All Superinterfaces:: com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder

All Known Implementing Classes:: JwtProvider, JwtProvider.Builder

public interface JwtProviderOrBuilder extends com.google.protobuf.MessageOrBuilder

Method Summary

Modifier and Type

Method

Description

String

getAudiences(int index)

The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are allowed to access.

com.google.protobuf.ByteString

getAudiencesBytes(int index)

The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are allowed to access.

int

getAudiencesCount()

The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are allowed to access.

List<String>

getAudiencesList()

The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are allowed to access.

boolean

getForward()

If false, the JWT is removed in the request after a success verification.

String

getForwardPayloadHeader()

This field specifies the header name to forward a successfully verified JWT payload to the backend.

com.google.protobuf.ByteString

getForwardPayloadHeaderBytes()

This field specifies the header name to forward a successfully verified JWT payload to the backend.

JwtHeader

getFromHeaders(int index)

Two fields below define where to extract the JWT from an HTTP request.

int

getFromHeadersCount()

Two fields below define where to extract the JWT from an HTTP request.

List<JwtHeader>

getFromHeadersList()

Two fields below define where to extract the JWT from an HTTP request.

JwtHeaderOrBuilder

getFromHeadersOrBuilder(int index)

Two fields below define where to extract the JWT from an HTTP request.

List<? extends JwtHeaderOrBuilder>

getFromHeadersOrBuilderList()

Two fields below define where to extract the JWT from an HTTP request.

String

getFromParams(int index)

JWT is sent in a query parameter.

com.google.protobuf.ByteString

getFromParamsBytes(int index)

JWT is sent in a query parameter.

int

getFromParamsCount()

JWT is sent in a query parameter.

List<String>

getFromParamsList()

JWT is sent in a query parameter.

String

getIssuer()

Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued the JWT, usually a URL or an email address.

com.google.protobuf.ByteString

getIssuerBytes()

Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued the JWT, usually a URL or an email address.

JwtProvider.JwksSourceSpecifierCase

getJwksSourceSpecifierCase()

DataSource

getLocalJwks()

JWKS is in local data source.

DataSourceOrBuilder

getLocalJwksOrBuilder()

JWKS is in local data source.

String

getPayloadInMetadata()

If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** The value is the *protobuf::Struct*.

com.google.protobuf.ByteString

getPayloadInMetadataBytes()

If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn** The value is the *protobuf::Struct*.

RemoteJwks

getRemoteJwks()

JWKS can be fetched from remote server via HTTP/HTTPS.

RemoteJwksOrBuilder

getRemoteJwksOrBuilder()

JWKS can be fetched from remote server via HTTP/HTTPS.

boolean

hasLocalJwks()

JWKS is in local data source.

boolean

hasRemoteJwks()

JWKS can be fetched from remote server via HTTP/HTTPS.

Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder
isInitialized

Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Method Details

getIssuer

String getIssuer()

 Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 1 [(.validate.rules) = { ... }

Returns:: The issuer.

getIssuerBytes

com.google.protobuf.ByteString getIssuerBytes()

 Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.

 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 1 [(.validate.rules) = { ... }

Returns:: The bytes for issuer.

getAudiencesList

List<String> getAudiencesList()

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com

repeated string audiences = 2;

Returns:: A list containing the audiences.

getAudiencesCount

int getAudiencesCount()

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com

repeated string audiences = 2;

Returns:: The count of audiences.

getAudiences

String getAudiences(int index)

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com

repeated string audiences = 2;

Parameters:: index - The index of the element to return.
Returns:: The audiences at the given index.

getAudiencesBytes

com.google.protobuf.ByteString getAudiencesBytes(int index)

 The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.

 Example:

 .. code-block:: yaml

     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com

repeated string audiences = 2;

Parameters:: index - The index of the value to return.
Returns:: The bytes of the audiences at the given index.

hasRemoteJwks

boolean hasRemoteJwks()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

Returns:: Whether the remoteJwks field is set.

getRemoteJwks

RemoteJwks getRemoteJwks()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

Returns:: The remoteJwks.

getRemoteJwksOrBuilder

RemoteJwksOrBuilder getRemoteJwksOrBuilder()

 JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.

 Example:

 .. code-block:: yaml

    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300

.envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

hasLocalJwks

boolean hasLocalJwks()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA

.envoy.api.v2.core.DataSource local_jwks = 4;

Returns:: Whether the localJwks field is set.

getLocalJwks

DataSource getLocalJwks()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA

.envoy.api.v2.core.DataSource local_jwks = 4;

Returns:: The localJwks.

getLocalJwksOrBuilder

DataSourceOrBuilder getLocalJwksOrBuilder()

 JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.

 Example: local file

 .. code-block:: yaml

    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt

 Example: inline_string

 .. code-block:: yaml

    local_jwks:
      inline_string: ACADADADADA

.envoy.api.v2.core.DataSource local_jwks = 4;

getForward

boolean getForward()

 If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.

bool forward = 5;

Returns:: The forward.