OAuth2 filter: stores sessions in Redis

[zhaohuabing]

Title: OAuth2 filter: stores sessions in Redis

Description:

Describe the desired behavior, what scenario it enables and how it would be used.

The OAuth2 filter currently stores the bearer token and ID token in user agents using secure cookies, with HMAC verification of the tokens. Storing tokens in a server-side Redis cache can provide a better security gesture.

The possible implementation approach:

• Moving tokens to a Redis cache on the server side
• Implement a session ID cookie to map user sessions with their respective tokens

[optional Relevant Links:]

Any extra documentation required to understand the issue.

Alternative: Encrypting the cookies can also enhance the security of the tokens.

@arkodg @missBerg

[KBaichoo]

cc @mattklein123 @derekargueta

[arkodg]

cc @cpakulski who looked into the feasibility of this

[derekargueta]

yeah I've thought of this, similar oauth-proxy. would be pretty neat, I also think it'd be the first use-case in Envoy of Redis for feature functionality and not just proxying.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[github-actions[bot]]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.