[OAuth2] return 401 instead of 302 on xhr requests

[AurelienBegou]

Title: [OAuth2] return 401 instead of 302 on xhr requests

Description:
In the context of Single Page Application (SPA) the code is stored in cache in the browser and at the end of the session having a 302 redirect will cause issue in the design. Typically when xhr request is detected it should return 401 instead.

Is it such configuration possible ? I try to search on the documentation but was not able to found it.

[optional Relevant Links:]
Example on another auth-proxy
Oauth2-Proxy: https://oauth2-proxy.github.io/oauth2-proxy/docs/behaviour/
Specific line:
"If authentication is required but missing then the user is asked to log in and redirected to the authentication provider (unless it is an Ajax request, i.e. one with Accept: application/json, in which case 401 Unauthorized is returned)"

Thanks for the help

[kyessenov]

Seems reasonable. CC @derekargueta

[AurelienBegou]

Seems reasonable. CC @derekargueta

Thanks, here an additional implementation to force behavior regarding xhr/AJAX requests https://cloud.google.com/iap/docs/sessions-howto#understanding_the_response

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[github-actions]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.

[samo1]

@kyessenov I would like to re-open this issue if possible.

This requested feature would be quite useful in our use case. I am testing a POC solution where I have added a new configuration option to oauth2 filter ajax_request_matcher which does not allow redirect of matching requests and returns 401 Unauthorized immediately. It seems to be working well so far. The changes I made - samo1/envoy@main...oauth2_ajax_matcher

I am willing to open a merge request if we agree on a solution. Thanks.