jwt.proto

Package: jwt.plugins.gloo.solo.io

Types:

Source File: github.com/solo-io/solo-projects/projects/gloo/api/v1/plugins/jwt/jwt.proto

RemoteJwks

"url": string
"upstreamRef": .core.solo.io.ResourceRef
"cacheDuration": .google.protobuf.Duration
Field Type Description Default
url string The url used when accessing the upstream for Json Web Key Set. This is used to set the host and path in the request
upstreamRef .core.solo.io.ResourceRef The Upstream representing the Json Web Key Set server
cacheDuration .google.protobuf.Duration Duration after which the cached JWKS should be expired. If not specified, default cache duration is 5 minutes.

LocalJwks

"key": string
Field Type Description Default
key string Inline key. this can be json web key, key-set or PEM format.

Jwks

"remote": .jwt.plugins.gloo.solo.io.RemoteJwks
"local": .jwt.plugins.gloo.solo.io.LocalJwks
Field Type Description Default
remote .jwt.plugins.gloo.solo.io.RemoteJwks Use a remote JWKS server
local .jwt.plugins.gloo.solo.io.LocalJwks Use an inline JWKS

TokenSource

Describes the location of a JWT token

"headers": []jwt.plugins.gloo.solo.io.TokenSource.HeaderSource
"queryParams": []string
Field Type Description Default
headers []jwt.plugins.gloo.solo.io.TokenSource.HeaderSource Try to retrieve token from these headers
queryParams []string Try to retrieve token from these query params

HeaderSource

Describes how to retrieve a JWT from a header

"header": string
"prefix": string
Field Type Description Default
header string The name of the header. for exmaple, “authorization”
prefix string Prefix before the token. for example, “Bearer “

ClaimToHeader

Allows copying verified claims to headers sent upstream

"claim": string
"header": string
"append": bool
Field Type Description Default
claim string Claim name. for example, “sub”
header string The header the claim will be copied to. for example, “x-sub”.
append bool If header exist, append to it, or set it.

Provider

"jwks": .jwt.plugins.gloo.solo.io.Jwks
"audiences": []string
"issuer": string
"tokenSource": .jwt.plugins.gloo.solo.io.TokenSource
"keepToken": bool
"claimsToHeaders": []jwt.plugins.gloo.solo.io.ClaimToHeader
Field Type Description Default
jwks .jwt.plugins.gloo.solo.io.Jwks The source for the keys to validate JWTs.
audiences []string An incoming JWT must have an ‘aud’ claim and it must be in this list.
issuer string Issuer of the JWT. the ‘iss’ claim of the JWT must match this.
tokenSource .jwt.plugins.gloo.solo.io.TokenSource Where to find the JWT of the current provider.
keepToken bool Should the token forwarded upstream. if false, the header containing the token will be removed.
claimsToHeaders []jwt.plugins.gloo.solo.io.ClaimToHeader What claims should be copied to upstream headers.

VhostExtension

"jwks": .jwt.plugins.gloo.solo.io.Jwks
"audiences": []string
"issuer": string
"providers": map<string, .jwt.plugins.gloo.solo.io.Provider>
Field Type Description Default
jwks .jwt.plugins.gloo.solo.io.Jwks The source for the keys to validate JWTs. Deprecated: this field is deprecated, use providers instead.
audiences []string An incoming JWT must have an ‘aud’ claim and it must be in this list. Deprecated: this field is deprecated, use providers instead.
issuer string Issuer of the JWT. the ‘iss’ claim of the JWT must match this. Deprecated: this field is deprecated, use providers instead.
providers map<string, .jwt.plugins.gloo.solo.io.Provider> Auth providers can be used instead of the fields above where more than one is required. if this list is provided the fields above are ignored.

RouteExtension

"disable": bool
Field Type Description Default
disable bool Disable JWT checks on this route.