Package io.envoyproxy.envoy.config.filter.http.jwt_authn.v2alpha

Class JwtProvider.Builder

  • All Implemented Interfaces:
    com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, JwtProviderOrBuilder, Cloneable
    Enclosing class:
    JwtProvider
    public static final class JwtProvider.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>
implements JwtProviderOrBuilder
     Please see following for JWT authentication flow:
 * `JSON Web Token (JWT) <https://tools.ietf.org/html/rfc7519>`_
 * `The OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_
 * `OpenID Connect <http://openid.net/connect>`_
 A JwtProvider message specifies how a JSON Web Token (JWT) can be verified. It specifies:
 * issuer: the principal that issues the JWT. It has to match the one from the token.
 * allowed audiences: the ones in the token have to be listed here.
 * how to fetch public key JWKS to verify the token signature.
 * how to extract JWT token in the request.
 * how to pass successfully verified token payload.
 Example:
 .. code-block:: yaml
     issuer: https://example.com
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
     remote_jwks:
       http_uri:
         uri: https://example.com/.well-known/jwks.json
         cluster: example_jwks_cluster
       cache_duration:
         seconds: 300
 [#next-free-field: 10]
    Protobuf type envoy.config.filter.http.jwt_authn.v2alpha.JwtProvider

    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • clear

        public JwtProvider.Builder clear()
        Specified by:
        clear in interface com.google.protobuf.Message.Builder
        Specified by:
        clear in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clear in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.Message.Builder
        Specified by:
        getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • getDefaultInstanceForType

        public JwtProvider getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

      • build

        public JwtProvider build()
        Specified by:
        build in interface com.google.protobuf.Message.Builder
        Specified by:
        build in interface com.google.protobuf.MessageLite.Builder

      • buildPartial

        public JwtProvider buildPartial()
        Specified by:
        buildPartial in interface com.google.protobuf.Message.Builder
        Specified by:
        buildPartial in interface com.google.protobuf.MessageLite.Builder

      • clone

        public JwtProvider.Builder clone()
        Specified by:
        clone in interface com.google.protobuf.Message.Builder
        Specified by:
        clone in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clone in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • setField

        public JwtProvider.Builder setField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                    Object value)
        Specified by:
        setField in interface com.google.protobuf.Message.Builder
        Overrides:
        setField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • clearField

        public JwtProvider.Builder clearField​(com.google.protobuf.Descriptors.FieldDescriptor field)
        Specified by:
        clearField in interface com.google.protobuf.Message.Builder
        Overrides:
        clearField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • clearOneof

        public JwtProvider.Builder clearOneof​(com.google.protobuf.Descriptors.OneofDescriptor oneof)
        Specified by:
        clearOneof in interface com.google.protobuf.Message.Builder
        Overrides:
        clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • setRepeatedField

        public JwtProvider.Builder setRepeatedField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                            int index,
                                            Object value)
        Specified by:
        setRepeatedField in interface com.google.protobuf.Message.Builder
        Overrides:
        setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • addRepeatedField

        public JwtProvider.Builder addRepeatedField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                            Object value)
        Specified by:
        addRepeatedField in interface com.google.protobuf.Message.Builder
        Overrides:
        addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • mergeFrom

        public JwtProvider.Builder mergeFrom​(com.google.protobuf.Message other)
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<JwtProvider.Builder>

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • mergeFrom

        public JwtProvider.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                              throws IOException
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Specified by:
        mergeFrom in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<JwtProvider.Builder>
        Throws:
        IOException

      • getIssuer

        public String getIssuer()
         Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
        string issuer = 1 [(.validate.rules) = { ... }
        Specified by:
        getIssuer in interface JwtProviderOrBuilder
        Returns:
        The issuer.

      • getIssuerBytes

        public com.google.protobuf.ByteString getIssuerBytes()
         Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
        string issuer = 1 [(.validate.rules) = { ... }
        Specified by:
        getIssuerBytes in interface JwtProviderOrBuilder
        Returns:
        The bytes for issuer.

      • setIssuer

        public JwtProvider.Builder setIssuer​(String value)
         Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
        string issuer = 1 [(.validate.rules) = { ... }
        Parameters:
        value - The issuer to set.
        Returns:
        This builder for chaining.

      • clearIssuer

        public JwtProvider.Builder clearIssuer()
         Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
        string issuer = 1 [(.validate.rules) = { ... }
        Returns:
        This builder for chaining.

      • setIssuerBytes

        public JwtProvider.Builder setIssuerBytes​(com.google.protobuf.ByteString value)
         Specify the `principal <https://tools.ietf.org/html/rfc7519#section-4.1.1>`_ that issued
 the JWT, usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
        string issuer = 1 [(.validate.rules) = { ... }
        Parameters:
        value - The bytes for issuer to set.
        Returns:
        This builder for chaining.

      • getAudiencesList

        public com.google.protobuf.ProtocolStringList getAudiencesList()
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Specified by:
        getAudiencesList in interface JwtProviderOrBuilder
        Returns:
        A list containing the audiences.

      • getAudiencesCount

        public int getAudiencesCount()
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Specified by:
        getAudiencesCount in interface JwtProviderOrBuilder
        Returns:
        The count of audiences.

      • getAudiences

        public String getAudiences​(int index)
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Specified by:
        getAudiences in interface JwtProviderOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The audiences at the given index.

      • getAudiencesBytes

        public com.google.protobuf.ByteString getAudiencesBytes​(int index)
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Specified by:
        getAudiencesBytes in interface JwtProviderOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the audiences at the given index.

      • setAudiences

        public JwtProvider.Builder setAudiences​(int index,
                                        String value)
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Parameters:
        index - The index to set the value at.
        value - The audiences to set.
        Returns:
        This builder for chaining.

      • addAudiences

        public JwtProvider.Builder addAudiences​(String value)
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Parameters:
        value - The audiences to add.
        Returns:
        This builder for chaining.

      • addAllAudiences

        public JwtProvider.Builder addAllAudiences​(Iterable<String> values)
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Parameters:
        values - The audiences to add.
        Returns:
        This builder for chaining.

      • clearAudiences

        public JwtProvider.Builder clearAudiences()
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Returns:
        This builder for chaining.

      • addAudiencesBytes

        public JwtProvider.Builder addAudiencesBytes​(com.google.protobuf.ByteString value)
         The list of JWT `audiences <https://tools.ietf.org/html/rfc7519#section-4.1.3>`_ are
 allowed to access. A JWT containing any of these audiences will be accepted. If not specified,
 will not check audiences in the token.
 Example:
 .. code-block:: yaml
     audiences:
     - bookstore_android.apps.googleusercontent.com
     - bookstore_web.apps.googleusercontent.com
        repeated string audiences = 2;
        Parameters:
        value - The bytes of the audiences to add.
        Returns:
        This builder for chaining.

      • hasRemoteJwks

        public boolean hasRemoteJwks()
         JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
        .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;
        Specified by:
        hasRemoteJwks in interface JwtProviderOrBuilder
        Returns:
        Whether the remoteJwks field is set.

      • getRemoteJwks

        public RemoteJwks getRemoteJwks()
         JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
        .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;
        Specified by:
        getRemoteJwks in interface JwtProviderOrBuilder
        Returns:
        The remoteJwks.

      • setRemoteJwks

        public JwtProvider.Builder setRemoteJwks​(RemoteJwks value)
         JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
        .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

      • setRemoteJwks

        public JwtProvider.Builder setRemoteJwks​(RemoteJwks.Builder builderForValue)
         JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
        .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

      • mergeRemoteJwks

        public JwtProvider.Builder mergeRemoteJwks​(RemoteJwks value)
         JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
        .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

      • clearRemoteJwks

        public JwtProvider.Builder clearRemoteJwks()
         JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
        .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

      • getRemoteJwksBuilder

        public RemoteJwks.Builder getRemoteJwksBuilder()
         JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
        .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;

      • getRemoteJwksOrBuilder

        public RemoteJwksOrBuilder getRemoteJwksOrBuilder()
         JWKS can be fetched from remote server via HTTP/HTTPS. This field specifies the remote HTTP
 URI and how the fetched JWKS should be cached.
 Example:
 .. code-block:: yaml
    remote_jwks:
      http_uri:
        uri: https://www.googleapis.com/oauth2/v1/certs
        cluster: jwt.www.googleapis.com|443
      cache_duration:
        seconds: 300
        .envoy.config.filter.http.jwt_authn.v2alpha.RemoteJwks remote_jwks = 3;
        Specified by:
        getRemoteJwksOrBuilder in interface JwtProviderOrBuilder

      • hasLocalJwks

        public boolean hasLocalJwks()
         JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: ACADADADADA
        .envoy.api.v2.core.DataSource local_jwks = 4;
        Specified by:
        hasLocalJwks in interface JwtProviderOrBuilder
        Returns:
        Whether the localJwks field is set.

      • getLocalJwks

        public DataSource getLocalJwks()
         JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: ACADADADADA
        .envoy.api.v2.core.DataSource local_jwks = 4;
        Specified by:
        getLocalJwks in interface JwtProviderOrBuilder
        Returns:
        The localJwks.

      • setLocalJwks

        public JwtProvider.Builder setLocalJwks​(DataSource value)
         JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: ACADADADADA
        .envoy.api.v2.core.DataSource local_jwks = 4;

      • setLocalJwks

        public JwtProvider.Builder setLocalJwks​(DataSource.Builder builderForValue)
         JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: ACADADADADA
        .envoy.api.v2.core.DataSource local_jwks = 4;

      • mergeLocalJwks

        public JwtProvider.Builder mergeLocalJwks​(DataSource value)
         JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: ACADADADADA
        .envoy.api.v2.core.DataSource local_jwks = 4;

      • clearLocalJwks

        public JwtProvider.Builder clearLocalJwks()
         JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: ACADADADADA
        .envoy.api.v2.core.DataSource local_jwks = 4;

      • getLocalJwksBuilder

        public DataSource.Builder getLocalJwksBuilder()
         JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: ACADADADADA
        .envoy.api.v2.core.DataSource local_jwks = 4;

      • getLocalJwksOrBuilder

        public DataSourceOrBuilder getLocalJwksOrBuilder()
         JWKS is in local data source. It could be either in a local file or embedded in the
 inline_string.
 Example: local file
 .. code-block:: yaml
    local_jwks:
      filename: /etc/envoy/jwks/jwks1.txt
 Example: inline_string
 .. code-block:: yaml
    local_jwks:
      inline_string: ACADADADADA
        .envoy.api.v2.core.DataSource local_jwks = 4;
        Specified by:
        getLocalJwksOrBuilder in interface JwtProviderOrBuilder

      • getForward

        public boolean getForward()
         If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.
        bool forward = 5;
        Specified by:
        getForward in interface JwtProviderOrBuilder
        Returns:
        The forward.

      • setForward

        public JwtProvider.Builder setForward​(boolean value)
         If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.
        bool forward = 5;
        Parameters:
        value - The forward to set.
        Returns:
        This builder for chaining.

      • clearForward

        public JwtProvider.Builder clearForward()
         If false, the JWT is removed in the request after a success verification. If true, the JWT is
 not removed in the request. Default value is false.
        bool forward = 5;
        Returns:
        This builder for chaining.

      • getFromHeadersList

        public List<JwtHeader> getFromHeadersList()
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
        Specified by:
        getFromHeadersList in interface JwtProviderOrBuilder

      • getFromHeadersCount

        public int getFromHeadersCount()
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
        Specified by:
        getFromHeadersCount in interface JwtProviderOrBuilder

      • getFromHeaders

        public JwtHeader getFromHeaders​(int index)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
        Specified by:
        getFromHeaders in interface JwtProviderOrBuilder

      • setFromHeaders

        public JwtProvider.Builder setFromHeaders​(int index,
                                          JwtHeader value)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • setFromHeaders

        public JwtProvider.Builder setFromHeaders​(int index,
                                          JwtHeader.Builder builderForValue)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • addFromHeaders

        public JwtProvider.Builder addFromHeaders​(JwtHeader value)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • addFromHeaders

        public JwtProvider.Builder addFromHeaders​(int index,
                                          JwtHeader value)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • addFromHeaders

        public JwtProvider.Builder addFromHeaders​(JwtHeader.Builder builderForValue)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • addFromHeaders

        public JwtProvider.Builder addFromHeaders​(int index,
                                          JwtHeader.Builder builderForValue)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • addAllFromHeaders

        public JwtProvider.Builder addAllFromHeaders​(Iterable<? extends JwtHeader> values)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • clearFromHeaders

        public JwtProvider.Builder clearFromHeaders()
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • removeFromHeaders

        public JwtProvider.Builder removeFromHeaders​(int index)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • getFromHeadersBuilder

        public JwtHeader.Builder getFromHeadersBuilder​(int index)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • getFromHeadersOrBuilder

        public JwtHeaderOrBuilder getFromHeadersOrBuilder​(int index)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
        Specified by:
        getFromHeadersOrBuilder in interface JwtProviderOrBuilder

      • getFromHeadersOrBuilderList

        public List<? extends JwtHeaderOrBuilder> getFromHeadersOrBuilderList()
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;
        Specified by:
        getFromHeadersOrBuilderList in interface JwtProviderOrBuilder

      • addFromHeadersBuilder

        public JwtHeader.Builder addFromHeadersBuilder()
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • addFromHeadersBuilder

        public JwtHeader.Builder addFromHeadersBuilder​(int index)
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • getFromHeadersBuilderList

        public List<JwtHeader.Builder> getFromHeadersBuilderList()
         Two fields below define where to extract the JWT from an HTTP request.
 If no explicit location is specified, the following default locations are tried in order:
 1. The Authorization header using the `Bearer schema
 <https://tools.ietf.org/html/rfc6750#section-2.1>`_. Example::
    Authorization: Bearer <token>.
 2. `access_token <https://tools.ietf.org/html/rfc6750#section-2.3>`_ query parameter.
 Multiple JWTs can be verified for a request. Each JWT has to be extracted from the locations
 its provider specified or from the default locations.
 Specify the HTTP headers to extract JWT token. For examples, following config:
 .. code-block:: yaml
   from_headers:
   - name: x-goog-iap-jwt-assertion
 can be used to extract token from header::
   ``x-goog-iap-jwt-assertion: <JWT>``.
        repeated .envoy.config.filter.http.jwt_authn.v2alpha.JwtHeader from_headers = 6;

      • getFromParamsList

        public com.google.protobuf.ProtocolStringList getFromParamsList()
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Specified by:
        getFromParamsList in interface JwtProviderOrBuilder
        Returns:
        A list containing the fromParams.

      • getFromParamsCount

        public int getFromParamsCount()
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Specified by:
        getFromParamsCount in interface JwtProviderOrBuilder
        Returns:
        The count of fromParams.

      • getFromParams

        public String getFromParams​(int index)
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Specified by:
        getFromParams in interface JwtProviderOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The fromParams at the given index.

      • getFromParamsBytes

        public com.google.protobuf.ByteString getFromParamsBytes​(int index)
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Specified by:
        getFromParamsBytes in interface JwtProviderOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the fromParams at the given index.

      • setFromParams

        public JwtProvider.Builder setFromParams​(int index,
                                         String value)
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Parameters:
        index - The index to set the value at.
        value - The fromParams to set.
        Returns:
        This builder for chaining.

      • addFromParams

        public JwtProvider.Builder addFromParams​(String value)
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Parameters:
        value - The fromParams to add.
        Returns:
        This builder for chaining.

      • addAllFromParams

        public JwtProvider.Builder addAllFromParams​(Iterable<String> values)
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Parameters:
        values - The fromParams to add.
        Returns:
        This builder for chaining.

      • clearFromParams

        public JwtProvider.Builder clearFromParams()
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Returns:
        This builder for chaining.

      • addFromParamsBytes

        public JwtProvider.Builder addFromParamsBytes​(com.google.protobuf.ByteString value)
         JWT is sent in a query parameter. `jwt_params` represents the query parameter names.
 For example, if config is:
 .. code-block:: yaml
   from_params:
   - jwt_token
 The JWT format in query parameter is::
    /path?jwt_token=<JWT>
        repeated string from_params = 7;
        Parameters:
        value - The bytes of the fromParams to add.
        Returns:
        This builder for chaining.

      • getForwardPayloadHeader

        public String getForwardPayloadHeader()
         This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::
    base64url_encoded(jwt_payload_in_JSON)
 If it is not specified, the payload will not be forwarded.
        string forward_payload_header = 8;
        Specified by:
        getForwardPayloadHeader in interface JwtProviderOrBuilder
        Returns:
        The forwardPayloadHeader.

      • getForwardPayloadHeaderBytes

        public com.google.protobuf.ByteString getForwardPayloadHeaderBytes()
         This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::
    base64url_encoded(jwt_payload_in_JSON)
 If it is not specified, the payload will not be forwarded.
        string forward_payload_header = 8;
        Specified by:
        getForwardPayloadHeaderBytes in interface JwtProviderOrBuilder
        Returns:
        The bytes for forwardPayloadHeader.

      • setForwardPayloadHeader

        public JwtProvider.Builder setForwardPayloadHeader​(String value)
         This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::
    base64url_encoded(jwt_payload_in_JSON)
 If it is not specified, the payload will not be forwarded.
        string forward_payload_header = 8;
        Parameters:
        value - The forwardPayloadHeader to set.
        Returns:
        This builder for chaining.

      • clearForwardPayloadHeader

        public JwtProvider.Builder clearForwardPayloadHeader()
         This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::
    base64url_encoded(jwt_payload_in_JSON)
 If it is not specified, the payload will not be forwarded.
        string forward_payload_header = 8;
        Returns:
        This builder for chaining.

      • setForwardPayloadHeaderBytes

        public JwtProvider.Builder setForwardPayloadHeaderBytes​(com.google.protobuf.ByteString value)
         This field specifies the header name to forward a successfully verified JWT payload to the
 backend. The forwarded data is::
    base64url_encoded(jwt_payload_in_JSON)
 If it is not specified, the payload will not be forwarded.
        string forward_payload_header = 8;
        Parameters:
        value - The bytes for forwardPayloadHeader to set.
        Returns:
        This builder for chaining.

      • getPayloadInMetadata

        public String getPayloadInMetadata()
         If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.
 For example, if payload_in_metadata is *my_payload*:
 .. code-block:: yaml
   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
        string payload_in_metadata = 9;
        Specified by:
        getPayloadInMetadata in interface JwtProviderOrBuilder
        Returns:
        The payloadInMetadata.

      • getPayloadInMetadataBytes

        public com.google.protobuf.ByteString getPayloadInMetadataBytes()
         If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.
 For example, if payload_in_metadata is *my_payload*:
 .. code-block:: yaml
   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
        string payload_in_metadata = 9;
        Specified by:
        getPayloadInMetadataBytes in interface JwtProviderOrBuilder
        Returns:
        The bytes for payloadInMetadata.

      • setPayloadInMetadata

        public JwtProvider.Builder setPayloadInMetadata​(String value)
         If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.
 For example, if payload_in_metadata is *my_payload*:
 .. code-block:: yaml
   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
        string payload_in_metadata = 9;
        Parameters:
        value - The payloadInMetadata to set.
        Returns:
        This builder for chaining.

      • clearPayloadInMetadata

        public JwtProvider.Builder clearPayloadInMetadata()
         If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.
 For example, if payload_in_metadata is *my_payload*:
 .. code-block:: yaml
   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
        string payload_in_metadata = 9;
        Returns:
        This builder for chaining.

      • setPayloadInMetadataBytes

        public JwtProvider.Builder setPayloadInMetadataBytes​(com.google.protobuf.ByteString value)
         If non empty, successfully verified JWT payloads will be written to StreamInfo DynamicMetadata
 in the format as: *namespace* is the jwt_authn filter name as **envoy.filters.http.jwt_authn**
 The value is the *protobuf::Struct*. The value of this field will be the key for its *fields*
 and the value is the *protobuf::Struct* converted from JWT JSON payload.
 For example, if payload_in_metadata is *my_payload*:
 .. code-block:: yaml
   envoy.filters.http.jwt_authn:
     my_payload:
       iss: https://example.com
       sub: test@example.com
       aud: https://example.com
       exp: 1501281058
        string payload_in_metadata = 9;
        Parameters:
        value - The bytes for payloadInMetadata to set.
        Returns:
        This builder for chaining.

      • setUnknownFields

        public final JwtProvider.Builder setUnknownFields​(com.google.protobuf.UnknownFieldSet unknownFields)
        Specified by:
        setUnknownFields in interface com.google.protobuf.Message.Builder
        Overrides:
        setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>

      • mergeUnknownFields

        public final JwtProvider.Builder mergeUnknownFields​(com.google.protobuf.UnknownFieldSet unknownFields)
        Specified by:
        mergeUnknownFields in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<JwtProvider.Builder>