-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Oauth2 extention not work #13023
Comments
@hsuyuming please do not report crashes in public issues without first clearing with envoy-security@googlegroups.com, the issue filing dialog is pretty clear about this. That said, this doesn't look security relevant as it's control plane. @snowp @derekargueta @rgs1 any idea what might be going on here? |
I suspect we're missing error handling for when the static secret doesn't exist. I'm guessing that if a static secret is added to the bootstrap with name |
Hi @snowp : |
If you are reporting any crash or any potential security issue, do not
open an issue in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged appropriately.
Title: Oauth2 extention not work
Description:
Hi All:
When I try to follow the instruction (https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/oauth2_filter), to test Oauth2 functionality, but I met the challenge about below when I start envoy, any idea about this? and would like to know what kind of hmac_secret i need to provide. Thx
[2020-09-09 12:02:32.681][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #20: [0x563ac830b885]
[2020-09-09 12:02:32.681][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #21: [0x563ac76a1dab]
[2020-09-09 12:02:32.681][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #22: [0x563ac76a14cd]
[2020-09-09 12:02:32.682][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #23: [0x563ac76a23c2]
[2020-09-09 12:02:32.682][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #24: [0x563ac76a2783]
[2020-09-09 12:02:32.682][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #25: [0x563ac76a0f9c]
[2020-09-09 12:02:32.682][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:96] #26: __libc_start_main [0x7f7a631e1b97]
Segmentation fault
[optional Relevant Links:]
This is my yaml file setting:
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 127.0.0.1, port_value: 9901 }
static_resources:
listeners:
address:
socket_address: { address: 0.0.0.0, port_value: 10000 }
filter_chains:
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route: { cluster: auth }
http_filters:
- name: auth
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.oauth2.v3alpha.OAuth2
config:
token_endpoint:
cluster: auth
uri: authorization-server.com/token
timeout: 3s
authorization_endpoint: https://authorization-server.com/authorize
redirect_uri: "https://www.oauth.com/playground/oidc.html"
redirect_path_matcher:
path:
exact: /callback
signout_path:
path:
exact: /signout
credentials:
client_id: <client_id from Oauth website>
token_secret:
name:
hmac_secret:
name: hmac
# timeout: 3s
- name: envoy.filters.http.router
clusters:
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: some_service
endpoints:
address:
socket_address:
address: 0.0.0.0
port_value: 1234
connect_timeout: 5s
type: LOGICAL_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: auth
endpoints:
address: { socket_address: { address: www.oauth.com, port_value: 443 }}
tls_context: { sni: www.oauth.com }
The text was updated successfully, but these errors were encountered: