java.lang.Object

com.google.protobuf.AbstractMessageLite

com.google.protobuf.AbstractMessage

com.google.protobuf.GeneratedMessageV3

io.envoyproxy.envoy.config.filter.http.jwt_authn.v2alpha.JwtProvider

All Implemented Interfaces:: com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, JwtProviderOrBuilder, Serializable

public final class JwtProvider extends com.google.protobuf.GeneratedMessageV3 implements JwtProviderOrBuilder

 Please see following for JWT authentication flow:

 * `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_
 * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_
 * `OpenID Connect <http://openid.net/connect>`_

 A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies:

 * issuer: the principal that issues the JWT. It has to match the one from the token.
 * allowed audiences: the ones in the token have to be listed here.
 * how to fetch public key JWKS to verify the token signature.
 * how to extract the JWT in the request.
 * how to pass successfully verified token payload.

 Example:

 .. code-block:: yaml

     issuer: https://example.com
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
     remote_jwks:
       http_uri:
         uri: https://example.com/.well-known/jwks.json
         cluster: example_jwks_cluster
       cache_duration:
         seconds: 300

 [#next-free-field: 10]

Protobuf type envoy.config.filter.http.jwt_authn.v2alpha.JwtProvider

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type

Class

Description

static final class

JwtProvider.Builder

Please see following for JWT authentication flow: * `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_ * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_ * `OpenID Connect <http://openid.net/connect>`_ A JwtProvider message specifies how a JSON Web Token (JWT) can be verified.

static enum

JwtProvider.JwksSourceSpecifierCase

Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3
com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>,BuilderT extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT,BuilderT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite
com.google.protobuf.AbstractMessageLite.InternalOneOfEnum
Field Summary

Fields

Modifier and Type

Field

Description

static final int

AUDIENCES_FIELD_NUMBER

static final int

FORWARD_FIELD_NUMBER

static final int

FORWARD_PAYLOAD_HEADER_FIELD_NUMBER

static final int

FROM_HEADERS_FIELD_NUMBER

static final int

FROM_PARAMS_FIELD_NUMBER

static final int

ISSUER_FIELD_NUMBER

static final int

LOCAL_JWKS_FIELD_NUMBER

static final int

PAYLOAD_IN_METADATA_FIELD_NUMBER

static final int

REMOTE_JWKS_FIELD_NUMBER

Fields inherited from class com.google.protobuf.GeneratedMessageV3
alwaysUseFieldBuilders, unknownFields

Fields inherited from class com.google.protobuf.AbstractMessage
memoizedSize

Fields inherited from class com.google.protobuf.AbstractMessageLite
memoizedHashCode
Method Summary

Modifier and Type

Method

Description

boolean

equals(Object obj)

String

getAudiences(int index)

The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are allowed to access.

com.google.protobuf.ByteString

getAudiencesBytes(int index)

The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are allowed to access.

int

getAudiencesCount()

The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are allowed to access.

com.google.protobuf.ProtocolStringList

getAudiencesList()

The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are allowed to access.

static JwtProvider

getDefaultInstance()

JwtProvider

getDefaultInstanceForType()

static final com.google.protobuf.Descriptors.Descriptor

getDescriptor()

boolean

getForward()

If false, the JWT is removed in the request after a success verification.

String

getForwardPayloadHeader()

This field specifies the header name to forward a successfully verified JWT payload to the backend.

com.google.protobuf.ByteString

getForwardPayloadHeaderBytes()

This field specifies the header name to forward a successfully verified JWT payload to the backend.

JwtHeader

getFromHeaders(int index)

Two fields below define where to extract the JWT from an HTTP request.

int

getFromHeadersCount()

Two fields below define where to extract the JWT from an HTTP request.

List<JwtHeader>

getFromHeadersList()

Two fields below define where to extract the JWT from an HTTP request.

JwtHeaderOrBuilder

getFromHeadersOrBuilder(int index)

Two fields below define where to extract the JWT from an HTTP request.

List<? extends JwtHeaderOrBuilder>

getFromHeadersOrBuilderList()

Two fields below define where to extract the JWT from an HTTP request.

String

getFromParams(int index)

JWT is sent in a query parameter.

com.google.protobuf.ByteString

getFromParamsBytes(int index)

JWT is sent in a query parameter.

int

getFromParamsCount()

JWT is sent in a query parameter.

com.google.protobuf.ProtocolStringList

getFromParamsList()

JWT is sent in a query parameter.

String

getIssuer()

Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued the JWT, usually a URL or an email address.

com.google.protobuf.ByteString

getIssuerBytes()

Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued the JWT, usually a URL or an email address.

JwtProvider.JwksSourceSpecifierCase

getJwksSourceSpecifierCase()

DataSource

getLocalJwks()

JWKS is in local data source.

DataSourceOrBuilder

getLocalJwksOrBuilder()

JWKS is in local data source.

com.google.protobuf.Parser<JwtProvider>

getParserForType()

String

getPayloadInMetadata()

If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** The value is the *protobuf::Struct*.

com.google.protobuf.ByteString

getPayloadInMetadataBytes()

If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** The value is the *protobuf::Struct*.

RemoteJwks

getRemoteJwks()

JWKS can be fetched from remote server via HTTP/HTTPS.

RemoteJwksOrBuilder

getRemoteJwksOrBuilder()

JWKS can be fetched from remote server via HTTP/HTTPS.

int

getSerializedSize()

int

hashCode()

boolean

hasLocalJwks()

JWKS is in local data source.

boolean

hasRemoteJwks()

JWKS can be fetched from remote server via HTTP/HTTPS.

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable

internalGetFieldAccessorTable()

final boolean

isInitialized()

static JwtProvider.Builder

newBuilder()

static JwtProvider.Builder

newBuilder(JwtProvider prototype)

JwtProvider.Builder

newBuilderForType()

protected JwtProvider.Builder

newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)

protected Object

newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)

static JwtProvider

parseDelimitedFrom(InputStream input)

static JwtProvider

parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)

static JwtProvider

parseFrom(byte[] data)

static JwtProvider

parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)

static JwtProvider

parseFrom(com.google.protobuf.ByteString data)

static JwtProvider

parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)

static JwtProvider

parseFrom(com.google.protobuf.CodedInputStream input)

static JwtProvider

parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)

static JwtProvider

parseFrom(InputStream input)

static JwtProvider

parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)

static JwtProvider

parseFrom(ByteBuffer data)

static JwtProvider

parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)

static com.google.protobuf.Parser<JwtProvider>

parser()

JwtProvider.Builder

toBuilder()

void

writeTo(com.google.protobuf.CodedOutputStream output)

Methods inherited from class com.google.protobuf.GeneratedMessageV3
canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, isStringEmpty, makeExtensionsImmutable, makeMutableCopy, makeMutableCopy, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

Methods inherited from class com.google.protobuf.AbstractMessage
findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite
addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageLite
toByteArray, toByteString, writeDelimitedTo, writeTo

Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Field Details
- ISSUER_FIELD_NUMBER
  
  public static final int ISSUER_FIELD_NUMBER
  See Also:
  
  Constant Field Values
- AUDIENCES_FIELD_NUMBER
  
  public static final int AUDIENCES_FIELD_NUMBER
  See Also:
  
  Constant Field Values
- REMOTE_JWKS_FIELD_NUMBER
  
  public static final int REMOTE_JWKS_FIELD_NUMBER
  See Also:
  
  Constant Field Values
- LOCAL_JWKS_FIELD_NUMBER
  
  public static final int LOCAL_JWKS_FIELD_NUMBER
  See Also:
  
  Constant Field Values
- FORWARD_FIELD_NUMBER
  
  public static final int FORWARD_FIELD_NUMBER
  See Also:
  
  Constant Field Values
- FROM_HEADERS_FIELD_NUMBER
  
  public static final int FROM_HEADERS_FIELD_NUMBER
  See Also:
  
  Constant Field Values
- FROM_PARAMS_FIELD_NUMBER
  
  public static final int FROM_PARAMS_FIELD_NUMBER
  See Also:
  
  Constant Field Values
- FORWARD_PAYLOAD_HEADER_FIELD_NUMBER
  
  public static final int FORWARD_PAYLOAD_HEADER_FIELD_NUMBER
  See Also:
  
  Constant Field Values
- PAYLOAD_IN_METADATA_FIELD_NUMBER
  
  public static final int PAYLOAD_IN_METADATA_FIELD_NUMBER
  See Also:
  
  Constant Field Values

Method Details

newInstance

protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)

Overrides:

newInstance in class com.google.protobuf.GeneratedMessageV3
getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3
getJwksSourceSpecifierCase

public JwtProvider.JwksSourceSpecifierCase getJwksSourceSpecifierCase()

Specified by:

getJwksSourceSpecifierCase in interface JwtProviderOrBuilder

getIssuer

public String getIssuer()

 Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 1 [(.validate.rules) = { ... }

Specified by:: getIssuer in interface JwtProviderOrBuilder
Returns:: The issuer.

getIssuerBytes

public com.google.protobuf.ByteString getIssuerBytes()

 Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 1 [(.validate.rules) = { ... }

Specified by:: getIssuerBytes in interface JwtProviderOrBuilder
Returns:: The bytes for issuer.

getAudiencesList

public com.google.protobuf.ProtocolStringList getAudiencesList()

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com

repeated string audiences = 2;

Specified by:: getAudiencesList in interface JwtProviderOrBuilder
Returns:: A list containing the audiences.

getAudiencesCount

public int getAudiencesCount()

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com

repeated string audiences = 2;

Specified by:: getAudiencesCount in interface JwtProviderOrBuilder
Returns:: The count of audiences.

getAudiences

public String getAudiences(int index)

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com

repeated string audiences = 2;

Specified by:: getAudiences in interface JwtProviderOrBuilder
Parameters:: index - The index of the element to return.
Returns:: The audiences at the given index.

getAudiencesBytes

public com.google.protobuf.ByteString getAudiencesBytes(int index)

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com

repeated string audiences = 2;

Specified by:: getAudiencesBytes in interface JwtProviderOrBuilder
Parameters:: index - The index of the value to return.
Returns:: The bytes of the audiences at the given index.

hasRemoteJwks

public boolean hasRemoteJwks()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

Specified by:: hasRemoteJwks in interface JwtProviderOrBuilder
Returns:: Whether the remoteJwks field is set.

getRemoteJwks

public RemoteJwks getRemoteJwks()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

Specified by:: getRemoteJwks in interface JwtProviderOrBuilder
Returns:: The remoteJwks.

getRemoteJwksOrBuilder

public RemoteJwksOrBuilder getRemoteJwksOrBuilder()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

Specified by:: getRemoteJwksOrBuilder in interface JwtProviderOrBuilder

hasLocalJwks

public boolean hasLocalJwks()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA

.envoy.api.v2.core.DataSource local_jwks = 4;

Specified by:: hasLocalJwks in interface JwtProviderOrBuilder
Returns:: Whether the localJwks field is set.

getLocalJwks

public DataSource getLocalJwks()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA

.envoy.api.v2.core.DataSource local_jwks = 4;

Specified by:: getLocalJwks in interface JwtProviderOrBuilder
Returns:: The localJwks.

getLocalJwksOrBuilder

public DataSourceOrBuilder getLocalJwksOrBuilder()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA

.envoy.api.v2.core.DataSource local_jwks = 4;

Specified by:: getLocalJwksOrBuilder in interface JwtProviderOrBuilder

getForward

public boolean getForward()

 If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.

bool forward = 5;

Specified by:: getForward in interface JwtProviderOrBuilder
Returns:: The forward.