OAuth2: remove internal cookies before forwarding request to backend

[zhaohuabing]

Title: OAuth2: remove internal cookies before forwarding request to backend

Description:
The cookies other than AccessToken and IDToken should be deleted before forwarding the request to the Backend applications since they're supposed to be only used by the OAuth2 filter itself.

Discussion in Envoy Gateway:

• Option to overwrite every OAuth2Filter Cookie via OIDCCookieNames gateway#5152 (comment)
• api(oidc): Allow override of all OIDC CookieNames gateway#5655 (comment)

[ravenblackx]

@derekargueta

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[coro]

Just adding a bit of extra context here: some webserver libraries by default have a rather low limit for the size of HTTP headers, for example the Ring Jetty adapter. With default behaviour in Envoy OIDC, there are 5 additional headers added to backend requests, as well as the same information potentially repeated in a Cookie header. Some of these headers are full JWTs so the header payload can be rather large, leading to 413 errors with out of the box behaviour.

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[github-actions]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.