gcp_authn: fix bound token requests#45838
Merged
Merged
CI (Envoy) / Envoy/macOS
succeeded
Jun 25, 2026 in 6m 5s
Envoy/macOS (success)
Check has finished
Details
Check run finished (success ✔️)
The check run can be viewed here:
Envoy/macOS (pr/45838/main@352ca1e)
Check started by
Request (pr/45838/main@352ca1e)
352ca1e 
#45838 merge main@f5f8d83
gcp_authn: fix bound token requests
Commit Message: gcp_authn: fix bound token requests
Additional Description:The gcp_authn filter was passing along the fingerprint incorrectly in bound token requests:
- The fingerprint query parameter key should be
bindCertificateFingerprint.- The fingerprint query parameter value should be base-64 encoded, then url encoded.
This is exactly how the official Google python auth library structures its requests for bound tokens.
Risk Level: low
Testing: tests updated
Docs Changes: none
Release Notes: none
Environment
Request variables
| Key | Value |
|---|---|
| ref | cd5468a |
| sha | 352ca1e |
| pr | 45838 |
| base-sha | f5f8d83 |
| actor | @antoniovleonti |
| message | gcp_authn: fix bound token requests... |
| started | 1782414161.989097 |
| target-branch | main |
| trusted | false |
Build image
Container image/s (as used in this CI run)
| Key | Value |
|---|---|
| default | docker.io/envoyproxy/envoy-build:v0.1.6 |
| mobile | docker.io/envoyproxy/envoy-build:mobile-v0.1.6 |
Version
Envoy version (as used in this CI run)
| Key | Value |
|---|---|
| major | 1 |
| minor | 39 |
| patch | 0 |
| dev | true |
Loading