oauth2-proxy
Add --pass-refresh-token
Description
Add --pass-refresh-token option, copied almost verbatim from --pass-access-token.
Motivation and Context
Fixes https://github.com/oauth2-proxy/oauth2-proxy/issues/3216
This will help support offline access.
How Has This Been Tested?
Updated tests to be more generic and include refresh and ID tokens.
Also built a docker image, ran locally and confirmed works.
Checklist:
- [x] My change requires a change to the documentation or CHANGELOG.
- [x] I have updated the documentation/CHANGELOG accordingly.
- [x] I have created a feature (non-master) branch for my PR.
- [x] I have written tests for my code changes.
I think the intent of this project is to move away from CLI args and towards alpha config. You can accomplish this with an alpha config:
injectResponseHeaders:
- name: X-Auth-Refresh-Token
values:
- claim: refresh_token
I think the intent of this project is to move away from CLI args and towards alpha config. You can accomplish this with an alpha config:
injectResponseHeaders: - name: X-Auth-Refresh-Token values: - claim: refresh_token
@william-will-angi thanks, but we are not comfortable running in alpha mode, having been burned by bugs in the past, and we need a stable interface for production systems
Hi @carillonator as @william-will-angi mentioned we are moving forward with the alpha config. I want to get the alpha to beta by the end of this year. Therefore we are not going to introduce additional legacy flags in the next couple of weeks / months.
@tuunit that is disappointing. there's no way we're going back to something called "alpha" in production. this is probably the reason we needed to start looking at envoy's oauth2 filter