Package io.envoyproxy.envoy.extensions.filters.http.jwt_authn.v3

Interface RemoteJwksOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
RemoteJwks, RemoteJwks.Builder
public interface RemoteJwksOrBuilder extends com.google.protobuf.MessageOrBuilder

  • Method Summary

    Modifier and Type
    Method
    Description
    JwksAsyncFetch
    getAsyncFetch()
    Fetch Jwks asynchronously in the main thread before the listener is activated.
    JwksAsyncFetchOrBuilder
    getAsyncFetchOrBuilder()
    Fetch Jwks asynchronously in the main thread before the listener is activated.
    com.google.protobuf.Duration
    getCacheDuration()
    Duration after which the cached JWKS should be expired.
    com.google.protobuf.DurationOrBuilder
    getCacheDurationOrBuilder()
    Duration after which the cached JWKS should be expired.
    HttpUri
    getHttpUri()
    The HTTP URI to fetch the JWKS.
    HttpUriOrBuilder
    getHttpUriOrBuilder()
    The HTTP URI to fetch the JWKS.
    RetryPolicy
    getRetryPolicy()
    Retry policy for fetching Jwks. optional. turned off by default.
    RetryPolicyOrBuilder
    getRetryPolicyOrBuilder()
    Retry policy for fetching Jwks. optional. turned off by default.
    boolean
    hasAsyncFetch()
    Fetch Jwks asynchronously in the main thread before the listener is activated.
    boolean
    hasCacheDuration()
    Duration after which the cached JWKS should be expired.
    boolean
    hasHttpUri()
    The HTTP URI to fetch the JWKS.
    boolean
    hasRetryPolicy()
    Retry policy for fetching Jwks. optional. turned off by default.

    Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

    isInitialized

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

  • Method Details

    • hasHttpUri

      boolean hasHttpUri()
       The HTTP URI to fetch the JWKS. For example:

 .. code-block:: yaml

    http_uri:
      uri: https://www.googleapis.com/oauth2/v1/certs
      cluster: jwt.www.googleapis.com|443
      timeout: 1s
      .envoy.config.core.v3.HttpUri http_uri = 1 [(.validate.rules) = { ... }
      Returns:
      Whether the httpUri field is set.

    • getHttpUri

      HttpUri getHttpUri()
       The HTTP URI to fetch the JWKS. For example:

 .. code-block:: yaml

    http_uri:
      uri: https://www.googleapis.com/oauth2/v1/certs
      cluster: jwt.www.googleapis.com|443
      timeout: 1s
      .envoy.config.core.v3.HttpUri http_uri = 1 [(.validate.rules) = { ... }
      Returns:
      The httpUri.

    • getHttpUriOrBuilder

      HttpUriOrBuilder getHttpUriOrBuilder()
       The HTTP URI to fetch the JWKS. For example:

 .. code-block:: yaml

    http_uri:
      uri: https://www.googleapis.com/oauth2/v1/certs
      cluster: jwt.www.googleapis.com|443
      timeout: 1s
      .envoy.config.core.v3.HttpUri http_uri = 1 [(.validate.rules) = { ... }

    • hasCacheDuration

      boolean hasCacheDuration()
       Duration after which the cached JWKS should be expired. If not specified, default cache
 duration is 10 minutes.
      .google.protobuf.Duration cache_duration = 2 [(.validate.rules) = { ... }
      Returns:
      Whether the cacheDuration field is set.

    • getCacheDuration

      com.google.protobuf.Duration getCacheDuration()
       Duration after which the cached JWKS should be expired. If not specified, default cache
 duration is 10 minutes.
      .google.protobuf.Duration cache_duration = 2 [(.validate.rules) = { ... }
      Returns:
      The cacheDuration.

    • getCacheDurationOrBuilder

      com.google.protobuf.DurationOrBuilder getCacheDurationOrBuilder()
       Duration after which the cached JWKS should be expired. If not specified, default cache
 duration is 10 minutes.
      .google.protobuf.Duration cache_duration = 2 [(.validate.rules) = { ... }

    • hasAsyncFetch

      boolean hasAsyncFetch()
       Fetch Jwks asynchronously in the main thread before the listener is activated.
 Fetched Jwks can be used by all worker threads.

 If this feature is not enabled:

 * The Jwks is fetched on-demand when the requests come. During the fetching, first
   few requests are paused until the Jwks is fetched.
 * Each worker thread fetches its own Jwks since Jwks cache is per worker thread.

 If this feature is enabled:

 * Fetched Jwks is done in the main thread before the listener is activated. Its fetched
   Jwks can be used by all worker threads. Each worker thread doesn't need to fetch its own.
 * Jwks is ready when the requests come, not need to wait for the Jwks fetching.
      .envoy.extensions.filters.http.jwt_authn.v3.JwksAsyncFetch async_fetch = 3;
      Returns:
      Whether the asyncFetch field is set.

    • getAsyncFetch

      JwksAsyncFetch getAsyncFetch()
       Fetch Jwks asynchronously in the main thread before the listener is activated.
 Fetched Jwks can be used by all worker threads.

 If this feature is not enabled:

 * The Jwks is fetched on-demand when the requests come. During the fetching, first
   few requests are paused until the Jwks is fetched.
 * Each worker thread fetches its own Jwks since Jwks cache is per worker thread.

 If this feature is enabled:

 * Fetched Jwks is done in the main thread before the listener is activated. Its fetched
   Jwks can be used by all worker threads. Each worker thread doesn't need to fetch its own.
 * Jwks is ready when the requests come, not need to wait for the Jwks fetching.
      .envoy.extensions.filters.http.jwt_authn.v3.JwksAsyncFetch async_fetch = 3;
      Returns:
      The asyncFetch.

    • getAsyncFetchOrBuilder

      JwksAsyncFetchOrBuilder getAsyncFetchOrBuilder()
       Fetch Jwks asynchronously in the main thread before the listener is activated.
 Fetched Jwks can be used by all worker threads.

 If this feature is not enabled:

 * The Jwks is fetched on-demand when the requests come. During the fetching, first
   few requests are paused until the Jwks is fetched.
 * Each worker thread fetches its own Jwks since Jwks cache is per worker thread.

 If this feature is enabled:

 * Fetched Jwks is done in the main thread before the listener is activated. Its fetched
   Jwks can be used by all worker threads. Each worker thread doesn't need to fetch its own.
 * Jwks is ready when the requests come, not need to wait for the Jwks fetching.
      .envoy.extensions.filters.http.jwt_authn.v3.JwksAsyncFetch async_fetch = 3;

    • hasRetryPolicy

      boolean hasRetryPolicy()
       Retry policy for fetching Jwks. optional. turned off by default.

 For example:

 .. code-block:: yaml

   retry_policy:
     retry_back_off:
       base_interval: 0.01s
       max_interval: 20s
     num_retries: 10

 will yield a randomized truncated exponential backoff policy with an initial delay of 10ms
 10 maximum attempts spaced at most 20s seconds.

 .. code-block:: yaml

   retry_policy:
     num_retries:1

 uses the default :ref:`retry backoff strategy <envoy_v3_api_msg_config.core.v3.BackoffStrategy>`.
 with the default base interval is 1000 milliseconds. and the default maximum interval of 10 times the base interval.

 if num_retries is omitted, the default is to allow only one retry.


 If enabled, the retry policy will apply to all Jwks fetching approaches, e.g. on demand or asynchronously in background.
      .envoy.config.core.v3.RetryPolicy retry_policy = 4;
      Returns:
      Whether the retryPolicy field is set.

    • getRetryPolicy

      RetryPolicy getRetryPolicy()
       Retry policy for fetching Jwks. optional. turned off by default.

 For example:

 .. code-block:: yaml

   retry_policy:
     retry_back_off:
       base_interval: 0.01s
       max_interval: 20s
     num_retries: 10

 will yield a randomized truncated exponential backoff policy with an initial delay of 10ms
 10 maximum attempts spaced at most 20s seconds.

 .. code-block:: yaml

   retry_policy:
     num_retries:1

 uses the default :ref:`retry backoff strategy <envoy_v3_api_msg_config.core.v3.BackoffStrategy>`.
 with the default base interval is 1000 milliseconds. and the default maximum interval of 10 times the base interval.

 if num_retries is omitted, the default is to allow only one retry.


 If enabled, the retry policy will apply to all Jwks fetching approaches, e.g. on demand or asynchronously in background.
      .envoy.config.core.v3.RetryPolicy retry_policy = 4;
      Returns:
      The retryPolicy.

    • getRetryPolicyOrBuilder

      RetryPolicyOrBuilder getRetryPolicyOrBuilder()
       Retry policy for fetching Jwks. optional. turned off by default.

 For example:

 .. code-block:: yaml

   retry_policy:
     retry_back_off:
       base_interval: 0.01s
       max_interval: 20s
     num_retries: 10

 will yield a randomized truncated exponential backoff policy with an initial delay of 10ms
 10 maximum attempts spaced at most 20s seconds.

 .. code-block:: yaml

   retry_policy:
     num_retries:1

 uses the default :ref:`retry backoff strategy <envoy_v3_api_msg_config.core.v3.BackoffStrategy>`.
 with the default base interval is 1000 milliseconds. and the default maximum interval of 10 times the base interval.

 if num_retries is omitted, the default is to allow only one retry.


 If enabled, the retry policy will apply to all Jwks fetching approaches, e.g. on demand or asynchronously in background.
      .envoy.config.core.v3.RetryPolicy retry_policy = 4;