envoy.config.filter.http.jwt_authn.v2alpha

Interface Config.JwtProviderOrBuilder

All Superinterfaces:

com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder

All Known Implementing Classes:

Config.JwtProvider, Config.JwtProvider.Builder

Enclosing class:

Config

public static interface Config.JwtProviderOrBuilder
extends com.google.protobuf.MessageOrBuilder

Method Summary

Modifier and Type	Method and Description
String	getAudiences(int index) The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are allowed to access.
com.google.protobuf.ByteString	getAudiencesBytes(int index) The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are allowed to access.
int	getAudiencesCount() The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are allowed to access.
List<String>	getAudiencesList() The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are allowed to access.
boolean	getForward() If false, the JWT is removed in the request after a success verification.
String	getForwardPayloadHeader() This field specifies the header name to forward a successfully verified JWT payload to the backend.
com.google.protobuf.ByteString	getForwardPayloadHeaderBytes() This field specifies the header name to forward a successfully verified JWT payload to the backend.
Config.JwtHeader	getFromHeaders(int index) Specify the HTTP headers to extract JWT token.
int	getFromHeadersCount() Specify the HTTP headers to extract JWT token.
List<Config.JwtHeader>	getFromHeadersList() Specify the HTTP headers to extract JWT token.
Config.JwtHeaderOrBuilder	getFromHeadersOrBuilder(int index) Specify the HTTP headers to extract JWT token.
List<? extends Config.JwtHeaderOrBuilder>	getFromHeadersOrBuilderList() Specify the HTTP headers to extract JWT token.
String	getFromParams(int index) JWT is sent in a query parameter.
com.google.protobuf.ByteString	getFromParamsBytes(int index) JWT is sent in a query parameter.
int	getFromParamsCount() JWT is sent in a query parameter.
List<String>	getFromParamsList() JWT is sent in a query parameter.
String	getIssuer() Identifies the principal that issued the JWT.
com.google.protobuf.ByteString	getIssuerBytes() Identifies the principal that issued the JWT.
Config.JwtProvider.JwksSourceSpecifierCase	getJwksSourceSpecifierCase()
Base.DataSource	getLocalJwks() JWKS is in local data source.
Base.DataSourceOrBuilder	getLocalJwksOrBuilder() JWKS is in local data source.
Config.RemoteJwks	getRemoteJwks() JWKS can be fetched from remote server via HTTP/HTTPS.
Config.RemoteJwksOrBuilder	getRemoteJwksOrBuilder() JWKS can be fetched from remote server via HTTP/HTTPS.
boolean	hasLocalJwks() JWKS is in local data source.
boolean	hasRemoteJwks() JWKS can be fetched from remote server via HTTP/HTTPS.

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

isInitialized

Method Detail

getIssuer

String getIssuer()

 Identifies the principal that issued the JWT. See `here
  <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
 

string issuer = 1 [(.validate.rules) = { ... }

getIssuerBytes

com.google.protobuf.ByteString getIssuerBytes()

 Identifies the principal that issued the JWT. See `here
  <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_. Usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
 

string issuer = 1 [(.validate.rules) = { ... }

getAudiencesList

List<String> getAudiencesList()

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
 

repeated string audiences = 2;

getAudiencesCount

int getAudiencesCount()

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
 

repeated string audiences = 2;

getAudiences

String getAudiences(int index)

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
 

repeated string audiences = 2;

getAudiencesBytes

com.google.protobuf.ByteString getAudiencesBytes(int index)

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_. that are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
 

repeated string audiences = 2;

hasRemoteJwks

boolean hasRemoteJwks()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
 

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

getRemoteJwks

Config.RemoteJwks getRemoteJwks()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
 

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

getRemoteJwksOrBuilder

Config.RemoteJwksOrBuilder getRemoteJwksOrBuilder()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
 

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

hasLocalJwks

boolean hasLocalJwks()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: "ACADADADADA"
 

.envoy.api.v2.core.DataSource local_jwks = 4;

getLocalJwks

Base.DataSource getLocalJwks()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: "ACADADADADA"
 

.envoy.api.v2.core.DataSource local_jwks = 4;

getLocalJwksOrBuilder

Base.DataSourceOrBuilder getLocalJwksOrBuilder()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: "ACADADADADA"
 

.envoy.api.v2.core.DataSource local_jwks = 4;

getForward

boolean getForward()

 If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.
 

bool forward = 5;

getFromHeadersList

List<Config.JwtHeader> getFromHeadersList()

 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   x-goog-iap-jwt-assertion: <JWT>.
 

repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

getFromHeaders

Config.JwtHeader getFromHeaders(int index)

 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   x-goog-iap-jwt-assertion: <JWT>.
 

repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

getFromHeadersCount

int getFromHeadersCount()

 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   x-goog-iap-jwt-assertion: <JWT>.
 

repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

getFromHeadersOrBuilderList

List<? extends Config.JwtHeaderOrBuilder> getFromHeadersOrBuilderList()

 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   x-goog-iap-jwt-assertion: <JWT>.
 

repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

getFromHeadersOrBuilder

Config.JwtHeaderOrBuilder getFromHeadersOrBuilder(int index)

 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   x-goog-iap-jwt-assertion: <JWT>.
 

repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

getFromParamsList

List<String> getFromParamsList()

 JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
 

repeated string from_params = 7;

getFromParamsCount

int getFromParamsCount()

 JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
 

repeated string from_params = 7;

getFromParams

String getFromParams(int index)

 JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
 

repeated string from_params = 7;

getFromParamsBytes

com.google.protobuf.ByteString getFromParamsBytes(int index)

 JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
 

repeated string from_params = 7;

getForwardPayloadHeader

String getForwardPayloadHeader()

 This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::
    base64_encoded(jwt_payload_in_JSON)
 If it is not specified, the payload will not be forwarded.
 Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
 same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
 multiple JWTs from different issuers want to forward their payloads, their
 `forward_payload_header` should be different.
 

string forward_payload_header = 8;

getForwardPayloadHeaderBytes

com.google.protobuf.ByteString getForwardPayloadHeaderBytes()

 This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::
    base64_encoded(jwt_payload_in_JSON)
 If it is not specified, the payload will not be forwarded.
 Multiple JWTs in a request from different issuers will be supported. Multiple JWTs from the
 same issuer will not be supported. Each issuer can config this `forward_payload_header`. If
 multiple JWTs from different issuers want to forward their payloads, their
 `forward_payload_header` should be different.
 

string forward_payload_header = 8;

getJwksSourceSpecifierCase

Config.JwtProvider.JwksSourceSpecifierCase getJwksSourceSpecifierCase()