Oauth2 extention not work #13023
Description
If you are reporting any crash or any potential security issue, do not
open an issue in this repo. Please report the issue via emailing
envoy-security@googlegroups.com where the issue will be triaged appropriately.
Title: Oauth2 extention not work
Description:
Hi All:
When I try to follow the instruction (https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/oauth2_filter), to test Oauth2 functionality, but I met the challenge about below when I start envoy, any idea about this? and would like to know what kind of hmac_secret i need to provide. Thx
[2020-09-09 12:02:32.681][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #20: [0x563ac830b885]
[2020-09-09 12:02:32.681][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #21: [0x563ac76a1dab]
[2020-09-09 12:02:32.681][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #22: [0x563ac76a14cd]
[2020-09-09 12:02:32.682][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #23: [0x563ac76a23c2]
[2020-09-09 12:02:32.682][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #24: [0x563ac76a2783]
[2020-09-09 12:02:32.682][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:98] #25: [0x563ac76a0f9c]
[2020-09-09 12:02:32.682][14][critical][backtrace] [bazel-out/k8-opt/bin/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:96] #26: __libc_start_main [0x7f7a631e1b97]
Segmentation fault
[optional Relevant Links:]
Any extra documentation required to understand the issue.
This is my yaml file setting:
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 127.0.0.1, port_value: 9901 }
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 10000 }
filter_chains:- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route: { cluster: auth }
http_filters:
- name: auth
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.oauth2.v3alpha.OAuth2
config:
token_endpoint:
cluster: auth
uri: authorization-server.com/token
timeout: 3s
authorization_endpoint: https://authorization-server.com/authorize
redirect_uri: "https://www.oauth.com/playground/oidc.html"
redirect_path_matcher:
path:
exact: /callback
signout_path:
path:
exact: /signout
credentials:
client_id: <client_id from Oauth website>
token_secret:
name:
hmac_secret:
name: hmac
# timeout: 3s
- name: envoy.filters.http.router
- name: envoy.filters.network.http_connection_manager
- filters:
clusters:
- name: some_service
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: some_service
endpoints:- lb_endpoints:
- endpoint:
address:
socket_address:
address: 0.0.0.0
port_value: 1234
- endpoint:
- lb_endpoints:
- name: auth
connect_timeout: 5s
type: LOGICAL_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: auth
endpoints:- lb_endpoints:
- endpoint:
address: { socket_address: { address: www.oauth.com, port_value: 443 }}
tls_context: { sni: www.oauth.com }
- endpoint:
- lb_endpoints: