You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: OAuth2 Filter - Unexpected behaviour of forward_bearer_token
Description:
While using OAuth2 Filter, if we set forward_bearer_token to false, Envoy does not return BearerToken, IdToken, and RefreshToken cookies to the downstream.
The documentation says "if forward_bearer_token is set to true the filter will send over a cookie named BearerToken to the upstream". I expect that this field affects only forwarding to upstream. However, it seems that it also affects the downstream, since it does not set these cookies. It only sets OauthHMAC and OauthExpires cookies.
This behaviour also causes the OAuth2 filter become unusable combining with JWT Auth filter when forward_bearer_token is set to false, because the JWT Auth filter cannot find any cookie for BearerToken or IdToken.
Repro steps:
Generate a simple envoy.yaml configuration file with OAuth2 filter.
Set forward_bearer_token to false.
Try authenticating. The final response on callback endpoint will not have Set-Cookie response headers for BearerToken, IdToken, and RefreshToken.
Title: OAuth2 Filter - Unexpected behaviour of
forward_bearer_token
Description:
While using OAuth2 Filter, if we set
forward_bearer_token
tofalse
, Envoy does not returnBearerToken
,IdToken
, andRefreshToken
cookies to the downstream.The documentation says "if forward_bearer_token is set to true the filter will send over a cookie named BearerToken to the upstream". I expect that this field affects only forwarding to upstream. However, it seems that it also affects the downstream, since it does not set these cookies. It only sets
OauthHMAC
andOauthExpires
cookies.This behaviour also causes the OAuth2 filter become unusable combining with JWT Auth filter when
forward_bearer_token
is set tofalse
, because the JWT Auth filter cannot find any cookie forBearerToken
orIdToken
.Repro steps:
forward_bearer_token
tofalse
.callback
endpoint will not haveSet-Cookie
response headers forBearerToken
,IdToken
, andRefreshToken
.Config:
The text was updated successfully, but these errors were encountered: