FeatureRequest:
Can we extend SecurityPolicy.OIDC.CookieNames to be able to optionally overwrite every possible OAuth2Filter cookie name (adding: oauth_hmac, oauth_expires, refresh_token, oauth_nonce) see here? Currently you can only overwrite bearer_token and id_token.

UseCase:
I would like to be able to remove the internal OAuthFilter cookies before forwarding the request to upstream.

Happy to take this task.