public static final class Config.JwtProvider.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder> implements Config.JwtProviderOrBuilder
This message specifies how a JSON Web Token (JWT) can be verified. JWT format is defined
`here <https://tools.ietf.org/html/rfc7519>`_. Please see `OAuth2.0
<https://tools.ietf.org/html/rfc6749>`_ and `OIDC1.0 <http://openid.net/connect>`_ for
the authentication flow.
Example:
.. code-block:: yaml
issuer: https://example.com
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
remote_jwks:
http_uri:
uri: https://example.com/.well-known/jwks.json
cluster: example_jwks_cluster
cache_duration:
seconds: 300
Protobuf type envoy.config.filter.http.jwt_authn.v2alpha.JwtProvider| Modifier and Type | Method and Description |
|---|---|
Config.JwtProvider.Builder |
addAllAudiences(Iterable<String> values)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
Config.JwtProvider.Builder |
addAllFromHeaders(Iterable<? extends Config.JwtHeader> values)
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
addAllFromParams(Iterable<String> values)
JWT is sent in a query parameter.
|
Config.JwtProvider.Builder |
addAudiences(String value)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
Config.JwtProvider.Builder |
addAudiencesBytes(com.google.protobuf.ByteString value)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
Config.JwtProvider.Builder |
addFromHeaders(Config.JwtHeader.Builder builderForValue)
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
addFromHeaders(Config.JwtHeader value)
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
addFromHeaders(int index,
Config.JwtHeader.Builder builderForValue)
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
addFromHeaders(int index,
Config.JwtHeader value)
Specify the HTTP headers to extract JWT token.
|
Config.JwtHeader.Builder |
addFromHeadersBuilder()
Specify the HTTP headers to extract JWT token.
|
Config.JwtHeader.Builder |
addFromHeadersBuilder(int index)
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
addFromParams(String value)
JWT is sent in a query parameter.
|
Config.JwtProvider.Builder |
addFromParamsBytes(com.google.protobuf.ByteString value)
JWT is sent in a query parameter.
|
Config.JwtProvider.Builder |
addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
Object value) |
Config.JwtProvider |
build() |
Config.JwtProvider |
buildPartial() |
Config.JwtProvider.Builder |
clear() |
Config.JwtProvider.Builder |
clearAudiences()
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
Config.JwtProvider.Builder |
clearField(com.google.protobuf.Descriptors.FieldDescriptor field) |
Config.JwtProvider.Builder |
clearForward()
If false, the JWT is removed in the request after a success verification.
|
Config.JwtProvider.Builder |
clearForwardPayloadHeader()
This field specifies the header name to forward a successfully verified JWT payload to the
backend.
|
Config.JwtProvider.Builder |
clearFromHeaders()
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
clearFromParams()
JWT is sent in a query parameter.
|
Config.JwtProvider.Builder |
clearIssuer()
Identifies the principal that issued the JWT.
|
Config.JwtProvider.Builder |
clearJwksSourceSpecifier() |
Config.JwtProvider.Builder |
clearLocalJwks()
JWKS is in local data source.
|
Config.JwtProvider.Builder |
clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) |
Config.JwtProvider.Builder |
clearRemoteJwks()
JWKS can be fetched from remote server via HTTP/HTTPS.
|
Config.JwtProvider.Builder |
clone() |
String |
getAudiences(int index)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
com.google.protobuf.ByteString |
getAudiencesBytes(int index)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
int |
getAudiencesCount()
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
com.google.protobuf.ProtocolStringList |
getAudiencesList()
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
Config.JwtProvider |
getDefaultInstanceForType() |
static com.google.protobuf.Descriptors.Descriptor |
getDescriptor() |
com.google.protobuf.Descriptors.Descriptor |
getDescriptorForType() |
boolean |
getForward()
If false, the JWT is removed in the request after a success verification.
|
String |
getForwardPayloadHeader()
This field specifies the header name to forward a successfully verified JWT payload to the
backend.
|
com.google.protobuf.ByteString |
getForwardPayloadHeaderBytes()
This field specifies the header name to forward a successfully verified JWT payload to the
backend.
|
Config.JwtHeader |
getFromHeaders(int index)
Specify the HTTP headers to extract JWT token.
|
Config.JwtHeader.Builder |
getFromHeadersBuilder(int index)
Specify the HTTP headers to extract JWT token.
|
List<Config.JwtHeader.Builder> |
getFromHeadersBuilderList()
Specify the HTTP headers to extract JWT token.
|
int |
getFromHeadersCount()
Specify the HTTP headers to extract JWT token.
|
List<Config.JwtHeader> |
getFromHeadersList()
Specify the HTTP headers to extract JWT token.
|
Config.JwtHeaderOrBuilder |
getFromHeadersOrBuilder(int index)
Specify the HTTP headers to extract JWT token.
|
List<? extends Config.JwtHeaderOrBuilder> |
getFromHeadersOrBuilderList()
Specify the HTTP headers to extract JWT token.
|
String |
getFromParams(int index)
JWT is sent in a query parameter.
|
com.google.protobuf.ByteString |
getFromParamsBytes(int index)
JWT is sent in a query parameter.
|
int |
getFromParamsCount()
JWT is sent in a query parameter.
|
com.google.protobuf.ProtocolStringList |
getFromParamsList()
JWT is sent in a query parameter.
|
String |
getIssuer()
Identifies the principal that issued the JWT.
|
com.google.protobuf.ByteString |
getIssuerBytes()
Identifies the principal that issued the JWT.
|
Config.JwtProvider.JwksSourceSpecifierCase |
getJwksSourceSpecifierCase() |
Base.DataSource |
getLocalJwks()
JWKS is in local data source.
|
Base.DataSource.Builder |
getLocalJwksBuilder()
JWKS is in local data source.
|
Base.DataSourceOrBuilder |
getLocalJwksOrBuilder()
JWKS is in local data source.
|
Config.RemoteJwks |
getRemoteJwks()
JWKS can be fetched from remote server via HTTP/HTTPS.
|
Config.RemoteJwks.Builder |
getRemoteJwksBuilder()
JWKS can be fetched from remote server via HTTP/HTTPS.
|
Config.RemoteJwksOrBuilder |
getRemoteJwksOrBuilder()
JWKS can be fetched from remote server via HTTP/HTTPS.
|
boolean |
hasLocalJwks()
JWKS is in local data source.
|
boolean |
hasRemoteJwks()
JWKS can be fetched from remote server via HTTP/HTTPS.
|
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable |
internalGetFieldAccessorTable() |
boolean |
isInitialized() |
Config.JwtProvider.Builder |
mergeFrom(com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
Config.JwtProvider.Builder |
mergeFrom(Config.JwtProvider other) |
Config.JwtProvider.Builder |
mergeFrom(com.google.protobuf.Message other) |
Config.JwtProvider.Builder |
mergeLocalJwks(Base.DataSource value)
JWKS is in local data source.
|
Config.JwtProvider.Builder |
mergeRemoteJwks(Config.RemoteJwks value)
JWKS can be fetched from remote server via HTTP/HTTPS.
|
Config.JwtProvider.Builder |
mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields) |
Config.JwtProvider.Builder |
removeFromHeaders(int index)
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
setAudiences(int index,
String value)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access.
|
Config.JwtProvider.Builder |
setField(com.google.protobuf.Descriptors.FieldDescriptor field,
Object value) |
Config.JwtProvider.Builder |
setForward(boolean value)
If false, the JWT is removed in the request after a success verification.
|
Config.JwtProvider.Builder |
setForwardPayloadHeader(String value)
This field specifies the header name to forward a successfully verified JWT payload to the
backend.
|
Config.JwtProvider.Builder |
setForwardPayloadHeaderBytes(com.google.protobuf.ByteString value)
This field specifies the header name to forward a successfully verified JWT payload to the
backend.
|
Config.JwtProvider.Builder |
setFromHeaders(int index,
Config.JwtHeader.Builder builderForValue)
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
setFromHeaders(int index,
Config.JwtHeader value)
Specify the HTTP headers to extract JWT token.
|
Config.JwtProvider.Builder |
setFromParams(int index,
String value)
JWT is sent in a query parameter.
|
Config.JwtProvider.Builder |
setIssuer(String value)
Identifies the principal that issued the JWT.
|
Config.JwtProvider.Builder |
setIssuerBytes(com.google.protobuf.ByteString value)
Identifies the principal that issued the JWT.
|
Config.JwtProvider.Builder |
setLocalJwks(Base.DataSource.Builder builderForValue)
JWKS is in local data source.
|
Config.JwtProvider.Builder |
setLocalJwks(Base.DataSource value)
JWKS is in local data source.
|
Config.JwtProvider.Builder |
setRemoteJwks(Config.RemoteJwks.Builder builderForValue)
JWKS can be fetched from remote server via HTTP/HTTPS.
|
Config.JwtProvider.Builder |
setRemoteJwks(Config.RemoteJwks value)
JWKS can be fetched from remote server via HTTP/HTTPS.
|
Config.JwtProvider.Builder |
setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
int index,
Object value) |
Config.JwtProvider.Builder |
setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields) |
getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMutableMapField, isClean, markClean, newBuilderForField, onBuilt, onChanged, setUnknownFieldsProto3findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toStringaddAll, addAll, mergeFrom, newUninitializedMessageExceptionequals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitpublic static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder clear()
clear in interface com.google.protobuf.Message.Builderclear in interface com.google.protobuf.MessageLite.Builderclear in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
getDescriptorForType in interface com.google.protobuf.Message.BuildergetDescriptorForType in interface com.google.protobuf.MessageOrBuildergetDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider getDefaultInstanceForType()
getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuildergetDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilderpublic Config.JwtProvider build()
build in interface com.google.protobuf.Message.Builderbuild in interface com.google.protobuf.MessageLite.Builderpublic Config.JwtProvider buildPartial()
buildPartial in interface com.google.protobuf.Message.BuilderbuildPartial in interface com.google.protobuf.MessageLite.Builderpublic Config.JwtProvider.Builder clone()
clone in interface com.google.protobuf.Message.Builderclone in interface com.google.protobuf.MessageLite.Builderclone in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
setField in interface com.google.protobuf.Message.BuildersetField in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
clearField in interface com.google.protobuf.Message.BuilderclearField in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
clearOneof in interface com.google.protobuf.Message.BuilderclearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
setRepeatedField in interface com.google.protobuf.Message.BuildersetRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
addRepeatedField in interface com.google.protobuf.Message.BuilderaddRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder mergeFrom(com.google.protobuf.Message other)
mergeFrom in interface com.google.protobuf.Message.BuildermergeFrom in class com.google.protobuf.AbstractMessage.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder mergeFrom(Config.JwtProvider other)
public final boolean isInitialized()
isInitialized in interface com.google.protobuf.MessageLiteOrBuilderisInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public Config.JwtProvider.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
mergeFrom in interface com.google.protobuf.Message.BuildermergeFrom in interface com.google.protobuf.MessageLite.BuildermergeFrom in class com.google.protobuf.AbstractMessage.Builder<Config.JwtProvider.Builder>IOExceptionpublic Config.JwtProvider.JwksSourceSpecifierCase getJwksSourceSpecifierCase()
getJwksSourceSpecifierCase in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder clearJwksSourceSpecifier()
public String getIssuer()
Identifies the principal that issued the JWT. See `here <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
string issuer = 1 [(.validate.rules) = { ... }getIssuer in interface Config.JwtProviderOrBuilderpublic com.google.protobuf.ByteString getIssuerBytes()
Identifies the principal that issued the JWT. See `here <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
string issuer = 1 [(.validate.rules) = { ... }getIssuerBytes in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder setIssuer(String value)
Identifies the principal that issued the JWT. See `here <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
string issuer = 1 [(.validate.rules) = { ... }public Config.JwtProvider.Builder clearIssuer()
Identifies the principal that issued the JWT. See `here <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
string issuer = 1 [(.validate.rules) = { ... }public Config.JwtProvider.Builder setIssuerBytes(com.google.protobuf.ByteString value)
Identifies the principal that issued the JWT. See `here <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
string issuer = 1 [(.validate.rules) = { ... }public com.google.protobuf.ProtocolStringList getAudiencesList()
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;getAudiencesList in interface Config.JwtProviderOrBuilderpublic int getAudiencesCount()
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;getAudiencesCount in interface Config.JwtProviderOrBuilderpublic String getAudiences(int index)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;getAudiences in interface Config.JwtProviderOrBuilderpublic com.google.protobuf.ByteString getAudiencesBytes(int index)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;getAudiencesBytes in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder setAudiences(int index, String value)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;public Config.JwtProvider.Builder addAudiences(String value)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;public Config.JwtProvider.Builder addAllAudiences(Iterable<String> values)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;public Config.JwtProvider.Builder clearAudiences()
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;public Config.JwtProvider.Builder addAudiencesBytes(com.google.protobuf.ByteString value)
The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
will not check audiences in the token.
Example:
.. code-block:: yaml
audiences:
- bookstore_android.apps.googleusercontent.com
- bookstore_web.apps.googleusercontent.com
repeated string audiences = 2;public boolean hasRemoteJwks()
JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
URI and how the fetched JWKS should be cached.
Example:
.. code-block:: yaml
remote_jwks:
http_uri:
uri: https://www.googleapis.com/oauth2/v1/certs
cluster: jwt.www.googleapis.com|443
cache_duration:
seconds: 300
.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;hasRemoteJwks in interface Config.JwtProviderOrBuilderpublic Config.RemoteJwks getRemoteJwks()
JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
URI and how the fetched JWKS should be cached.
Example:
.. code-block:: yaml
remote_jwks:
http_uri:
uri: https://www.googleapis.com/oauth2/v1/certs
cluster: jwt.www.googleapis.com|443
cache_duration:
seconds: 300
.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;getRemoteJwks in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder setRemoteJwks(Config.RemoteJwks value)
JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
URI and how the fetched JWKS should be cached.
Example:
.. code-block:: yaml
remote_jwks:
http_uri:
uri: https://www.googleapis.com/oauth2/v1/certs
cluster: jwt.www.googleapis.com|443
cache_duration:
seconds: 300
.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;public Config.JwtProvider.Builder setRemoteJwks(Config.RemoteJwks.Builder builderForValue)
JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
URI and how the fetched JWKS should be cached.
Example:
.. code-block:: yaml
remote_jwks:
http_uri:
uri: https://www.googleapis.com/oauth2/v1/certs
cluster: jwt.www.googleapis.com|443
cache_duration:
seconds: 300
.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;public Config.JwtProvider.Builder mergeRemoteJwks(Config.RemoteJwks value)
JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
URI and how the fetched JWKS should be cached.
Example:
.. code-block:: yaml
remote_jwks:
http_uri:
uri: https://www.googleapis.com/oauth2/v1/certs
cluster: jwt.www.googleapis.com|443
cache_duration:
seconds: 300
.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;public Config.JwtProvider.Builder clearRemoteJwks()
JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
URI and how the fetched JWKS should be cached.
Example:
.. code-block:: yaml
remote_jwks:
http_uri:
uri: https://www.googleapis.com/oauth2/v1/certs
cluster: jwt.www.googleapis.com|443
cache_duration:
seconds: 300
.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;public Config.RemoteJwks.Builder getRemoteJwksBuilder()
JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
URI and how the fetched JWKS should be cached.
Example:
.. code-block:: yaml
remote_jwks:
http_uri:
uri: https://www.googleapis.com/oauth2/v1/certs
cluster: jwt.www.googleapis.com|443
cache_duration:
seconds: 300
.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;public Config.RemoteJwksOrBuilder getRemoteJwksOrBuilder()
JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
URI and how the fetched JWKS should be cached.
Example:
.. code-block:: yaml
remote_jwks:
http_uri:
uri: https://www.googleapis.com/oauth2/v1/certs
cluster: jwt.www.googleapis.com|443
cache_duration:
seconds: 300
.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;getRemoteJwksOrBuilder in interface Config.JwtProviderOrBuilderpublic boolean hasLocalJwks()
JWKS is in local data source. It could be either in a local file or embedded in the
inline_string.
Example: local file
.. code-block:: yaml
local_jwks:
filename: /etc/envoy/jwks/jwks1.txt
Example: inline_string
.. code-block:: yaml
local_jwks:
inline_string: "ACADADADADA"
.envoy.api.v2.core.DataSource local_jwks = 4;hasLocalJwks in interface Config.JwtProviderOrBuilderpublic Base.DataSource getLocalJwks()
JWKS is in local data source. It could be either in a local file or embedded in the
inline_string.
Example: local file
.. code-block:: yaml
local_jwks:
filename: /etc/envoy/jwks/jwks1.txt
Example: inline_string
.. code-block:: yaml
local_jwks:
inline_string: "ACADADADADA"
.envoy.api.v2.core.DataSource local_jwks = 4;getLocalJwks in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder setLocalJwks(Base.DataSource value)
JWKS is in local data source. It could be either in a local file or embedded in the
inline_string.
Example: local file
.. code-block:: yaml
local_jwks:
filename: /etc/envoy/jwks/jwks1.txt
Example: inline_string
.. code-block:: yaml
local_jwks:
inline_string: "ACADADADADA"
.envoy.api.v2.core.DataSource local_jwks = 4;public Config.JwtProvider.Builder setLocalJwks(Base.DataSource.Builder builderForValue)
JWKS is in local data source. It could be either in a local file or embedded in the
inline_string.
Example: local file
.. code-block:: yaml
local_jwks:
filename: /etc/envoy/jwks/jwks1.txt
Example: inline_string
.. code-block:: yaml
local_jwks:
inline_string: "ACADADADADA"
.envoy.api.v2.core.DataSource local_jwks = 4;public Config.JwtProvider.Builder mergeLocalJwks(Base.DataSource value)
JWKS is in local data source. It could be either in a local file or embedded in the
inline_string.
Example: local file
.. code-block:: yaml
local_jwks:
filename: /etc/envoy/jwks/jwks1.txt
Example: inline_string
.. code-block:: yaml
local_jwks:
inline_string: "ACADADADADA"
.envoy.api.v2.core.DataSource local_jwks = 4;public Config.JwtProvider.Builder clearLocalJwks()
JWKS is in local data source. It could be either in a local file or embedded in the
inline_string.
Example: local file
.. code-block:: yaml
local_jwks:
filename: /etc/envoy/jwks/jwks1.txt
Example: inline_string
.. code-block:: yaml
local_jwks:
inline_string: "ACADADADADA"
.envoy.api.v2.core.DataSource local_jwks = 4;public Base.DataSource.Builder getLocalJwksBuilder()
JWKS is in local data source. It could be either in a local file or embedded in the
inline_string.
Example: local file
.. code-block:: yaml
local_jwks:
filename: /etc/envoy/jwks/jwks1.txt
Example: inline_string
.. code-block:: yaml
local_jwks:
inline_string: "ACADADADADA"
.envoy.api.v2.core.DataSource local_jwks = 4;public Base.DataSourceOrBuilder getLocalJwksOrBuilder()
JWKS is in local data source. It could be either in a local file or embedded in the
inline_string.
Example: local file
.. code-block:: yaml
local_jwks:
filename: /etc/envoy/jwks/jwks1.txt
Example: inline_string
.. code-block:: yaml
local_jwks:
inline_string: "ACADADADADA"
.envoy.api.v2.core.DataSource local_jwks = 4;getLocalJwksOrBuilder in interface Config.JwtProviderOrBuilderpublic boolean getForward()
If false, the JWT is removed in the request after a success verification. If true, the JWT is not removed in the request. Default value is false.
bool forward = 5;getForward in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder setForward(boolean value)
If false, the JWT is removed in the request after a success verification. If true, the JWT is not removed in the request. Default value is false.
bool forward = 5;public Config.JwtProvider.Builder clearForward()
If false, the JWT is removed in the request after a success verification. If true, the JWT is not removed in the request. Default value is false.
bool forward = 5;public List<Config.JwtHeader> getFromHeadersList()
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;getFromHeadersList in interface Config.JwtProviderOrBuilderpublic int getFromHeadersCount()
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;getFromHeadersCount in interface Config.JwtProviderOrBuilderpublic Config.JwtHeader getFromHeaders(int index)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;getFromHeaders in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder setFromHeaders(int index, Config.JwtHeader value)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtProvider.Builder setFromHeaders(int index, Config.JwtHeader.Builder builderForValue)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtProvider.Builder addFromHeaders(Config.JwtHeader value)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtProvider.Builder addFromHeaders(int index, Config.JwtHeader value)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtProvider.Builder addFromHeaders(Config.JwtHeader.Builder builderForValue)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtProvider.Builder addFromHeaders(int index, Config.JwtHeader.Builder builderForValue)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtProvider.Builder addAllFromHeaders(Iterable<? extends Config.JwtHeader> values)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtProvider.Builder clearFromHeaders()
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtProvider.Builder removeFromHeaders(int index)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtHeader.Builder getFromHeadersBuilder(int index)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtHeaderOrBuilder getFromHeadersOrBuilder(int index)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;getFromHeadersOrBuilder in interface Config.JwtProviderOrBuilderpublic List<? extends Config.JwtHeaderOrBuilder> getFromHeadersOrBuilderList()
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;getFromHeadersOrBuilderList in interface Config.JwtProviderOrBuilderpublic Config.JwtHeader.Builder addFromHeadersBuilder()
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public Config.JwtHeader.Builder addFromHeadersBuilder(int index)
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public List<Config.JwtHeader.Builder> getFromHeadersBuilderList()
Specify the HTTP headers to extract JWT token. For examples, following config: .. code-block:: yaml from_headers: - name: x-goog-iap-jwt-assertion can be used to extract token from header:: x-goog-iap-jwt-assertion: <JWT>.
repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;public com.google.protobuf.ProtocolStringList getFromParamsList()
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;getFromParamsList in interface Config.JwtProviderOrBuilderpublic int getFromParamsCount()
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;getFromParamsCount in interface Config.JwtProviderOrBuilderpublic String getFromParams(int index)
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;getFromParams in interface Config.JwtProviderOrBuilderpublic com.google.protobuf.ByteString getFromParamsBytes(int index)
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;getFromParamsBytes in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder setFromParams(int index, String value)
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;public Config.JwtProvider.Builder addFromParams(String value)
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;public Config.JwtProvider.Builder addAllFromParams(Iterable<String> values)
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;public Config.JwtProvider.Builder clearFromParams()
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;public Config.JwtProvider.Builder addFromParamsBytes(com.google.protobuf.ByteString value)
JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
For example, if config is:
.. code-block:: yaml
from_params:
- jwt_token
The JWT format in query parameter is::
/path?jwt_token=<JWT>
repeated string from_params = 7;public String getForwardPayloadHeader()
This field specifies the header name to forward a successfully verified JWT payload to the
backend. The forwarded data is::
base64_encoded(jwt_payload_in_JSON)
If it is not specified, the payload will not be forwarded.
Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
multiple JWTs from different issuers want to forward their payloads, their
`forward_payload_header` should be different.
string forward_payload_header = 8;getForwardPayloadHeader in interface Config.JwtProviderOrBuilderpublic com.google.protobuf.ByteString getForwardPayloadHeaderBytes()
This field specifies the header name to forward a successfully verified JWT payload to the
backend. The forwarded data is::
base64_encoded(jwt_payload_in_JSON)
If it is not specified, the payload will not be forwarded.
Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
multiple JWTs from different issuers want to forward their payloads, their
`forward_payload_header` should be different.
string forward_payload_header = 8;getForwardPayloadHeaderBytes in interface Config.JwtProviderOrBuilderpublic Config.JwtProvider.Builder setForwardPayloadHeader(String value)
This field specifies the header name to forward a successfully verified JWT payload to the
backend. The forwarded data is::
base64_encoded(jwt_payload_in_JSON)
If it is not specified, the payload will not be forwarded.
Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
multiple JWTs from different issuers want to forward their payloads, their
`forward_payload_header` should be different.
string forward_payload_header = 8;public Config.JwtProvider.Builder clearForwardPayloadHeader()
This field specifies the header name to forward a successfully verified JWT payload to the
backend. The forwarded data is::
base64_encoded(jwt_payload_in_JSON)
If it is not specified, the payload will not be forwarded.
Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
multiple JWTs from different issuers want to forward their payloads, their
`forward_payload_header` should be different.
string forward_payload_header = 8;public Config.JwtProvider.Builder setForwardPayloadHeaderBytes(com.google.protobuf.ByteString value)
This field specifies the header name to forward a successfully verified JWT payload to the
backend. The forwarded data is::
base64_encoded(jwt_payload_in_JSON)
If it is not specified, the payload will not be forwarded.
Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
multiple JWTs from different issuers want to forward their payloads, their
`forward_payload_header` should be different.
string forward_payload_header = 8;public final Config.JwtProvider.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
setUnknownFields in interface com.google.protobuf.Message.BuildersetUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>public final Config.JwtProvider.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
mergeUnknownFields in interface com.google.protobuf.Message.BuildermergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<Config.JwtProvider.Builder>Copyright © 2018 The Envoy Project. All rights reserved.