// Controls for attributes that can be set on the cookies.
	CookieConfigs *CookieConfigs
	// Optional additional prefix to use when emitting statistics.
	StatPrefix string
	// Optional expiration time for the CSRF protection token cookie.
	// The CSRF token prevents cross-site request forgery attacks during the OAuth2 flow.
	// If not specified, defaults to “600s“ (10 minutes), which should provide sufficient time
	// for users to complete the OAuth2 authorization flow.
	CsrfTokenExpiresIn *durationpb.Duration
	// Optional expiration time for the code verifier cookie.
	// The code verifier is stored in a secure, HTTP-only cookie during the OAuth2 authorization process.
	// If not specified, defaults to “600s“ (10 minutes), which should provide sufficient time
	// for users to complete the OAuth2 authorization flow.
	CodeVerifierTokenExpiresIn *durationpb.Duration
	// Disable token encryption. When set to true, both the access token and the ID token will be stored in plain text.
	// This option should only be used in secure environments where token encryption is not required.
	// Default is false (tokens are encrypted).
	DisableTokenEncryption bool
	// contains filtered or unexported fields
}

func (OAuth2Config_builder) Build 

func (b0 OAuth2Config_builder) Build() *OAuth2Config

type OAuth2Credentials 

type OAuth2Credentials struct {

	// The client_id to be used in the authorize calls. This value will be URL encoded when sent to the OAuth server.
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// The secret used to retrieve the access token. This value will be URL encoded when sent to the OAuth server.
	TokenSecret *v3.SdsSecretConfig `protobuf:"bytes,2,opt,name=token_secret,json=tokenSecret,proto3" json:"token_secret,omitempty"`
	// Configures how the secret token should be created.
	//
	// Types that are valid to be assigned to TokenFormation:
	//
	//	*OAuth2Credentials_HmacSecret
	TokenFormation isOAuth2Credentials_TokenFormation `protobuf_oneof:"token_formation"`
	// The cookie names used in OAuth filters flow.
	CookieNames *OAuth2Credentials_CookieNames `protobuf:"bytes,4,opt,name=cookie_names,json=cookieNames,proto3" json:"cookie_names,omitempty"`
	// The domain to set the cookie on. If not set, the cookie will default to the host of the request, not including the subdomains.
	// This is useful when token cookies need to be shared across multiple subdomains.
	CookieDomain string `protobuf:"bytes,5,opt,name=cookie_domain,json=cookieDomain,proto3" json:"cookie_domain,omitempty"`
	// contains filtered or unexported fields
}

[#next-free-field: 6]

func (*OAuth2Credentials) ClearCookieNames 

func (x *OAuth2Credentials) ClearCookieNames()

func (*OAuth2Credentials) ClearHmacSecret 

func (x *OAuth2Credentials) ClearHmacSecret()

func (*OAuth2Credentials) ClearTokenFormation 

func (x *OAuth2Credentials) ClearTokenFormation()

func (*OAuth2Credentials) ClearTokenSecret 

func (x *OAuth2Credentials) ClearTokenSecret()

func (*OAuth2Credentials) GetClientId 

func (x *OAuth2Credentials) GetClientId() string

func (*OAuth2Credentials) GetCookieDomain 

func (x *OAuth2Credentials) GetCookieDomain() string

func (*OAuth2Credentials) GetCookieNames 

func (x *OAuth2Credentials) GetCookieNames() *OAuth2Credentials_CookieNames

func (*OAuth2Credentials) GetHmacSecret 

func (x *OAuth2Credentials) GetHmacSecret() *v3.SdsSecretConfig

func (*OAuth2Credentials) GetTokenFormation 

func (x *OAuth2Credentials) GetTokenFormation() isOAuth2Credentials_TokenFormation

func (*OAuth2Credentials) GetTokenSecret 

func (x *OAuth2Credentials) GetTokenSecret() *v3.SdsSecretConfig

func (*OAuth2Credentials) HasCookieNames 

func (x *OAuth2Credentials) HasCookieNames() bool

func (*OAuth2Credentials) HasHmacSecret 

func (x *OAuth2Credentials) HasHmacSecret() bool

func (*OAuth2Credentials) HasTokenFormation 

func (x *OAuth2Credentials) HasTokenFormation() bool

func (*OAuth2Credentials) HasTokenSecret 

func (x *OAuth2Credentials) HasTokenSecret() bool

func (*OAuth2Credentials) ProtoMessage 

func (*OAuth2Credentials) ProtoMessage()

func (*OAuth2Credentials) ProtoReflect 

func (x *OAuth2Credentials) ProtoReflect() protoreflect.Message

func (*OAuth2Credentials) Reset 

func (x *OAuth2Credentials) Reset()

func (*OAuth2Credentials) SetClientId 

func (x *OAuth2Credentials) SetClientId(v string)

func (*OAuth2Credentials) SetCookieDomain 

func (x *OAuth2Credentials) SetCookieDomain(v string)

func (*OAuth2Credentials) SetCookieNames 

func (x *OAuth2Credentials) SetCookieNames(v *OAuth2Credentials_CookieNames)

func (*OAuth2Credentials) SetHmacSecret 

func (x *OAuth2Credentials) SetHmacSecret(v *v3.SdsSecretConfig)

func (*OAuth2Credentials) SetTokenSecret 

func (x *OAuth2Credentials) SetTokenSecret(v *v3.SdsSecretConfig)

func (*OAuth2Credentials) String 

func (x *OAuth2Credentials) String() string

func (*OAuth2Credentials) WhichTokenFormation 

func (x *OAuth2Credentials) WhichTokenFormation() case_OAuth2Credentials_TokenFormation

type OAuth2Credentials_CookieNames 

type OAuth2Credentials_CookieNames struct {

	// Cookie name to hold OAuth bearer token value. When the authentication server validates the
	// client and returns an authorization token back to the OAuth filter, no matter what format
	// that token is, if :ref:`forward_bearer_token <envoy_v3_api_field_extensions.filters.http.oauth2.v3.OAuth2Config.forward_bearer_token>`
	// is set to true the filter will send over the bearer token as a cookie with this name to the
	// upstream. Defaults to “BearerToken“.
	BearerToken string `protobuf:"bytes,1,opt,name=bearer_token,json=bearerToken,proto3" json:"bearer_token,omitempty"`
	// Cookie name to hold OAuth HMAC value. Defaults to “OauthHMAC“.
	OauthHmac string `protobuf:"bytes,2,opt,name=oauth_hmac,json=oauthHmac,proto3" json:"oauth_hmac,omitempty"`
	// Cookie name to hold OAuth expiry value. Defaults to “OauthExpires“.
	OauthExpires string `protobuf:"bytes,3,opt,name=oauth_expires,json=oauthExpires,proto3" json:"oauth_expires,omitempty"`
	// Cookie name to hold the id token. Defaults to “IdToken“.
	IdToken string `protobuf:"bytes,4,opt,name=id_token,json=idToken,proto3" json:"id_token,omitempty"`
	// Cookie name to hold the refresh token. Defaults to “RefreshToken“.
	RefreshToken string `protobuf:"bytes,5,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
	// Cookie name to hold the nonce value. Defaults to “OauthNonce“.
	OauthNonce string `protobuf:"bytes,6,opt,name=oauth_nonce,json=oauthNonce,proto3" json:"oauth_nonce,omitempty"`
	// Cookie name to hold the PKCE code verifier. Defaults to “OauthCodeVerifier“.
	CodeVerifier string `protobuf:"bytes,7,opt,name=code_verifier,json=codeVerifier,proto3" json:"code_verifier,omitempty"`
	// contains filtered or unexported fields
}

[#next-free-field: 8]

func (*OAuth2Credentials_CookieNames) GetBearerToken 

func (x *OAuth2Credentials_CookieNames) GetBearerToken() string

func (*OAuth2Credentials_CookieNames) GetCodeVerifier 

func (x *OAuth2Credentials_CookieNames) GetCodeVerifier() string

func (*OAuth2Credentials_CookieNames) GetIdToken 

func (x *OAuth2Credentials_CookieNames) GetIdToken() string

func (*OAuth2Credentials_CookieNames) GetOauthExpires 

func (x *OAuth2Credentials_CookieNames) GetOauthExpires() string

func (*OAuth2Credentials_CookieNames) GetOauthHmac 

func (x *OAuth2Credentials_CookieNames) GetOauthHmac() string

func (*OAuth2Credentials_CookieNames) GetOauthNonce 

func (x *OAuth2Credentials_CookieNames) GetOauthNonce() string

func (*OAuth2Credentials_CookieNames) GetRefreshToken 

func (x *OAuth2Credentials_CookieNames) GetRefreshToken() string

func (*OAuth2Credentials_CookieNames) ProtoMessage 

func (*OAuth2Credentials_CookieNames) ProtoMessage()

func (*OAuth2Credentials_CookieNames) ProtoReflect 

func (x *OAuth2Credentials_CookieNames) ProtoReflect() protoreflect.Message

func (*OAuth2Credentials_CookieNames) Reset 

func (x *OAuth2Credentials_CookieNames) Reset()

func (*OAuth2Credentials_CookieNames) SetBearerToken 

func (x *OAuth2Credentials_CookieNames) SetBearerToken(v string)

func (*OAuth2Credentials_CookieNames) SetCodeVerifier 

func (x *OAuth2Credentials_CookieNames) SetCodeVerifier(v string)

func (*OAuth2Credentials_CookieNames) SetIdToken 

func (x *OAuth2Credentials_CookieNames) SetIdToken(v string)

func (*OAuth2Credentials_CookieNames) SetOauthExpires 

func (x *OAuth2Credentials_CookieNames) SetOauthExpires(v string)

func (*OAuth2Credentials_CookieNames) SetOauthHmac 

func (x *OAuth2Credentials_CookieNames) SetOauthHmac(v string)

func (*OAuth2Credentials_CookieNames) SetOauthNonce 

func (x *OAuth2Credentials_CookieNames) SetOauthNonce(v string)

func (*OAuth2Credentials_CookieNames) SetRefreshToken 

func (x *OAuth2Credentials_CookieNames) SetRefreshToken(v string)

func (*OAuth2Credentials_CookieNames) String 

func (x *OAuth2Credentials_CookieNames) String() string

type OAuth2Credentials_CookieNames_builder 

type OAuth2Credentials_CookieNames_builder struct {

	// Cookie name to hold OAuth bearer token value. When the authentication server validates the
	// client and returns an authorization token back to the OAuth filter, no matter what format
	// that token is, if :ref:`forward_bearer_token <envoy_v3_api_field_extensions.filters.http.oauth2.v3.OAuth2Config.forward_bearer_token>`
	// is set to true the filter will send over the bearer token as a cookie with this name to the
	// upstream. Defaults to “BearerToken“.
	BearerToken string
	// Cookie name to hold OAuth HMAC value. Defaults to “OauthHMAC“.
	OauthHmac string
	// Cookie name to hold OAuth expiry value. Defaults to “OauthExpires“.
	OauthExpires string
	// Cookie name to hold the id token. Defaults to “IdToken“.
	IdToken string
	// Cookie name to hold the refresh token. Defaults to “RefreshToken“.
	RefreshToken string
	// Cookie name to hold the nonce value. Defaults to “OauthNonce“.
	OauthNonce string
	// Cookie name to hold the PKCE code verifier. Defaults to “OauthCodeVerifier“.
	CodeVerifier string
	// contains filtered or unexported fields
}

func (OAuth2Credentials_CookieNames_builder) Build 

func (b0 OAuth2Credentials_CookieNames_builder) Build() *OAuth2Credentials_CookieNames

type OAuth2Credentials_HmacSecret 

type OAuth2Credentials_HmacSecret struct {
	// If present, the secret token will be a HMAC using the provided secret.
	HmacSecret *v3.SdsSecretConfig `protobuf:"bytes,3,opt,name=hmac_secret,json=hmacSecret,proto3,oneof"`
}

type OAuth2Credentials_builder 

type OAuth2Credentials_builder struct {

	// The client_id to be used in the authorize calls. This value will be URL encoded when sent to the OAuth server.
	ClientId string
	// The secret used to retrieve the access token. This value will be URL encoded when sent to the OAuth server.
	TokenSecret *v3.SdsSecretConfig

	// Fields of oneof TokenFormation:
	// If present, the secret token will be a HMAC using the provided secret.
	HmacSecret *v3.SdsSecretConfig
	// -- end of TokenFormation
	// The cookie names used in OAuth filters flow.
	CookieNames *OAuth2Credentials_CookieNames
	// The domain to set the cookie on. If not set, the cookie will default to the host of the request, not including the subdomains.
	// This is useful when token cookies need to be shared across multiple subdomains.
	CookieDomain string
	// contains filtered or unexported fields
}

func (OAuth2Credentials_builder) Build 

func (b0 OAuth2Credentials_builder) Build() *OAuth2Credentials

type OAuth2_builder 

type OAuth2_builder struct {

	// Leave this empty to disable OAuth2 for a specific route, using per filter config.
	Config *OAuth2Config
	// contains filtered or unexported fields
}

func (OAuth2_builder) Build 

func (b0 OAuth2_builder) Build() *OAuth2

Source Files

  • oauth.pb.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.