Package io.envoyproxy.envoy.config.filter.http.jwt_authn.v2alpha

Class JwtProvider.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<BuilderT>
com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>
io.envoyproxy.envoy.config.filter.http.jwt_authn.v2alpha.JwtProvider.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, JwtProviderOrBuilder, Cloneable
Enclosing class:
JwtProvider
public static final class JwtProvider.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder> implements JwtProviderOrBuilder
 Please see following for JWT authentication flow:

 * `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_
 * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_
 * `OpenID Connect <http://openid.net/connect>`_

 A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies:

 * issuer: the principal that issues the JWT. It has to match the one from the token.
 * allowed audiences: the ones in the token have to be listed here.
 * how to fetch public key JWKS to verify the token signature.
 * how to extract the JWT in the request.
 * how to pass successfully verified token payload.

 Example:

 .. code-block:: yaml

     issuer: https://example.com
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
     remote_jwks:
       http_uri:
         uri: https://example.com/.well-known/jwks.json
         cluster: example_jwks_cluster
       cache_duration:
         seconds: 300

 [#next-free-field: 10]
Protobuf type envoy.config.filter.http.jwt_authn.v2alpha.JwtProvider

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • clear

      public JwtProvider.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • getDefaultInstanceForType

      public JwtProvider getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public JwtProvider build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public JwtProvider buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • clone

      public JwtProvider.Builder clone()
      Specified by:
      clone in interface com.google.protobuf.Message.Builder
      Specified by:
      clone in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clone in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • setField

      public JwtProvider.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      setField in interface com.google.protobuf.Message.Builder
      Overrides:
      setField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • clearField

      public JwtProvider.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
      Specified by:
      clearField in interface com.google.protobuf.Message.Builder
      Overrides:
      clearField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • clearOneof

      public JwtProvider.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
      Specified by:
      clearOneof in interface com.google.protobuf.Message.Builder
      Overrides:
      clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • setRepeatedField

      public JwtProvider.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
      Specified by:
      setRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • addRepeatedField

      public JwtProvider.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
      Specified by:
      addRepeatedField in interface com.google.protobuf.Message.Builder
      Overrides:
      addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • mergeFrom

      public JwtProvider.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<JwtProvider.Builder>

    • mergeFrom

      public JwtProvider.Builder mergeFrom(JwtProvider other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • mergeFrom

      public JwtProvider.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<JwtProvider.Builder>
      Throws:
      IOException

    • getJwksSourceSpecifierCase

      public JwtProvider.JwksSourceSpecifierCase getJwksSourceSpecifierCase()
      Specified by:
      getJwksSourceSpecifierCase in interface JwtProviderOrBuilder

    • clearJwksSourceSpecifier

      public JwtProvider.Builder clearJwksSourceSpecifier()

    • getIssuer

      public String getIssuer()
       Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
      string issuer = 1 [(.validate.rules) = { ... }
      Specified by:
      getIssuer in interface JwtProviderOrBuilder
      Returns:
      The issuer.

    • getIssuerBytes

      public com.google.protobuf.ByteString getIssuerBytes()
       Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
      string issuer = 1 [(.validate.rules) = { ... }
      Specified by:
      getIssuerBytes in interface JwtProviderOrBuilder
      Returns:
      The bytes for issuer.

    • setIssuer

      public JwtProvider.Builder setIssuer(String value)
       Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
      string issuer = 1 [(.validate.rules) = { ... }
      Parameters:
      value - The issuer to set.
      Returns:
      This builder for chaining.

    • clearIssuer

      public JwtProvider.Builder clearIssuer()
       Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
      string issuer = 1 [(.validate.rules) = { ... }
      Returns:
      This builder for chaining.

    • setIssuerBytes

      public JwtProvider.Builder setIssuerBytes(com.google.protobuf.ByteString value)
       Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
      string issuer = 1 [(.validate.rules) = { ... }
      Parameters:
      value - The bytes for issuer to set.
      Returns:
      This builder for chaining.

    • getAudiencesList

      public com.google.protobuf.ProtocolStringList getAudiencesList()
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Specified by:
      getAudiencesList in interface JwtProviderOrBuilder
      Returns:
      A list containing the audiences.

    • getAudiencesCount

      public int getAudiencesCount()
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Specified by:
      getAudiencesCount in interface JwtProviderOrBuilder
      Returns:
      The count of audiences.

    • getAudiences

      public String getAudiences(int index)
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Specified by:
      getAudiences in interface JwtProviderOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The audiences at the given index.

    • getAudiencesBytes

      public com.google.protobuf.ByteString getAudiencesBytes(int index)
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Specified by:
      getAudiencesBytes in interface JwtProviderOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the audiences at the given index.

    • setAudiences

      public JwtProvider.Builder setAudiences(int index, String value)
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Parameters:
      index - The index to set the value at.
      value - The audiences to set.
      Returns:
      This builder for chaining.

    • addAudiences

      public JwtProvider.Builder addAudiences(String value)
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Parameters:
      value - The audiences to add.
      Returns:
      This builder for chaining.

    • addAllAudiences

      public JwtProvider.Builder addAllAudiences(Iterable<String> values)
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Parameters:
      values - The audiences to add.
      Returns:
      This builder for chaining.

    • clearAudiences

      public JwtProvider.Builder clearAudiences()
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Returns:
      This builder for chaining.

    • addAudiencesBytes

      public JwtProvider.Builder addAudiencesBytes(com.google.protobuf.ByteString value)
       The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
      repeated string audiences = 2;
      Parameters:
      value - The bytes of the audiences to add.
      Returns:
      This builder for chaining.

    • hasRemoteJwks

      public boolean hasRemoteJwks()
       JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
      .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;
      Specified by:
      hasRemoteJwks in interface JwtProviderOrBuilder
      Returns:
      Whether the remoteJwks field is set.

    • getRemoteJwks

      public RemoteJwks getRemoteJwks()
       JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
      .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;
      Specified by:
      getRemoteJwks in interface JwtProviderOrBuilder
      Returns:
      The remoteJwks.

    • setRemoteJwks

      public JwtProvider.Builder setRemoteJwks(RemoteJwks value)
       JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
      .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

    • setRemoteJwks

      public JwtProvider.Builder setRemoteJwks(RemoteJwks.Builder builderForValue)
       JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
      .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

    • mergeRemoteJwks

      public JwtProvider.Builder mergeRemoteJwks(RemoteJwks value)
       JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
      .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

    • clearRemoteJwks

      public JwtProvider.Builder clearRemoteJwks()
       JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
      .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

    • getRemoteJwksBuilder

      public RemoteJwks.Builder getRemoteJwksBuilder()
       JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
      .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

    • getRemoteJwksOrBuilder

      public RemoteJwksOrBuilder getRemoteJwksOrBuilder()
       JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
      .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;
      Specified by:
      getRemoteJwksOrBuilder in interface JwtProviderOrBuilder

    • hasLocalJwks

      public boolean hasLocalJwks()
       JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA
      .envoy.api.v2.core.DataSource local_jwks = 4;
      Specified by:
      hasLocalJwks in interface JwtProviderOrBuilder
      Returns:
      Whether the localJwks field is set.

    • getLocalJwks

      public DataSource getLocalJwks()
       JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA
      .envoy.api.v2.core.DataSource local_jwks = 4;
      Specified by:
      getLocalJwks in interface JwtProviderOrBuilder
      Returns:
      The localJwks.

    • setLocalJwks

      public JwtProvider.Builder setLocalJwks(DataSource value)
       JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA
      .envoy.api.v2.core.DataSource local_jwks = 4;

    • setLocalJwks

      public JwtProvider.Builder setLocalJwks(DataSource.Builder builderForValue)
       JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA
      .envoy.api.v2.core.DataSource local_jwks = 4;

    • mergeLocalJwks

      public JwtProvider.Builder mergeLocalJwks(DataSource value)
       JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA
      .envoy.api.v2.core.DataSource local_jwks = 4;

    • clearLocalJwks

      public JwtProvider.Builder clearLocalJwks()
       JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA
      .envoy.api.v2.core.DataSource local_jwks = 4;

    • getLocalJwksBuilder

      public DataSource.Builder getLocalJwksBuilder()
       JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA
      .envoy.api.v2.core.DataSource local_jwks = 4;

    • getLocalJwksOrBuilder

      public DataSourceOrBuilder getLocalJwksOrBuilder()
       JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA
      .envoy.api.v2.core.DataSource local_jwks = 4;
      Specified by:
      getLocalJwksOrBuilder in interface JwtProviderOrBuilder

    • getForward

      public boolean getForward()
       If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.
      bool forward = 5;
      Specified by:
      getForward in interface JwtProviderOrBuilder
      Returns:
      The forward.

    • setForward

      public JwtProvider.Builder setForward(boolean value)
       If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.
      bool forward = 5;
      Parameters:
      value - The forward to set.
      Returns:
      This builder for chaining.

    • clearForward

      public JwtProvider.Builder clearForward()
       If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.
      bool forward = 5;
      Returns:
      This builder for chaining.

    • getFromHeadersList

      public List<JwtHeader> getFromHeadersList()
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
      Specified by:
      getFromHeadersList in interface JwtProviderOrBuilder

    • getFromHeadersCount

      public int getFromHeadersCount()
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
      Specified by:
      getFromHeadersCount in interface JwtProviderOrBuilder

    • getFromHeaders

      public JwtHeader getFromHeaders(int index)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
      Specified by:
      getFromHeaders in interface JwtProviderOrBuilder

    • setFromHeaders

      public JwtProvider.Builder setFromHeaders(int index, JwtHeader value)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • setFromHeaders

      public JwtProvider.Builder setFromHeaders(int index, JwtHeader.Builder builderForValue)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • addFromHeaders

      public JwtProvider.Builder addFromHeaders(JwtHeader value)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • addFromHeaders

      public JwtProvider.Builder addFromHeaders(int index, JwtHeader value)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • addFromHeaders

      public JwtProvider.Builder addFromHeaders(JwtHeader.Builder builderForValue)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • addFromHeaders

      public JwtProvider.Builder addFromHeaders(int index, JwtHeader.Builder builderForValue)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • addAllFromHeaders

      public JwtProvider.Builder addAllFromHeaders(Iterable<? extends JwtHeader> values)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • clearFromHeaders

      public JwtProvider.Builder clearFromHeaders()
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • removeFromHeaders

      public JwtProvider.Builder removeFromHeaders(int index)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • getFromHeadersBuilder

      public JwtHeader.Builder getFromHeadersBuilder(int index)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • getFromHeadersOrBuilder

      public JwtHeaderOrBuilder getFromHeadersOrBuilder(int index)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
      Specified by:
      getFromHeadersOrBuilder in interface JwtProviderOrBuilder

    • getFromHeadersOrBuilderList

      public List<? extends JwtHeaderOrBuilder> getFromHeadersOrBuilderList()
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
      Specified by:
      getFromHeadersOrBuilderList in interface JwtProviderOrBuilder

    • addFromHeadersBuilder

      public JwtHeader.Builder addFromHeadersBuilder()
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • addFromHeadersBuilder

      public JwtHeader.Builder addFromHeadersBuilder(int index)
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • getFromHeadersBuilderList

      public List<JwtHeader.Builder> getFromHeadersBuilderList()
       Two fields below define where to extract the JWT from an HTTP request.

 If no explicit location is specified, the following default locations are tried in order:

 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::

    Authorization: Bearer <token>.

 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.

 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.

 Specify the HTTP headers to extract the JWT. For examples, following config:

 .. code-block:: yaml

   from_headers:
   - name: x-goog-iap-jwt-assertion

 can be used to extract token from header::

   ``x-goog-iap-jwt-assertion: <JWT>``.
      repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

    • getFromParamsList

      public com.google.protobuf.ProtocolStringList getFromParamsList()
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Specified by:
      getFromParamsList in interface JwtProviderOrBuilder
      Returns:
      A list containing the fromParams.

    • getFromParamsCount

      public int getFromParamsCount()
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Specified by:
      getFromParamsCount in interface JwtProviderOrBuilder
      Returns:
      The count of fromParams.

    • getFromParams

      public String getFromParams(int index)
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Specified by:
      getFromParams in interface JwtProviderOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The fromParams at the given index.

    • getFromParamsBytes

      public com.google.protobuf.ByteString getFromParamsBytes(int index)
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Specified by:
      getFromParamsBytes in interface JwtProviderOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the fromParams at the given index.

    • setFromParams

      public JwtProvider.Builder setFromParams(int index, String value)
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Parameters:
      index - The index to set the value at.
      value - The fromParams to set.
      Returns:
      This builder for chaining.

    • addFromParams

      public JwtProvider.Builder addFromParams(String value)
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Parameters:
      value - The fromParams to add.
      Returns:
      This builder for chaining.

    • addAllFromParams

      public JwtProvider.Builder addAllFromParams(Iterable<String> values)
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Parameters:
      values - The fromParams to add.
      Returns:
      This builder for chaining.

    • clearFromParams

      public JwtProvider.Builder clearFromParams()
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Returns:
      This builder for chaining.

    • addFromParamsBytes

      public JwtProvider.Builder addFromParamsBytes(com.google.protobuf.ByteString value)
       JWT is sent in a query parameter. `jwt_params` represents the query parameter names.

 For example, if config is:

 .. code-block:: yaml

   from_params:
   - jwt_token

 The JWT format in query parameter is::

    /path?jwt_token=<JWT>
      repeated string from_params = 7;
      Parameters:
      value - The bytes of the fromParams to add.
      Returns:
      This builder for chaining.

    • getForwardPayloadHeader

      public String getForwardPayloadHeader()
       This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::

    base64url_encoded(jwt_payload_in_JSON)

 If it is not specified, the payload will not be forwarded.
      string forward_payload_header = 8;
      Specified by:
      getForwardPayloadHeader in interface JwtProviderOrBuilder
      Returns:
      The forwardPayloadHeader.

    • getForwardPayloadHeaderBytes

      public com.google.protobuf.ByteString getForwardPayloadHeaderBytes()
       This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::

    base64url_encoded(jwt_payload_in_JSON)

 If it is not specified, the payload will not be forwarded.
      string forward_payload_header = 8;
      Specified by:
      getForwardPayloadHeaderBytes in interface JwtProviderOrBuilder
      Returns:
      The bytes for forwardPayloadHeader.

    • setForwardPayloadHeader

      public JwtProvider.Builder setForwardPayloadHeader(String value)
       This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::

    base64url_encoded(jwt_payload_in_JSON)

 If it is not specified, the payload will not be forwarded.
      string forward_payload_header = 8;
      Parameters:
      value - The forwardPayloadHeader to set.
      Returns:
      This builder for chaining.

    • clearForwardPayloadHeader

      public JwtProvider.Builder clearForwardPayloadHeader()
       This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::

    base64url_encoded(jwt_payload_in_JSON)

 If it is not specified, the payload will not be forwarded.
      string forward_payload_header = 8;
      Returns:
      This builder for chaining.

    • setForwardPayloadHeaderBytes

      public JwtProvider.Builder setForwardPayloadHeaderBytes(com.google.protobuf.ByteString value)
       This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::

    base64url_encoded(jwt_payload_in_JSON)

 If it is not specified, the payload will not be forwarded.
      string forward_payload_header = 8;
      Parameters:
      value - The bytes for forwardPayloadHeader to set.
      Returns:
      This builder for chaining.

    • getPayloadInMetadata

      public String getPayloadInMetadata()
       If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.

 For example, if payload_in_metadata is *my_payload*:

 .. code-block:: yaml

   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
      string payload_in_metadata = 9;
      Specified by:
      getPayloadInMetadata in interface JwtProviderOrBuilder
      Returns:
      The payloadInMetadata.

    • getPayloadInMetadataBytes

      public com.google.protobuf.ByteString getPayloadInMetadataBytes()
       If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.

 For example, if payload_in_metadata is *my_payload*:

 .. code-block:: yaml

   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
      string payload_in_metadata = 9;
      Specified by:
      getPayloadInMetadataBytes in interface JwtProviderOrBuilder
      Returns:
      The bytes for payloadInMetadata.

    • setPayloadInMetadata

      public JwtProvider.Builder setPayloadInMetadata(String value)
       If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.

 For example, if payload_in_metadata is *my_payload*:

 .. code-block:: yaml

   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
      string payload_in_metadata = 9;
      Parameters:
      value - The payloadInMetadata to set.
      Returns:
      This builder for chaining.

    • clearPayloadInMetadata

      public JwtProvider.Builder clearPayloadInMetadata()
       If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.

 For example, if payload_in_metadata is *my_payload*:

 .. code-block:: yaml

   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
      string payload_in_metadata = 9;
      Returns:
      This builder for chaining.

    • setPayloadInMetadataBytes

      public JwtProvider.Builder setPayloadInMetadataBytes(com.google.protobuf.ByteString value)
       If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.

 For example, if payload_in_metadata is *my_payload*:

 .. code-block:: yaml

   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
      string payload_in_metadata = 9;
      Parameters:
      value - The bytes for payloadInMetadata to set.
      Returns:
      This builder for chaining.

    • setUnknownFields

      public final JwtProvider.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      setUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

    • mergeUnknownFields

      public final JwtProvider.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
      Specified by:
      mergeUnknownFields in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>