package envoy.extensions.http.injected_credentials.oauth2.v3

Get desktop application:
View/edit binary Protocol Buffers messages

OAuth2 extension can be used to retrieve an OAuth2 access token from an authorization server and inject it into the proxied requests. Currently, only the Client Credentials Grant flow is supported. The access token will be injected into the request headers using the ``Authorization`` header as a bearer token.

optional config.core.v3.HttpUri token_endpoint = 1
Endpoint on the authorization server to retrieve the access token from. Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-3.2) for details.
repeated string scopes = 2
Optional list of OAuth scopes to be claimed in the authorization request. Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-4.4.2) for details.
oneof flow_type
- OAuth2.ClientCredentials client_credentials = 3
  Client Credentials Grant. Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-4.4) for details.
optional google.protobuf.Duration token_fetch_retry_interval = 4
The interval between two successive retries to fetch token from Identity Provider. Default is 2 secs. The interval must be at least 1 second.

Used in: ClientCredentials

BASIC_AUTH = 0
The ``client_id`` and ``client_secret`` will be sent using HTTP Basic authentication scheme.
URL_ENCODED_BODY = 1
The ``client_id`` and ``client_secret`` will be sent in the URL encoded request body. This type should only be used when Auth server does not support Basic authentication.

Credentials to authenticate client to the authorization server. Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-2.3) for details.

Used in: OAuth2

string client_id = 1
Client ID. Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1) for details.
optional transport_sockets.tls.v3.SdsSecretConfig client_secret = 2
Client secret. Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1) for details.
AuthType auth_type = 3
The method to use when sending credentials to the authorization server. Refer to [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1) for details.

package envoy.extensions.http.injected_credentials.oauth2.v3

message OAuth2

optional config.core.v3.HttpUri token_endpoint = 1

repeated string scopes = 2

oneof flow_type

OAuth2.ClientCredentials client_credentials = 3

optional google.protobuf.Duration token_fetch_retry_interval = 4

enum OAuth2.AuthType

BASIC_AUTH = 0

URL_ENCODED_BODY = 1

message OAuth2.ClientCredentials

string client_id = 1

optional transport_sockets.tls.v3.SdsSecretConfig client_secret = 2

AuthType auth_type = 3