Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
oauth2: do not blindly accept requests with a token in the Authorizat…
…ion headera (781) The logic was broken because it assumed an additional call would be performed to the auth server, which isn't the case. Per the filter documentation, a request is only considered subsequently authenticated if there's valid cookie that was set after the access token was received from the auth server: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/oauth2_filter More info about how to validate an access token (which we don't do, per above): https://www.oauth.com/oauth2-servers/token-introspection-endpoint/ https://datatracker.ietf.org/doc/html/rfc7662 Also fix the fact that ee shouldn't be calling continueDecoding() after decoder_callbacks_->encodeHeaders(). Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com> Signed-off-by: Matt Klein <mklein@lyft.com> Signed-off-by: Pradeep Rao <pcrao@google.com>
- Loading branch information
1 parent
9b1c396
commit 7ffda4e
Showing
4 changed files
with
61 additions
and
88 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters