Package io.envoyproxy.envoy.extensions.filters.http.oauth2.v3

Class OAuth2Config

java.lang.Object
com.google.protobuf.AbstractMessageLite
com.google.protobuf.AbstractMessage
com.google.protobuf.GeneratedMessageV3
io.envoyproxy.envoy.extensions.filters.http.oauth2.v3.OAuth2Config
All Implemented Interfaces:
com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, OAuth2ConfigOrBuilder, Serializable
public final class OAuth2Config extends com.google.protobuf.GeneratedMessageV3 implements OAuth2ConfigOrBuilder
 OAuth config

 [#next-free-field: 27]
Protobuf type envoy.extensions.filters.http.oauth2.v3.OAuth2Config
See Also:

  • Field Details

    • TOKEN_ENDPOINT_FIELD_NUMBER

      public static final int TOKEN_ENDPOINT_FIELD_NUMBER
      See Also:

    • RETRY_POLICY_FIELD_NUMBER

      public static final int RETRY_POLICY_FIELD_NUMBER
      See Also:

    • AUTHORIZATION_ENDPOINT_FIELD_NUMBER

      public static final int AUTHORIZATION_ENDPOINT_FIELD_NUMBER
      See Also:

    • END_SESSION_ENDPOINT_FIELD_NUMBER

      public static final int END_SESSION_ENDPOINT_FIELD_NUMBER
      See Also:

    • CREDENTIALS_FIELD_NUMBER

      public static final int CREDENTIALS_FIELD_NUMBER
      See Also:

    • REDIRECT_URI_FIELD_NUMBER

      public static final int REDIRECT_URI_FIELD_NUMBER
      See Also:

    • REDIRECT_PATH_MATCHER_FIELD_NUMBER

      public static final int REDIRECT_PATH_MATCHER_FIELD_NUMBER
      See Also:

    • SIGNOUT_PATH_FIELD_NUMBER

      public static final int SIGNOUT_PATH_FIELD_NUMBER
      See Also:

    • FORWARD_BEARER_TOKEN_FIELD_NUMBER

      public static final int FORWARD_BEARER_TOKEN_FIELD_NUMBER
      See Also:

    • PRESERVE_AUTHORIZATION_HEADER_FIELD_NUMBER

      public static final int PRESERVE_AUTHORIZATION_HEADER_FIELD_NUMBER
      See Also:

    • PASS_THROUGH_MATCHER_FIELD_NUMBER

      public static final int PASS_THROUGH_MATCHER_FIELD_NUMBER
      See Also:

    • AUTH_SCOPES_FIELD_NUMBER

      public static final int AUTH_SCOPES_FIELD_NUMBER
      See Also:

    • RESOURCES_FIELD_NUMBER

      public static final int RESOURCES_FIELD_NUMBER
      See Also:

    • AUTH_TYPE_FIELD_NUMBER

      public static final int AUTH_TYPE_FIELD_NUMBER
      See Also:

    • USE_REFRESH_TOKEN_FIELD_NUMBER

      public static final int USE_REFRESH_TOKEN_FIELD_NUMBER
      See Also:

    • DEFAULT_EXPIRES_IN_FIELD_NUMBER

      public static final int DEFAULT_EXPIRES_IN_FIELD_NUMBER
      See Also:

    • DENY_REDIRECT_MATCHER_FIELD_NUMBER

      public static final int DENY_REDIRECT_MATCHER_FIELD_NUMBER
      See Also:

    • DEFAULT_REFRESH_TOKEN_EXPIRES_IN_FIELD_NUMBER

      public static final int DEFAULT_REFRESH_TOKEN_EXPIRES_IN_FIELD_NUMBER
      See Also:

    • STAT_PREFIX_FIELD_NUMBER

      public static final int STAT_PREFIX_FIELD_NUMBER
      See Also:

    • CSRF_TOKEN_EXPIRES_IN_FIELD_NUMBER

      public static final int CSRF_TOKEN_EXPIRES_IN_FIELD_NUMBER
      See Also:

    • CODE_VERIFIER_TOKEN_EXPIRES_IN_FIELD_NUMBER

      public static final int CODE_VERIFIER_TOKEN_EXPIRES_IN_FIELD_NUMBER
      See Also:

    • DISABLE_TOKEN_ENCRYPTION_FIELD_NUMBER

      public static final int DISABLE_TOKEN_ENCRYPTION_FIELD_NUMBER
      See Also:

  • Method Details

    • newInstance

      protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
      Overrides:
      newInstance in class com.google.protobuf.GeneratedMessageV3

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

    • hasTokenEndpoint

      public boolean hasTokenEndpoint()
       Endpoint on the authorization server to retrieve the access token from.
      .envoy.config.core.v3.HttpUri token_endpoint = 1;
      Specified by:
      hasTokenEndpoint in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the tokenEndpoint field is set.

    • getTokenEndpoint

      public HttpUri getTokenEndpoint()
       Endpoint on the authorization server to retrieve the access token from.
      .envoy.config.core.v3.HttpUri token_endpoint = 1;
      Specified by:
      getTokenEndpoint in interface OAuth2ConfigOrBuilder
      Returns:
      The tokenEndpoint.

    • getTokenEndpointOrBuilder

      public HttpUriOrBuilder getTokenEndpointOrBuilder()
       Endpoint on the authorization server to retrieve the access token from.
      .envoy.config.core.v3.HttpUri token_endpoint = 1;
      Specified by:
      getTokenEndpointOrBuilder in interface OAuth2ConfigOrBuilder

    • hasRetryPolicy

      public boolean hasRetryPolicy()
       Specifies the retry policy for requests to the OAuth server. If not specified, then no retries will be performed.
      .envoy.config.core.v3.RetryPolicy retry_policy = 18;
      Specified by:
      hasRetryPolicy in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the retryPolicy field is set.

    • getRetryPolicy

      public RetryPolicy getRetryPolicy()
       Specifies the retry policy for requests to the OAuth server. If not specified, then no retries will be performed.
      .envoy.config.core.v3.RetryPolicy retry_policy = 18;
      Specified by:
      getRetryPolicy in interface OAuth2ConfigOrBuilder
      Returns:
      The retryPolicy.

    • getRetryPolicyOrBuilder

      public RetryPolicyOrBuilder getRetryPolicyOrBuilder()
       Specifies the retry policy for requests to the OAuth server. If not specified, then no retries will be performed.
      .envoy.config.core.v3.RetryPolicy retry_policy = 18;
      Specified by:
      getRetryPolicyOrBuilder in interface OAuth2ConfigOrBuilder

    • getAuthorizationEndpoint

      public String getAuthorizationEndpoint()
       The endpoint redirect to for authorization in response to unauthorized requests.
      string authorization_endpoint = 2 [(.validate.rules) = { ... }
      Specified by:
      getAuthorizationEndpoint in interface OAuth2ConfigOrBuilder
      Returns:
      The authorizationEndpoint.

    • getAuthorizationEndpointBytes

      public com.google.protobuf.ByteString getAuthorizationEndpointBytes()
       The endpoint redirect to for authorization in response to unauthorized requests.
      string authorization_endpoint = 2 [(.validate.rules) = { ... }
      Specified by:
      getAuthorizationEndpointBytes in interface OAuth2ConfigOrBuilder
      Returns:
      The bytes for authorizationEndpoint.

    • getEndSessionEndpoint

      public String getEndSessionEndpoint()
       The endpoint at the authorization server to request the user be logged out of the Authorization server.
 This field is optional and should be set only if openid is in the auth_scopes and the authorization server
 supports the OpenID Connect RP-Initiated Logout specification.
 For more information, see https://openid.net/specs/openid-connect-rpinitiated-1_0.html

 If configured, the OAuth2 filter will redirect users to this endpoint when they access the signout_path.
      string end_session_endpoint = 23;
      Specified by:
      getEndSessionEndpoint in interface OAuth2ConfigOrBuilder
      Returns:
      The endSessionEndpoint.

    • getEndSessionEndpointBytes

      public com.google.protobuf.ByteString getEndSessionEndpointBytes()
       The endpoint at the authorization server to request the user be logged out of the Authorization server.
 This field is optional and should be set only if openid is in the auth_scopes and the authorization server
 supports the OpenID Connect RP-Initiated Logout specification.
 For more information, see https://openid.net/specs/openid-connect-rpinitiated-1_0.html

 If configured, the OAuth2 filter will redirect users to this endpoint when they access the signout_path.
      string end_session_endpoint = 23;
      Specified by:
      getEndSessionEndpointBytes in interface OAuth2ConfigOrBuilder
      Returns:
      The bytes for endSessionEndpoint.

    • hasCredentials

      public boolean hasCredentials()
       Credentials used for OAuth.
      .envoy.extensions.filters.http.oauth2.v3.OAuth2Credentials credentials = 3 [(.validate.rules) = { ... }
      Specified by:
      hasCredentials in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the credentials field is set.

    • getCredentials

      public OAuth2Credentials getCredentials()
       Credentials used for OAuth.
      .envoy.extensions.filters.http.oauth2.v3.OAuth2Credentials credentials = 3 [(.validate.rules) = { ... }
      Specified by:
      getCredentials in interface OAuth2ConfigOrBuilder
      Returns:
      The credentials.

    • getCredentialsOrBuilder

      public OAuth2CredentialsOrBuilder getCredentialsOrBuilder()
       Credentials used for OAuth.
      .envoy.extensions.filters.http.oauth2.v3.OAuth2Credentials credentials = 3 [(.validate.rules) = { ... }
      Specified by:
      getCredentialsOrBuilder in interface OAuth2ConfigOrBuilder

    • getRedirectUri

      public String getRedirectUri()
       The redirect URI passed to the authorization endpoint. Supports header formatting
 tokens. For more information, including details on header value syntax, see the
 documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.

 This URI should not contain any query parameters.
      string redirect_uri = 4 [(.validate.rules) = { ... }
      Specified by:
      getRedirectUri in interface OAuth2ConfigOrBuilder
      Returns:
      The redirectUri.

    • getRedirectUriBytes

      public com.google.protobuf.ByteString getRedirectUriBytes()
       The redirect URI passed to the authorization endpoint. Supports header formatting
 tokens. For more information, including details on header value syntax, see the
 documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`.

 This URI should not contain any query parameters.
      string redirect_uri = 4 [(.validate.rules) = { ... }
      Specified by:
      getRedirectUriBytes in interface OAuth2ConfigOrBuilder
      Returns:
      The bytes for redirectUri.

    • hasRedirectPathMatcher

      public boolean hasRedirectPathMatcher()
       Matching criteria used to determine whether a path appears to be the result of a redirect from the authorization server.
      .envoy.type.matcher.v3.PathMatcher redirect_path_matcher = 5 [(.validate.rules) = { ... }
      Specified by:
      hasRedirectPathMatcher in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the redirectPathMatcher field is set.

    • getRedirectPathMatcher

      public PathMatcher getRedirectPathMatcher()
       Matching criteria used to determine whether a path appears to be the result of a redirect from the authorization server.
      .envoy.type.matcher.v3.PathMatcher redirect_path_matcher = 5 [(.validate.rules) = { ... }
      Specified by:
      getRedirectPathMatcher in interface OAuth2ConfigOrBuilder
      Returns:
      The redirectPathMatcher.

    • getRedirectPathMatcherOrBuilder

      public PathMatcherOrBuilder getRedirectPathMatcherOrBuilder()
       Matching criteria used to determine whether a path appears to be the result of a redirect from the authorization server.
      .envoy.type.matcher.v3.PathMatcher redirect_path_matcher = 5 [(.validate.rules) = { ... }
      Specified by:
      getRedirectPathMatcherOrBuilder in interface OAuth2ConfigOrBuilder

    • hasSignoutPath

      public boolean hasSignoutPath()
       The path to sign a user out, clearing their credential cookies.
      .envoy.type.matcher.v3.PathMatcher signout_path = 6 [(.validate.rules) = { ... }
      Specified by:
      hasSignoutPath in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the signoutPath field is set.

    • getSignoutPath

      public PathMatcher getSignoutPath()
       The path to sign a user out, clearing their credential cookies.
      .envoy.type.matcher.v3.PathMatcher signout_path = 6 [(.validate.rules) = { ... }
      Specified by:
      getSignoutPath in interface OAuth2ConfigOrBuilder
      Returns:
      The signoutPath.

    • getSignoutPathOrBuilder

      public PathMatcherOrBuilder getSignoutPathOrBuilder()
       The path to sign a user out, clearing their credential cookies.
      .envoy.type.matcher.v3.PathMatcher signout_path = 6 [(.validate.rules) = { ... }
      Specified by:
      getSignoutPathOrBuilder in interface OAuth2ConfigOrBuilder

    • getForwardBearerToken

      public boolean getForwardBearerToken()
       Forward the OAuth token as a Bearer to upstream web service.
      bool forward_bearer_token = 7;
      Specified by:
      getForwardBearerToken in interface OAuth2ConfigOrBuilder
      Returns:
      The forwardBearerToken.

    • getPreserveAuthorizationHeader

      public boolean getPreserveAuthorizationHeader()
       If set to true, preserve the existing authorization header.
 By default the client strips the existing authorization header before forwarding upstream.
 Can not be set to true if forward_bearer_token is already set to true.
 Default value is false.
      bool preserve_authorization_header = 16;
      Specified by:
      getPreserveAuthorizationHeader in interface OAuth2ConfigOrBuilder
      Returns:
      The preserveAuthorizationHeader.

    • getPassThroughMatcherList

      public List<HeaderMatcher> getPassThroughMatcherList()
       Any request that matches any of the provided matchers will be passed through without OAuth validation.
      repeated .envoy.config.route.v3.HeaderMatcher pass_through_matcher = 8;
      Specified by:
      getPassThroughMatcherList in interface OAuth2ConfigOrBuilder

    • getPassThroughMatcherOrBuilderList

      public List<? extends HeaderMatcherOrBuilder> getPassThroughMatcherOrBuilderList()
       Any request that matches any of the provided matchers will be passed through without OAuth validation.
      repeated .envoy.config.route.v3.HeaderMatcher pass_through_matcher = 8;
      Specified by:
      getPassThroughMatcherOrBuilderList in interface OAuth2ConfigOrBuilder

    • getPassThroughMatcherCount

      public int getPassThroughMatcherCount()
       Any request that matches any of the provided matchers will be passed through without OAuth validation.
      repeated .envoy.config.route.v3.HeaderMatcher pass_through_matcher = 8;
      Specified by:
      getPassThroughMatcherCount in interface OAuth2ConfigOrBuilder

    • getPassThroughMatcher

      public HeaderMatcher getPassThroughMatcher(int index)
       Any request that matches any of the provided matchers will be passed through without OAuth validation.
      repeated .envoy.config.route.v3.HeaderMatcher pass_through_matcher = 8;
      Specified by:
      getPassThroughMatcher in interface OAuth2ConfigOrBuilder

    • getPassThroughMatcherOrBuilder

      public HeaderMatcherOrBuilder getPassThroughMatcherOrBuilder(int index)
       Any request that matches any of the provided matchers will be passed through without OAuth validation.
      repeated .envoy.config.route.v3.HeaderMatcher pass_through_matcher = 8;
      Specified by:
      getPassThroughMatcherOrBuilder in interface OAuth2ConfigOrBuilder

    • getAuthScopesList

      public com.google.protobuf.ProtocolStringList getAuthScopesList()
       Optional list of OAuth scopes to be claimed in the authorization request. If not specified,
 defaults to "user" scope.
 OAuth RFC https://tools.ietf.org/html/rfc6749#section-3.3
      repeated string auth_scopes = 9;
      Specified by:
      getAuthScopesList in interface OAuth2ConfigOrBuilder
      Returns:
      A list containing the authScopes.

    • getAuthScopesCount

      public int getAuthScopesCount()
       Optional list of OAuth scopes to be claimed in the authorization request. If not specified,
 defaults to "user" scope.
 OAuth RFC https://tools.ietf.org/html/rfc6749#section-3.3
      repeated string auth_scopes = 9;
      Specified by:
      getAuthScopesCount in interface OAuth2ConfigOrBuilder
      Returns:
      The count of authScopes.

    • getAuthScopes

      public String getAuthScopes(int index)
       Optional list of OAuth scopes to be claimed in the authorization request. If not specified,
 defaults to "user" scope.
 OAuth RFC https://tools.ietf.org/html/rfc6749#section-3.3
      repeated string auth_scopes = 9;
      Specified by:
      getAuthScopes in interface OAuth2ConfigOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The authScopes at the given index.

    • getAuthScopesBytes

      public com.google.protobuf.ByteString getAuthScopesBytes(int index)
       Optional list of OAuth scopes to be claimed in the authorization request. If not specified,
 defaults to "user" scope.
 OAuth RFC https://tools.ietf.org/html/rfc6749#section-3.3
      repeated string auth_scopes = 9;
      Specified by:
      getAuthScopesBytes in interface OAuth2ConfigOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the authScopes at the given index.

    • getResourcesList

      public com.google.protobuf.ProtocolStringList getResourcesList()
       Optional resource parameter for authorization request
 RFC: https://tools.ietf.org/html/rfc8707
      repeated string resources = 10;
      Specified by:
      getResourcesList in interface OAuth2ConfigOrBuilder
      Returns:
      A list containing the resources.

    • getResourcesCount

      public int getResourcesCount()
       Optional resource parameter for authorization request
 RFC: https://tools.ietf.org/html/rfc8707
      repeated string resources = 10;
      Specified by:
      getResourcesCount in interface OAuth2ConfigOrBuilder
      Returns:
      The count of resources.

    • getResources

      public String getResources(int index)
       Optional resource parameter for authorization request
 RFC: https://tools.ietf.org/html/rfc8707
      repeated string resources = 10;
      Specified by:
      getResources in interface OAuth2ConfigOrBuilder
      Parameters:
      index - The index of the element to return.
      Returns:
      The resources at the given index.

    • getResourcesBytes

      public com.google.protobuf.ByteString getResourcesBytes(int index)
       Optional resource parameter for authorization request
 RFC: https://tools.ietf.org/html/rfc8707
      repeated string resources = 10;
      Specified by:
      getResourcesBytes in interface OAuth2ConfigOrBuilder
      Parameters:
      index - The index of the value to return.
      Returns:
      The bytes of the resources at the given index.

    • getAuthTypeValue

      public int getAuthTypeValue()
       Defines how ``client_id`` and ``client_secret`` are sent in OAuth client to OAuth server requests.
 RFC https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
      .envoy.extensions.filters.http.oauth2.v3.OAuth2Config.AuthType auth_type = 11 [(.validate.rules) = { ... }
      Specified by:
      getAuthTypeValue in interface OAuth2ConfigOrBuilder
      Returns:
      The enum numeric value on the wire for authType.

    • getAuthType

      public OAuth2Config.AuthType getAuthType()
       Defines how ``client_id`` and ``client_secret`` are sent in OAuth client to OAuth server requests.
 RFC https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
      .envoy.extensions.filters.http.oauth2.v3.OAuth2Config.AuthType auth_type = 11 [(.validate.rules) = { ... }
      Specified by:
      getAuthType in interface OAuth2ConfigOrBuilder
      Returns:
      The authType.

    • hasUseRefreshToken

      public boolean hasUseRefreshToken()
       If set to true, allows automatic access token refresh using the associated refresh token (see
 `RFC 6749 section 6 <https://datatracker.ietf.org/doc/html/rfc6749#section-6>`_), provided that the OAuth server supports that.
 Default value is true.
      .google.protobuf.BoolValue use_refresh_token = 12;
      Specified by:
      hasUseRefreshToken in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the useRefreshToken field is set.

    • getUseRefreshToken

      public com.google.protobuf.BoolValue getUseRefreshToken()
       If set to true, allows automatic access token refresh using the associated refresh token (see
 `RFC 6749 section 6 <https://datatracker.ietf.org/doc/html/rfc6749#section-6>`_), provided that the OAuth server supports that.
 Default value is true.
      .google.protobuf.BoolValue use_refresh_token = 12;
      Specified by:
      getUseRefreshToken in interface OAuth2ConfigOrBuilder
      Returns:
      The useRefreshToken.

    • getUseRefreshTokenOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getUseRefreshTokenOrBuilder()
       If set to true, allows automatic access token refresh using the associated refresh token (see
 `RFC 6749 section 6 <https://datatracker.ietf.org/doc/html/rfc6749#section-6>`_), provided that the OAuth server supports that.
 Default value is true.
      .google.protobuf.BoolValue use_refresh_token = 12;
      Specified by:
      getUseRefreshTokenOrBuilder in interface OAuth2ConfigOrBuilder

    • hasDefaultExpiresIn

      public boolean hasDefaultExpiresIn()
       The default lifetime in seconds of the access token, if omitted by the authorization server.

 If this value is not set, it will default to ``0s``. In this case, the expiry must be set by
 the authorization server or the OAuth flow will fail.
      .google.protobuf.Duration default_expires_in = 13;
      Specified by:
      hasDefaultExpiresIn in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the defaultExpiresIn field is set.

    • getDefaultExpiresIn

      public com.google.protobuf.Duration getDefaultExpiresIn()
       The default lifetime in seconds of the access token, if omitted by the authorization server.

 If this value is not set, it will default to ``0s``. In this case, the expiry must be set by
 the authorization server or the OAuth flow will fail.
      .google.protobuf.Duration default_expires_in = 13;
      Specified by:
      getDefaultExpiresIn in interface OAuth2ConfigOrBuilder
      Returns:
      The defaultExpiresIn.

    • getDefaultExpiresInOrBuilder

      public com.google.protobuf.DurationOrBuilder getDefaultExpiresInOrBuilder()
       The default lifetime in seconds of the access token, if omitted by the authorization server.

 If this value is not set, it will default to ``0s``. In this case, the expiry must be set by
 the authorization server or the OAuth flow will fail.
      .google.protobuf.Duration default_expires_in = 13;
      Specified by:
      getDefaultExpiresInOrBuilder in interface OAuth2ConfigOrBuilder

    • getDenyRedirectMatcherList

      public List<HeaderMatcher> getDenyRedirectMatcherList()
       Any request that matches any of the provided matchers won't be redirected to OAuth server when tokens are not valid.
 Automatic access token refresh will be performed for these requests, if enabled.
 This behavior can be useful for AJAX requests.
      repeated .envoy.config.route.v3.HeaderMatcher deny_redirect_matcher = 14;
      Specified by:
      getDenyRedirectMatcherList in interface OAuth2ConfigOrBuilder

    • getDenyRedirectMatcherOrBuilderList

      public List<? extends HeaderMatcherOrBuilder> getDenyRedirectMatcherOrBuilderList()
       Any request that matches any of the provided matchers won't be redirected to OAuth server when tokens are not valid.
 Automatic access token refresh will be performed for these requests, if enabled.
 This behavior can be useful for AJAX requests.
      repeated .envoy.config.route.v3.HeaderMatcher deny_redirect_matcher = 14;
      Specified by:
      getDenyRedirectMatcherOrBuilderList in interface OAuth2ConfigOrBuilder

    • getDenyRedirectMatcherCount

      public int getDenyRedirectMatcherCount()
       Any request that matches any of the provided matchers won't be redirected to OAuth server when tokens are not valid.
 Automatic access token refresh will be performed for these requests, if enabled.
 This behavior can be useful for AJAX requests.
      repeated .envoy.config.route.v3.HeaderMatcher deny_redirect_matcher = 14;
      Specified by:
      getDenyRedirectMatcherCount in interface OAuth2ConfigOrBuilder

    • getDenyRedirectMatcher

      public HeaderMatcher getDenyRedirectMatcher(int index)
       Any request that matches any of the provided matchers won't be redirected to OAuth server when tokens are not valid.
 Automatic access token refresh will be performed for these requests, if enabled.
 This behavior can be useful for AJAX requests.
      repeated .envoy.config.route.v3.HeaderMatcher deny_redirect_matcher = 14;
      Specified by:
      getDenyRedirectMatcher in interface OAuth2ConfigOrBuilder

    • getDenyRedirectMatcherOrBuilder

      public HeaderMatcherOrBuilder getDenyRedirectMatcherOrBuilder(int index)
       Any request that matches any of the provided matchers won't be redirected to OAuth server when tokens are not valid.
 Automatic access token refresh will be performed for these requests, if enabled.
 This behavior can be useful for AJAX requests.
      repeated .envoy.config.route.v3.HeaderMatcher deny_redirect_matcher = 14;
      Specified by:
      getDenyRedirectMatcherOrBuilder in interface OAuth2ConfigOrBuilder

    • hasDefaultRefreshTokenExpiresIn

      public boolean hasDefaultRefreshTokenExpiresIn()
       The default lifetime in seconds of the refresh token, if the exp (expiration time) claim is omitted in the refresh token or the refresh token is not JWT.

 If this value is not set, it will default to ``604800s``. In this case, the cookie with the refresh token will be expired
 in a week.
 This setting is only considered if ``use_refresh_token`` is set to true, otherwise the authorization server expiration or ``default_expires_in`` is used.
      .google.protobuf.Duration default_refresh_token_expires_in = 15;
      Specified by:
      hasDefaultRefreshTokenExpiresIn in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the defaultRefreshTokenExpiresIn field is set.

    • getDefaultRefreshTokenExpiresIn

      public com.google.protobuf.Duration getDefaultRefreshTokenExpiresIn()
       The default lifetime in seconds of the refresh token, if the exp (expiration time) claim is omitted in the refresh token or the refresh token is not JWT.

 If this value is not set, it will default to ``604800s``. In this case, the cookie with the refresh token will be expired
 in a week.
 This setting is only considered if ``use_refresh_token`` is set to true, otherwise the authorization server expiration or ``default_expires_in`` is used.
      .google.protobuf.Duration default_refresh_token_expires_in = 15;
      Specified by:
      getDefaultRefreshTokenExpiresIn in interface OAuth2ConfigOrBuilder
      Returns:
      The defaultRefreshTokenExpiresIn.

    • getDefaultRefreshTokenExpiresInOrBuilder

      public com.google.protobuf.DurationOrBuilder getDefaultRefreshTokenExpiresInOrBuilder()
       The default lifetime in seconds of the refresh token, if the exp (expiration time) claim is omitted in the refresh token or the refresh token is not JWT.

 If this value is not set, it will default to ``604800s``. In this case, the cookie with the refresh token will be expired
 in a week.
 This setting is only considered if ``use_refresh_token`` is set to true, otherwise the authorization server expiration or ``default_expires_in`` is used.
      .google.protobuf.Duration default_refresh_token_expires_in = 15;
      Specified by:
      getDefaultRefreshTokenExpiresInOrBuilder in interface OAuth2ConfigOrBuilder

    • getDisableIdTokenSetCookie

      public boolean getDisableIdTokenSetCookie()
       If set to true, the client will not set a cookie for ID Token even if one is received from the Identity Provider. This may be useful in cases where the ID
 Token is too large for HTTP cookies (longer than 4096 characters). Enabling this option will only disable setting the cookie response header, the filter
 will still process incoming ID Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
 sessions would not set the IdToken cookie header.
      bool disable_id_token_set_cookie = 17;
      Specified by:
      getDisableIdTokenSetCookie in interface OAuth2ConfigOrBuilder
      Returns:
      The disableIdTokenSetCookie.

    • getDisableAccessTokenSetCookie

      public boolean getDisableAccessTokenSetCookie()
       If set to true, the client will not set a cookie for Access Token even if one is received from the Identity Provider.
 Enabling this option will only disable setting the cookie response header, the filter
 will still process incoming Access Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
 sessions would not set the Access Token cookie header.
      bool disable_access_token_set_cookie = 19;
      Specified by:
      getDisableAccessTokenSetCookie in interface OAuth2ConfigOrBuilder
      Returns:
      The disableAccessTokenSetCookie.

    • getDisableRefreshTokenSetCookie

      public boolean getDisableRefreshTokenSetCookie()
       If set to true, the client will not set a cookie for Refresh Token even if one is received from the Identity Provider.
 Enabling this option will only disable setting the cookie response header, the filter
 will still process incoming Refresh Tokens as part of the HMAC if they are there. This is to ensure compatibility while switching this setting on. Future
 sessions would not set the Refresh Token cookie header.
      bool disable_refresh_token_set_cookie = 20;
      Specified by:
      getDisableRefreshTokenSetCookie in interface OAuth2ConfigOrBuilder
      Returns:
      The disableRefreshTokenSetCookie.

    • hasCookieConfigs

      public boolean hasCookieConfigs()
       Controls for attributes that can be set on the cookies.
      .envoy.extensions.filters.http.oauth2.v3.CookieConfigs cookie_configs = 21;
      Specified by:
      hasCookieConfigs in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the cookieConfigs field is set.

    • getCookieConfigs

      public CookieConfigs getCookieConfigs()
       Controls for attributes that can be set on the cookies.
      .envoy.extensions.filters.http.oauth2.v3.CookieConfigs cookie_configs = 21;
      Specified by:
      getCookieConfigs in interface OAuth2ConfigOrBuilder
      Returns:
      The cookieConfigs.

    • getCookieConfigsOrBuilder

      public CookieConfigsOrBuilder getCookieConfigsOrBuilder()
       Controls for attributes that can be set on the cookies.
      .envoy.extensions.filters.http.oauth2.v3.CookieConfigs cookie_configs = 21;
      Specified by:
      getCookieConfigsOrBuilder in interface OAuth2ConfigOrBuilder

    • getStatPrefix

      public String getStatPrefix()
       Optional additional prefix to use when emitting statistics.
      string stat_prefix = 22;
      Specified by:
      getStatPrefix in interface OAuth2ConfigOrBuilder
      Returns:
      The statPrefix.

    • getStatPrefixBytes

      public com.google.protobuf.ByteString getStatPrefixBytes()
       Optional additional prefix to use when emitting statistics.
      string stat_prefix = 22;
      Specified by:
      getStatPrefixBytes in interface OAuth2ConfigOrBuilder
      Returns:
      The bytes for statPrefix.

    • hasCsrfTokenExpiresIn

      public boolean hasCsrfTokenExpiresIn()
       Optional expiration time for the CSRF protection token cookie.
 The CSRF token prevents cross-site request forgery attacks during the OAuth2 flow.
 If not specified, defaults to ``600s`` (10 minutes), which should provide sufficient time
 for users to complete the OAuth2 authorization flow.
      .google.protobuf.Duration csrf_token_expires_in = 24;
      Specified by:
      hasCsrfTokenExpiresIn in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the csrfTokenExpiresIn field is set.

    • getCsrfTokenExpiresIn

      public com.google.protobuf.Duration getCsrfTokenExpiresIn()
       Optional expiration time for the CSRF protection token cookie.
 The CSRF token prevents cross-site request forgery attacks during the OAuth2 flow.
 If not specified, defaults to ``600s`` (10 minutes), which should provide sufficient time
 for users to complete the OAuth2 authorization flow.
      .google.protobuf.Duration csrf_token_expires_in = 24;
      Specified by:
      getCsrfTokenExpiresIn in interface OAuth2ConfigOrBuilder
      Returns:
      The csrfTokenExpiresIn.

    • getCsrfTokenExpiresInOrBuilder

      public com.google.protobuf.DurationOrBuilder getCsrfTokenExpiresInOrBuilder()
       Optional expiration time for the CSRF protection token cookie.
 The CSRF token prevents cross-site request forgery attacks during the OAuth2 flow.
 If not specified, defaults to ``600s`` (10 minutes), which should provide sufficient time
 for users to complete the OAuth2 authorization flow.
      .google.protobuf.Duration csrf_token_expires_in = 24;
      Specified by:
      getCsrfTokenExpiresInOrBuilder in interface OAuth2ConfigOrBuilder

    • hasCodeVerifierTokenExpiresIn

      public boolean hasCodeVerifierTokenExpiresIn()
       Optional expiration time for the code verifier cookie.
 The code verifier is stored in a secure, HTTP-only cookie during the OAuth2 authorization process.
 If not specified, defaults to ``600s`` (10 minutes), which should provide sufficient time
 for users to complete the OAuth2 authorization flow.
      .google.protobuf.Duration code_verifier_token_expires_in = 25;
      Specified by:
      hasCodeVerifierTokenExpiresIn in interface OAuth2ConfigOrBuilder
      Returns:
      Whether the codeVerifierTokenExpiresIn field is set.

    • getCodeVerifierTokenExpiresIn

      public com.google.protobuf.Duration getCodeVerifierTokenExpiresIn()
       Optional expiration time for the code verifier cookie.
 The code verifier is stored in a secure, HTTP-only cookie during the OAuth2 authorization process.
 If not specified, defaults to ``600s`` (10 minutes), which should provide sufficient time
 for users to complete the OAuth2 authorization flow.
      .google.protobuf.Duration code_verifier_token_expires_in = 25;
      Specified by:
      getCodeVerifierTokenExpiresIn in interface OAuth2ConfigOrBuilder
      Returns:
      The codeVerifierTokenExpiresIn.

    • getCodeVerifierTokenExpiresInOrBuilder

      public com.google.protobuf.DurationOrBuilder getCodeVerifierTokenExpiresInOrBuilder()
       Optional expiration time for the code verifier cookie.
 The code verifier is stored in a secure, HTTP-only cookie during the OAuth2 authorization process.
 If not specified, defaults to ``600s`` (10 minutes), which should provide sufficient time
 for users to complete the OAuth2 authorization flow.
      .google.protobuf.Duration code_verifier_token_expires_in = 25;
      Specified by:
      getCodeVerifierTokenExpiresInOrBuilder in interface OAuth2ConfigOrBuilder

    • getDisableTokenEncryption

      public boolean getDisableTokenEncryption()
       Disable token encryption. When set to true, both the access token and the ID token will be stored in plain text.
 This option should only be used in secure environments where token encryption is not required.
 Default is false (tokens are encrypted).
      bool disable_token_encryption = 26;
      Specified by:
      getDisableTokenEncryption in interface OAuth2ConfigOrBuilder
      Returns:
      The disableTokenEncryption.

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessageV3

    • writeTo

      public void writeTo(com.google.protobuf.CodedOutputStream output) throws IOException
      Specified by:
      writeTo in interface com.google.protobuf.MessageLite
      Overrides:
      writeTo in class com.google.protobuf.GeneratedMessageV3
      Throws:
      IOException

    • getSerializedSize

      public int getSerializedSize()
      Specified by:
      getSerializedSize in interface com.google.protobuf.MessageLite
      Overrides:
      getSerializedSize in class com.google.protobuf.GeneratedMessageV3

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface com.google.protobuf.Message
      Overrides:
      equals in class com.google.protobuf.AbstractMessage

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface com.google.protobuf.Message
      Overrides:
      hashCode in class com.google.protobuf.AbstractMessage

    • parseFrom

      public static OAuth2Config parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static OAuth2Config parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static OAuth2Config parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static OAuth2Config parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static OAuth2Config parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static OAuth2Config parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static OAuth2Config parseFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static OAuth2Config parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static OAuth2Config parseDelimitedFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static OAuth2Config parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseFrom

      public static OAuth2Config parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static OAuth2Config parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • newBuilderForType

      public OAuth2Config.Builder newBuilderForType()
      Specified by:
      newBuilderForType in interface com.google.protobuf.Message
      Specified by:
      newBuilderForType in interface com.google.protobuf.MessageLite

    • newBuilder

      public static OAuth2Config.Builder newBuilder()

    • newBuilder

      public static OAuth2Config.Builder newBuilder(OAuth2Config prototype)

    • toBuilder

      public OAuth2Config.Builder toBuilder()
      Specified by:
      toBuilder in interface com.google.protobuf.Message
      Specified by:
      toBuilder in interface com.google.protobuf.MessageLite

    • newBuilderForType

      protected OAuth2Config.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
      Specified by:
      newBuilderForType in class com.google.protobuf.GeneratedMessageV3

    • getDefaultInstance

      public static OAuth2Config getDefaultInstance()

    • parser

      public static com.google.protobuf.Parser<OAuth2Config> parser()

    • getParserForType

      public com.google.protobuf.Parser<OAuth2Config> getParserForType()
      Specified by:
      getParserForType in interface com.google.protobuf.Message
      Specified by:
      getParserForType in interface com.google.protobuf.MessageLite
      Overrides:
      getParserForType in class com.google.protobuf.GeneratedMessageV3

    • getDefaultInstanceForType

      public OAuth2Config getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder