jwt

package
v0.11.7-merged-prereqs Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2024 License: Apache-2.0 Imports: 22 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_jwt_jwt_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type ClaimToHeader

type ClaimToHeader struct {

	// Claim name. for example, "sub"
	Claim string `protobuf:"bytes,1,opt,name=claim,proto3" json:"claim,omitempty"`
	// The header the claim will be copied to. for example, "x-sub".
	Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"`
	// If the header exists, append to it (true), or overwrite it (false).
	Append bool `protobuf:"varint,4,opt,name=append,proto3" json:"append,omitempty"`
	// contains filtered or unexported fields
}

Allows copying verified claims to headers sent upstream

func (*ClaimToHeader) Clone added in v1.8.24

func (m *ClaimToHeader) Clone() proto.Message

Clone function

func (*ClaimToHeader) Descriptor deprecated

func (*ClaimToHeader) Descriptor() ([]byte, []int)

Deprecated: Use ClaimToHeader.ProtoReflect.Descriptor instead.

func (*ClaimToHeader) Equal

func (m *ClaimToHeader) Equal(that interface{}) bool

Equal function

func (*ClaimToHeader) GetAppend

func (x *ClaimToHeader) GetAppend() bool

func (*ClaimToHeader) GetClaim

func (x *ClaimToHeader) GetClaim() string

func (*ClaimToHeader) GetHeader

func (x *ClaimToHeader) GetHeader() string

func (*ClaimToHeader) Hash added in v1.2.13

func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ClaimToHeader) ProtoMessage

func (*ClaimToHeader) ProtoMessage()

func (*ClaimToHeader) ProtoReflect added in v1.6.0

func (x *ClaimToHeader) ProtoReflect() protoreflect.Message

func (*ClaimToHeader) Reset

func (x *ClaimToHeader) Reset()

func (*ClaimToHeader) String

func (x *ClaimToHeader) String() string

type Jwks

type Jwks struct {

	// Types that are assignable to Jwks:
	//
	//	*Jwks_Remote
	//	*Jwks_Local
	Jwks isJwks_Jwks `protobuf_oneof:"jwks"`
	// contains filtered or unexported fields
}

func (*Jwks) Clone added in v1.8.24

func (m *Jwks) Clone() proto.Message

Clone function

func (*Jwks) Descriptor deprecated

func (*Jwks) Descriptor() ([]byte, []int)

Deprecated: Use Jwks.ProtoReflect.Descriptor instead.

func (*Jwks) Equal

func (m *Jwks) Equal(that interface{}) bool

Equal function

func (*Jwks) GetJwks

func (m *Jwks) GetJwks() isJwks_Jwks

func (*Jwks) GetLocal

func (x *Jwks) GetLocal() *LocalJwks

func (*Jwks) GetRemote

func (x *Jwks) GetRemote() *RemoteJwks

func (*Jwks) Hash added in v1.2.13

func (m *Jwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Jwks) ProtoMessage

func (*Jwks) ProtoMessage()

func (*Jwks) ProtoReflect added in v1.6.0

func (x *Jwks) ProtoReflect() protoreflect.Message

func (*Jwks) Reset

func (x *Jwks) Reset()

func (*Jwks) String

func (x *Jwks) String() string

type Jwks_Local

type Jwks_Local struct {
	// Use an inline JWKS
	Local *LocalJwks `protobuf:"bytes,2,opt,name=local,proto3,oneof"`
}

type Jwks_Remote

type Jwks_Remote struct {
	// Use a remote JWKS server
	Remote *RemoteJwks `protobuf:"bytes,1,opt,name=remote,proto3,oneof"`
}

type JwtStagedRouteExtension added in v1.6.4

type JwtStagedRouteExtension struct {

	// JWT route config for the JWT filter that runs after the extauth filter.
	BeforeExtAuth *RouteExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"`
	// JWT route config for the JWT filter that runs after the extauth filter.
	AfterExtAuth *RouteExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"`
	// contains filtered or unexported fields
}

func (*JwtStagedRouteExtension) Clone added in v1.8.24

Clone function

func (*JwtStagedRouteExtension) Descriptor deprecated added in v1.6.4

func (*JwtStagedRouteExtension) Descriptor() ([]byte, []int)

Deprecated: Use JwtStagedRouteExtension.ProtoReflect.Descriptor instead.

func (*JwtStagedRouteExtension) Equal added in v1.6.4

func (m *JwtStagedRouteExtension) Equal(that interface{}) bool

Equal function

func (*JwtStagedRouteExtension) GetAfterExtAuth added in v1.6.4

func (x *JwtStagedRouteExtension) GetAfterExtAuth() *RouteExtension

func (*JwtStagedRouteExtension) GetBeforeExtAuth added in v1.6.4

func (x *JwtStagedRouteExtension) GetBeforeExtAuth() *RouteExtension

func (*JwtStagedRouteExtension) Hash added in v1.6.4

func (m *JwtStagedRouteExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*JwtStagedRouteExtension) ProtoMessage added in v1.6.4

func (*JwtStagedRouteExtension) ProtoMessage()

func (*JwtStagedRouteExtension) ProtoReflect added in v1.6.4

func (x *JwtStagedRouteExtension) ProtoReflect() protoreflect.Message

func (*JwtStagedRouteExtension) Reset added in v1.6.4

func (x *JwtStagedRouteExtension) Reset()

func (*JwtStagedRouteExtension) String added in v1.6.4

func (x *JwtStagedRouteExtension) String() string

type JwtStagedVhostExtension added in v1.6.4

type JwtStagedVhostExtension struct {

	// JWT Virtual host config for the JWT filter that runs before the extauth filter.
	BeforeExtAuth *VhostExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"`
	// JWT Virtual host config for the JWT filter that runs after the extauth filter.
	AfterExtAuth *VhostExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"`
	// contains filtered or unexported fields
}

func (*JwtStagedVhostExtension) Clone added in v1.8.24

Clone function

func (*JwtStagedVhostExtension) Descriptor deprecated added in v1.6.4

func (*JwtStagedVhostExtension) Descriptor() ([]byte, []int)

Deprecated: Use JwtStagedVhostExtension.ProtoReflect.Descriptor instead.

func (*JwtStagedVhostExtension) Equal added in v1.6.4

func (m *JwtStagedVhostExtension) Equal(that interface{}) bool

Equal function

func (*JwtStagedVhostExtension) GetAfterExtAuth added in v1.6.4

func (x *JwtStagedVhostExtension) GetAfterExtAuth() *VhostExtension

func (*JwtStagedVhostExtension) GetBeforeExtAuth added in v1.6.4

func (x *JwtStagedVhostExtension) GetBeforeExtAuth() *VhostExtension

func (*JwtStagedVhostExtension) Hash added in v1.6.4

func (m *JwtStagedVhostExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*JwtStagedVhostExtension) ProtoMessage added in v1.6.4

func (*JwtStagedVhostExtension) ProtoMessage()

func (*JwtStagedVhostExtension) ProtoReflect added in v1.6.4

func (x *JwtStagedVhostExtension) ProtoReflect() protoreflect.Message

func (*JwtStagedVhostExtension) Reset added in v1.6.4

func (x *JwtStagedVhostExtension) Reset()

func (*JwtStagedVhostExtension) String added in v1.6.4

func (x *JwtStagedVhostExtension) String() string

type LocalJwks

type LocalJwks struct {

	// Inline key. this can be json web key, key-set or PEM format.
	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// contains filtered or unexported fields
}

func (*LocalJwks) Clone added in v1.8.24

func (m *LocalJwks) Clone() proto.Message

Clone function

func (*LocalJwks) Descriptor deprecated

func (*LocalJwks) Descriptor() ([]byte, []int)

Deprecated: Use LocalJwks.ProtoReflect.Descriptor instead.

func (*LocalJwks) Equal

func (m *LocalJwks) Equal(that interface{}) bool

Equal function

func (*LocalJwks) GetKey

func (x *LocalJwks) GetKey() string

func (*LocalJwks) Hash added in v1.2.13

func (m *LocalJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*LocalJwks) ProtoMessage

func (*LocalJwks) ProtoMessage()

func (*LocalJwks) ProtoReflect added in v1.6.0

func (x *LocalJwks) ProtoReflect() protoreflect.Message

func (*LocalJwks) Reset

func (x *LocalJwks) Reset()

func (*LocalJwks) String

func (x *LocalJwks) String() string

type Provider

type Provider struct {

	// The source for the keys to validate JWTs.
	Jwks *Jwks `protobuf:"bytes,1,opt,name=jwks,proto3" json:"jwks,omitempty"`
	// An incoming JWT must have an 'aud' claim and it must be in this list.
	Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
	// Issuer of the JWT. the 'iss' claim of the JWT must match this.
	Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// Where to find the JWT of the current provider.
	TokenSource *TokenSource `protobuf:"bytes,4,opt,name=token_source,json=tokenSource,proto3" json:"token_source,omitempty"`
	// Should the token forwarded upstream. if false, the header containing the token will be removed.
	KeepToken bool `protobuf:"varint,5,opt,name=keep_token,json=keepToken,proto3" json:"keep_token,omitempty"`
	// What claims should be copied to upstream headers.
	ClaimsToHeaders []*ClaimToHeader `protobuf:"bytes,6,rep,name=claims_to_headers,json=claimsToHeaders,proto3" json:"claims_to_headers,omitempty"`
	// Optional: ClockSkewSeconds is used to verify time constraints, such as `exp` and `npf`. Default is 60s
	ClockSkewSeconds *wrappers.UInt32Value `protobuf:"bytes,8,opt,name=clock_skew_seconds,json=clockSkewSeconds,proto3" json:"clock_skew_seconds,omitempty"`
	// contains filtered or unexported fields
}

func (*Provider) Clone added in v1.8.24

func (m *Provider) Clone() proto.Message

Clone function

func (*Provider) Descriptor deprecated

func (*Provider) Descriptor() ([]byte, []int)

Deprecated: Use Provider.ProtoReflect.Descriptor instead.

func (*Provider) Equal

func (m *Provider) Equal(that interface{}) bool

Equal function

func (*Provider) GetAudiences

func (x *Provider) GetAudiences() []string

func (*Provider) GetClaimsToHeaders

func (x *Provider) GetClaimsToHeaders() []*ClaimToHeader

func (*Provider) GetClockSkewSeconds added in v1.14.0

func (x *Provider) GetClockSkewSeconds() *wrappers.UInt32Value

func (*Provider) GetIssuer

func (x *Provider) GetIssuer() string

func (*Provider) GetJwks

func (x *Provider) GetJwks() *Jwks

func (*Provider) GetKeepToken

func (x *Provider) GetKeepToken() bool

func (*Provider) GetTokenSource

func (x *Provider) GetTokenSource() *TokenSource

func (*Provider) Hash added in v1.2.13

func (m *Provider) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*Provider) ProtoMessage

func (*Provider) ProtoMessage()

func (*Provider) ProtoReflect added in v1.6.0

func (x *Provider) ProtoReflect() protoreflect.Message

func (*Provider) Reset

func (x *Provider) Reset()

func (*Provider) String

func (x *Provider) String() string

type RemoteJwks

type RemoteJwks struct {

	// The url used when accessing the upstream for Json Web Key Set.
	// This is used to set the host and path in the request
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// The Upstream representing the Json Web Key Set server
	UpstreamRef *core.ResourceRef `protobuf:"bytes,2,opt,name=upstream_ref,json=upstreamRef,proto3" json:"upstream_ref,omitempty"`
	// Duration after which the cached JWKS should be expired.
	// If not specified, default cache duration is 5 minutes.
	CacheDuration *duration.Duration `protobuf:"bytes,4,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"`
	// Fetch Jwks asynchronously in the main thread before the listener is activated.
	// Fetched Jwks can be used by all worker threads.
	//
	// If this feature is not enabled:
	//
	//   - The Jwks is fetched on-demand when the requests come. During the fetching, first
	//     few requests are paused until the Jwks is fetched.
	//   - Each worker thread fetches its own Jwks since Jwks cache is per worker thread.
	//
	// If this feature is enabled:
	//
	//   - Fetched Jwks is done in the main thread before the listener is activated. Its fetched
	//     Jwks can be used by all worker threads. Each worker thread doesn't need to fetch its own.
	//   - Jwks is ready when the requests come, not need to wait for the Jwks fetching.
	AsyncFetch *v3.JwksAsyncFetch `protobuf:"bytes,3,opt,name=async_fetch,json=asyncFetch,proto3" json:"async_fetch,omitempty"`
	// contains filtered or unexported fields
}

func (*RemoteJwks) Clone added in v1.8.24

func (m *RemoteJwks) Clone() proto.Message

Clone function

func (*RemoteJwks) Descriptor deprecated

func (*RemoteJwks) Descriptor() ([]byte, []int)

Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.

func (*RemoteJwks) Equal

func (m *RemoteJwks) Equal(that interface{}) bool

Equal function

func (*RemoteJwks) GetAsyncFetch added in v1.9.0

func (x *RemoteJwks) GetAsyncFetch() *v3.JwksAsyncFetch

func (*RemoteJwks) GetCacheDuration

func (x *RemoteJwks) GetCacheDuration() *duration.Duration

func (*RemoteJwks) GetUpstreamRef

func (x *RemoteJwks) GetUpstreamRef() *core.ResourceRef

func (*RemoteJwks) GetUrl

func (x *RemoteJwks) GetUrl() string

func (*RemoteJwks) Hash added in v1.2.13

func (m *RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*RemoteJwks) ProtoMessage

func (*RemoteJwks) ProtoMessage()

func (*RemoteJwks) ProtoReflect added in v1.6.0

func (x *RemoteJwks) ProtoReflect() protoreflect.Message

func (*RemoteJwks) Reset

func (x *RemoteJwks) Reset()

func (*RemoteJwks) String

func (x *RemoteJwks) String() string

type RouteExtension

type RouteExtension struct {

	// Disable JWT checks on this route.
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"`
	// contains filtered or unexported fields
}

func (*RouteExtension) Clone added in v1.8.24

func (m *RouteExtension) Clone() proto.Message

Clone function

func (*RouteExtension) Descriptor deprecated

func (*RouteExtension) Descriptor() ([]byte, []int)

Deprecated: Use RouteExtension.ProtoReflect.Descriptor instead.

func (*RouteExtension) Equal

func (m *RouteExtension) Equal(that interface{}) bool

Equal function

func (*RouteExtension) GetDisable

func (x *RouteExtension) GetDisable() bool

func (*RouteExtension) Hash added in v1.2.13

func (m *RouteExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*RouteExtension) ProtoMessage

func (*RouteExtension) ProtoMessage()

func (*RouteExtension) ProtoReflect added in v1.6.0

func (x *RouteExtension) ProtoReflect() protoreflect.Message

func (*RouteExtension) Reset

func (x *RouteExtension) Reset()

func (*RouteExtension) String

func (x *RouteExtension) String() string

type TokenSource

type TokenSource struct {

	// Try to retrieve token from these headers
	Headers []*TokenSource_HeaderSource `protobuf:"bytes,1,rep,name=headers,proto3" json:"headers,omitempty"`
	// Try to retrieve token from these query params
	QueryParams []string `protobuf:"bytes,2,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty"`
	// contains filtered or unexported fields
}

Describes the location of a JWT token

func (*TokenSource) Clone added in v1.8.24

func (m *TokenSource) Clone() proto.Message

Clone function

func (*TokenSource) Descriptor deprecated

func (*TokenSource) Descriptor() ([]byte, []int)

Deprecated: Use TokenSource.ProtoReflect.Descriptor instead.

func (*TokenSource) Equal

func (m *TokenSource) Equal(that interface{}) bool

Equal function

func (*TokenSource) GetHeaders

func (x *TokenSource) GetHeaders() []*TokenSource_HeaderSource

func (*TokenSource) GetQueryParams

func (x *TokenSource) GetQueryParams() []string

func (*TokenSource) Hash added in v1.2.13

func (m *TokenSource) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*TokenSource) ProtoMessage

func (*TokenSource) ProtoMessage()

func (*TokenSource) ProtoReflect added in v1.6.0

func (x *TokenSource) ProtoReflect() protoreflect.Message

func (*TokenSource) Reset

func (x *TokenSource) Reset()

func (*TokenSource) String

func (x *TokenSource) String() string

type TokenSource_HeaderSource

type TokenSource_HeaderSource struct {

	// The name of the header. for example, "authorization"
	Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
	// Prefix before the token. for example, "Bearer "
	Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"`
	// contains filtered or unexported fields
}

Describes how to retrieve a JWT from a header

func (*TokenSource_HeaderSource) Clone added in v1.8.24

Clone function

func (*TokenSource_HeaderSource) Descriptor deprecated

func (*TokenSource_HeaderSource) Descriptor() ([]byte, []int)

Deprecated: Use TokenSource_HeaderSource.ProtoReflect.Descriptor instead.

func (*TokenSource_HeaderSource) Equal

func (m *TokenSource_HeaderSource) Equal(that interface{}) bool

Equal function

func (*TokenSource_HeaderSource) GetHeader

func (x *TokenSource_HeaderSource) GetHeader() string

func (*TokenSource_HeaderSource) GetPrefix

func (x *TokenSource_HeaderSource) GetPrefix() string

func (*TokenSource_HeaderSource) Hash added in v1.2.13

func (m *TokenSource_HeaderSource) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*TokenSource_HeaderSource) ProtoMessage

func (*TokenSource_HeaderSource) ProtoMessage()

func (*TokenSource_HeaderSource) ProtoReflect added in v1.6.0

func (x *TokenSource_HeaderSource) ProtoReflect() protoreflect.Message

func (*TokenSource_HeaderSource) Reset

func (x *TokenSource_HeaderSource) Reset()

func (*TokenSource_HeaderSource) String

func (x *TokenSource_HeaderSource) String() string

type VhostExtension

type VhostExtension struct {

	// Map of JWT provider name to Provider.
	// If specified, multiple providers will be `OR`-ed together and will allow validation to any of the providers.
	Providers map[string]*Provider `` /* 159-byte string literal not displayed */
	// Allow pass through of JWT requests for this virtual host, even if JWT token is missing or JWT auth failed.
	// If this is false (default false), requests that fail JWT authentication will fail authorization immediately.
	// For example, if a request requires either JWT auth OR another auth method, this can be enabled to allow a failed JWT auth request to pass through to the other auth method.
	AllowMissingOrFailedJwt bool `` /* 137-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*VhostExtension) Clone added in v1.8.24

func (m *VhostExtension) Clone() proto.Message

Clone function

func (*VhostExtension) Descriptor deprecated

func (*VhostExtension) Descriptor() ([]byte, []int)

Deprecated: Use VhostExtension.ProtoReflect.Descriptor instead.

func (*VhostExtension) Equal

func (m *VhostExtension) Equal(that interface{}) bool

Equal function

func (*VhostExtension) GetAllowMissingOrFailedJwt added in v1.6.0

func (x *VhostExtension) GetAllowMissingOrFailedJwt() bool

func (*VhostExtension) GetProviders

func (x *VhostExtension) GetProviders() map[string]*Provider

func (*VhostExtension) Hash added in v1.2.13

func (m *VhostExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*VhostExtension) ProtoMessage

func (*VhostExtension) ProtoMessage()

func (*VhostExtension) ProtoReflect added in v1.6.0

func (x *VhostExtension) ProtoReflect() protoreflect.Message

func (*VhostExtension) Reset

func (x *VhostExtension) Reset()

func (*VhostExtension) String

func (x *VhostExtension) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL