jwt.proto

Package: jwt.plugins.gloo.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/plugins/jwt/jwt.proto

RemoteJwks

"url": string
"upstreamRef": .core.solo.io.ResourceRef
"cacheDuration": .google.protobuf.Duration
Field Type Description Default
url string The url used when accessing the upstream for Json Web Key Set. This is used to set the host and path in the request.
upstreamRef .core.solo.io.ResourceRef The Upstream representing the Json Web Key Set server.
cacheDuration .google.protobuf.Duration Duration after which the cached JWKS should be expired. If not specified, default cache duration is 5 minutes.

LocalJwks

"key": string
Field Type Description Default
key string Inline key. this can be json web key, key-set or PEM format.

Jwks

"remote": .jwt.plugins.gloo.solo.io.RemoteJwks
"local": .jwt.plugins.gloo.solo.io.LocalJwks
Field Type Description Default
remote .jwt.plugins.gloo.solo.io.RemoteJwks Use a remote JWKS server. Only one of remote or local can be set.
local .jwt.plugins.gloo.solo.io.LocalJwks Use an inline JWKS. Only one of local or remote can be set.

TokenSource

Describes the location of a JWT token

"headers": []jwt.plugins.gloo.solo.io.TokenSource.HeaderSource
"queryParams": []string
Field Type Description Default
headers []jwt.plugins.gloo.solo.io.TokenSource.HeaderSource Try to retrieve token from these headers.
queryParams []string Try to retrieve token from these query params.

HeaderSource

Describes how to retrieve a JWT from a header

"header": string
"prefix": string
Field Type Description Default
header string The name of the header. for example, “authorization”.
prefix string Prefix before the token. for example, “Bearer “.

ClaimToHeader

Allows copying verified claims to headers sent upstream

"claim": string
"header": string
"append": bool
Field Type Description Default
claim string Claim name. for example, “sub”.
header string The header the claim will be copied to. for example, “x-sub”.
append bool If header exist, append to it, or set it.

Provider

"jwks": .jwt.plugins.gloo.solo.io.Jwks
"audiences": []string
"issuer": string
"tokenSource": .jwt.plugins.gloo.solo.io.TokenSource
"keepToken": bool
"claimsToHeaders": []jwt.plugins.gloo.solo.io.ClaimToHeader
Field Type Description Default
jwks .jwt.plugins.gloo.solo.io.Jwks The source for the keys to validate JWTs.
audiences []string An incoming JWT must have an ‘aud’ claim and it must be in this list.
issuer string Issuer of the JWT. the ‘iss’ claim of the JWT must match this.
tokenSource .jwt.plugins.gloo.solo.io.TokenSource Where to find the JWT of the current provider.
keepToken bool Should the token forwarded upstream. if false, the header containing the token will be removed.
claimsToHeaders []jwt.plugins.gloo.solo.io.ClaimToHeader What claims should be copied to upstream headers.

VhostExtension

"jwks": .jwt.plugins.gloo.solo.io.Jwks
"audiences": []string
"issuer": string
"providers": map<string, .jwt.plugins.gloo.solo.io.Provider>
Field Type Description Default
jwks .jwt.plugins.gloo.solo.io.Jwks The source for the keys to validate JWTs. Deprecated: this field is deprecated, use providers instead.
audiences []string An incoming JWT must have an ‘aud’ claim and it must be in this list. Deprecated: this field is deprecated, use providers instead.
issuer string Issuer of the JWT. the ‘iss’ claim of the JWT must match this. Deprecated: this field is deprecated, use providers instead.
providers map<string, .jwt.plugins.gloo.solo.io.Provider> Auth providers can be used instead of the fields above where more than one is required. if this list is provided the fields above are ignored.

RouteExtension

"disable": bool
Field Type Description Default
disable bool Disable JWT checks on this route.