jwt

package
v1.18.0-beta23 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 26, 2024 License: Apache-2.0 Imports: 23 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	VhostExtension_ValidationPolicy_name = map[int32]string{
		0: "REQUIRE_VALID",
		1: "ALLOW_MISSING",
		2: "ALLOW_MISSING_OR_FAILED",
	}
	VhostExtension_ValidationPolicy_value = map[string]int32{
		"REQUIRE_VALID":           0,
		"ALLOW_MISSING":           1,
		"ALLOW_MISSING_OR_FAILED": 2,
	}
)

Enum value maps for VhostExtension_ValidationPolicy.

View Source
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_jwt_jwt_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type ClaimToHeader

type ClaimToHeader struct {

	// Claim name. for example, "sub"
	Claim string `protobuf:"bytes,1,opt,name=claim,proto3" json:"claim,omitempty"`
	// The header the claim will be copied to. for example, "x-sub".
	Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"`
	// If the header exists, append to it (true), or overwrite it (false).
	Append bool `protobuf:"varint,4,opt,name=append,proto3" json:"append,omitempty"`
	// contains filtered or unexported fields
}

Allows copying verified claims to headers sent upstream

func (*ClaimToHeader) Clone added in v1.8.24

func (m *ClaimToHeader) Clone() proto.Message

Clone function

func (*ClaimToHeader) Descriptor deprecated

func (*ClaimToHeader) Descriptor() ([]byte, []int)

Deprecated: Use ClaimToHeader.ProtoReflect.Descriptor instead.

func (*ClaimToHeader) Equal

func (m *ClaimToHeader) Equal(that interface{}) bool

Equal function

func (*ClaimToHeader) GetAppend

func (x *ClaimToHeader) GetAppend() bool

func (*ClaimToHeader) GetClaim

func (x *ClaimToHeader) GetClaim() string

func (*ClaimToHeader) GetHeader

func (x *ClaimToHeader) GetHeader() string

func (*ClaimToHeader) Hash deprecated added in v1.2.13

func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*ClaimToHeader) HashUnique added in v1.18.0

func (m *ClaimToHeader) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*ClaimToHeader) ProtoMessage

func (*ClaimToHeader) ProtoMessage()

func (*ClaimToHeader) ProtoReflect added in v1.6.0

func (x *ClaimToHeader) ProtoReflect() protoreflect.Message

func (*ClaimToHeader) Reset

func (x *ClaimToHeader) Reset()

func (*ClaimToHeader) String

func (x *ClaimToHeader) String() string

type Jwks

type Jwks struct {

	// Types that are assignable to Jwks:
	//
	//	*Jwks_Remote
	//	*Jwks_Local
	Jwks isJwks_Jwks `protobuf_oneof:"jwks"`
	// contains filtered or unexported fields
}

func (*Jwks) Clone added in v1.8.24

func (m *Jwks) Clone() proto.Message

Clone function

func (*Jwks) Descriptor deprecated

func (*Jwks) Descriptor() ([]byte, []int)

Deprecated: Use Jwks.ProtoReflect.Descriptor instead.

func (*Jwks) Equal

func (m *Jwks) Equal(that interface{}) bool

Equal function

func (*Jwks) GetJwks

func (m *Jwks) GetJwks() isJwks_Jwks

func (*Jwks) GetLocal

func (x *Jwks) GetLocal() *LocalJwks

func (*Jwks) GetRemote

func (x *Jwks) GetRemote() *RemoteJwks

func (*Jwks) Hash deprecated added in v1.2.13

func (m *Jwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Jwks) HashUnique added in v1.18.0

func (m *Jwks) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Jwks) ProtoMessage

func (*Jwks) ProtoMessage()

func (*Jwks) ProtoReflect added in v1.6.0

func (x *Jwks) ProtoReflect() protoreflect.Message

func (*Jwks) Reset

func (x *Jwks) Reset()

func (*Jwks) String

func (x *Jwks) String() string

type Jwks_Local

type Jwks_Local struct {
	// Use an inline JWKS
	Local *LocalJwks `protobuf:"bytes,2,opt,name=local,proto3,oneof"`
}

type Jwks_Remote

type Jwks_Remote struct {
	// Use a remote JWKS server
	Remote *RemoteJwks `protobuf:"bytes,1,opt,name=remote,proto3,oneof"`
}

type JwtStagedRouteExtension added in v1.6.4

type JwtStagedRouteExtension struct {

	// Per-route JWT config for the JWT filter that runs before the extauth filter.
	BeforeExtAuth *RouteExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"`
	// Per-route JWT config for the JWT filter that runs before the extauth filter.
	AfterExtAuth *RouteExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"`
	// contains filtered or unexported fields
}

func (*JwtStagedRouteExtension) Clone added in v1.8.24

Clone function

func (*JwtStagedRouteExtension) Descriptor deprecated added in v1.6.4

func (*JwtStagedRouteExtension) Descriptor() ([]byte, []int)

Deprecated: Use JwtStagedRouteExtension.ProtoReflect.Descriptor instead.

func (*JwtStagedRouteExtension) Equal added in v1.6.4

func (m *JwtStagedRouteExtension) Equal(that interface{}) bool

Equal function

func (*JwtStagedRouteExtension) GetAfterExtAuth added in v1.6.4

func (x *JwtStagedRouteExtension) GetAfterExtAuth() *RouteExtension

func (*JwtStagedRouteExtension) GetBeforeExtAuth added in v1.6.4

func (x *JwtStagedRouteExtension) GetBeforeExtAuth() *RouteExtension

func (*JwtStagedRouteExtension) Hash deprecated added in v1.6.4

func (m *JwtStagedRouteExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*JwtStagedRouteExtension) HashUnique added in v1.18.0

func (m *JwtStagedRouteExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*JwtStagedRouteExtension) ProtoMessage added in v1.6.4

func (*JwtStagedRouteExtension) ProtoMessage()

func (*JwtStagedRouteExtension) ProtoReflect added in v1.6.4

func (x *JwtStagedRouteExtension) ProtoReflect() protoreflect.Message

func (*JwtStagedRouteExtension) Reset added in v1.6.4

func (x *JwtStagedRouteExtension) Reset()

func (*JwtStagedRouteExtension) String added in v1.6.4

func (x *JwtStagedRouteExtension) String() string

type JwtStagedRouteProvidersExtension added in v1.18.0

type JwtStagedRouteProvidersExtension struct {

	// Per-route JWT config for the JWT filter that runs before the extauth filter.
	BeforeExtAuth *VhostExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"`
	// Per-route JWT config for the JWT filter that runs before the extauth filter.
	AfterExtAuth *VhostExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"`
	// contains filtered or unexported fields
}

func (*JwtStagedRouteProvidersExtension) Clone added in v1.18.0

Clone function

func (*JwtStagedRouteProvidersExtension) Descriptor deprecated added in v1.18.0

func (*JwtStagedRouteProvidersExtension) Descriptor() ([]byte, []int)

Deprecated: Use JwtStagedRouteProvidersExtension.ProtoReflect.Descriptor instead.

func (*JwtStagedRouteProvidersExtension) Equal added in v1.18.0

func (m *JwtStagedRouteProvidersExtension) Equal(that interface{}) bool

Equal function

func (*JwtStagedRouteProvidersExtension) GetAfterExtAuth added in v1.18.0

func (x *JwtStagedRouteProvidersExtension) GetAfterExtAuth() *VhostExtension

func (*JwtStagedRouteProvidersExtension) GetBeforeExtAuth added in v1.18.0

func (x *JwtStagedRouteProvidersExtension) GetBeforeExtAuth() *VhostExtension

func (*JwtStagedRouteProvidersExtension) Hash deprecated added in v1.18.0

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*JwtStagedRouteProvidersExtension) HashUnique added in v1.18.0

func (m *JwtStagedRouteProvidersExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*JwtStagedRouteProvidersExtension) ProtoMessage added in v1.18.0

func (*JwtStagedRouteProvidersExtension) ProtoMessage()

func (*JwtStagedRouteProvidersExtension) ProtoReflect added in v1.18.0

func (*JwtStagedRouteProvidersExtension) Reset added in v1.18.0

func (*JwtStagedRouteProvidersExtension) String added in v1.18.0

type JwtStagedVhostExtension added in v1.6.4

type JwtStagedVhostExtension struct {

	// JWT Virtual host config for the JWT filter that runs before the extauth filter.
	BeforeExtAuth *VhostExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"`
	// JWT Virtual host config for the JWT filter that runs after the extauth filter.
	AfterExtAuth *VhostExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"`
	// contains filtered or unexported fields
}

func (*JwtStagedVhostExtension) Clone added in v1.8.24

Clone function

func (*JwtStagedVhostExtension) Descriptor deprecated added in v1.6.4

func (*JwtStagedVhostExtension) Descriptor() ([]byte, []int)

Deprecated: Use JwtStagedVhostExtension.ProtoReflect.Descriptor instead.

func (*JwtStagedVhostExtension) Equal added in v1.6.4

func (m *JwtStagedVhostExtension) Equal(that interface{}) bool

Equal function

func (*JwtStagedVhostExtension) GetAfterExtAuth added in v1.6.4

func (x *JwtStagedVhostExtension) GetAfterExtAuth() *VhostExtension

func (*JwtStagedVhostExtension) GetBeforeExtAuth added in v1.6.4

func (x *JwtStagedVhostExtension) GetBeforeExtAuth() *VhostExtension

func (*JwtStagedVhostExtension) Hash deprecated added in v1.6.4

func (m *JwtStagedVhostExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*JwtStagedVhostExtension) HashUnique added in v1.18.0

func (m *JwtStagedVhostExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*JwtStagedVhostExtension) ProtoMessage added in v1.6.4

func (*JwtStagedVhostExtension) ProtoMessage()

func (*JwtStagedVhostExtension) ProtoReflect added in v1.6.4

func (x *JwtStagedVhostExtension) ProtoReflect() protoreflect.Message

func (*JwtStagedVhostExtension) Reset added in v1.6.4

func (x *JwtStagedVhostExtension) Reset()

func (*JwtStagedVhostExtension) String added in v1.6.4

func (x *JwtStagedVhostExtension) String() string

type LocalJwks

type LocalJwks struct {

	// Inline key. this can be json web key, key-set or PEM format.
	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// contains filtered or unexported fields
}

func (*LocalJwks) Clone added in v1.8.24

func (m *LocalJwks) Clone() proto.Message

Clone function

func (*LocalJwks) Descriptor deprecated

func (*LocalJwks) Descriptor() ([]byte, []int)

Deprecated: Use LocalJwks.ProtoReflect.Descriptor instead.

func (*LocalJwks) Equal

func (m *LocalJwks) Equal(that interface{}) bool

Equal function

func (*LocalJwks) GetKey

func (x *LocalJwks) GetKey() string

func (*LocalJwks) Hash deprecated added in v1.2.13

func (m *LocalJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*LocalJwks) HashUnique added in v1.18.0

func (m *LocalJwks) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*LocalJwks) ProtoMessage

func (*LocalJwks) ProtoMessage()

func (*LocalJwks) ProtoReflect added in v1.6.0

func (x *LocalJwks) ProtoReflect() protoreflect.Message

func (*LocalJwks) Reset

func (x *LocalJwks) Reset()

func (*LocalJwks) String

func (x *LocalJwks) String() string

type Provider

type Provider struct {

	// The source for the keys to validate JWTs.
	Jwks *Jwks `protobuf:"bytes,1,opt,name=jwks,proto3" json:"jwks,omitempty"`
	// An incoming JWT must have an 'aud' claim and it must be in this list.
	Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
	// Issuer of the JWT. the 'iss' claim of the JWT must match this.
	Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// Where to find the JWT of the current provider.
	TokenSource *TokenSource `protobuf:"bytes,4,opt,name=token_source,json=tokenSource,proto3" json:"token_source,omitempty"`
	// Should the token forwarded upstream. if false, the header containing the token will be removed.
	KeepToken bool `protobuf:"varint,5,opt,name=keep_token,json=keepToken,proto3" json:"keep_token,omitempty"`
	// What claims should be copied to upstream headers.
	ClaimsToHeaders []*ClaimToHeader `protobuf:"bytes,6,rep,name=claims_to_headers,json=claimsToHeaders,proto3" json:"claims_to_headers,omitempty"`
	// Optional: ClockSkewSeconds is used to verify time constraints, such as `exp` and `npf`. Default is 60s
	ClockSkewSeconds *wrapperspb.UInt32Value `protobuf:"bytes,8,opt,name=clock_skew_seconds,json=clockSkewSeconds,proto3" json:"clock_skew_seconds,omitempty"`
	// contains filtered or unexported fields
}

func (*Provider) Clone added in v1.8.24

func (m *Provider) Clone() proto.Message

Clone function

func (*Provider) Descriptor deprecated

func (*Provider) Descriptor() ([]byte, []int)

Deprecated: Use Provider.ProtoReflect.Descriptor instead.

func (*Provider) Equal

func (m *Provider) Equal(that interface{}) bool

Equal function

func (*Provider) GetAudiences

func (x *Provider) GetAudiences() []string

func (*Provider) GetClaimsToHeaders

func (x *Provider) GetClaimsToHeaders() []*ClaimToHeader

func (*Provider) GetClockSkewSeconds added in v1.14.0

func (x *Provider) GetClockSkewSeconds() *wrapperspb.UInt32Value

func (*Provider) GetIssuer

func (x *Provider) GetIssuer() string

func (*Provider) GetJwks

func (x *Provider) GetJwks() *Jwks

func (*Provider) GetKeepToken

func (x *Provider) GetKeepToken() bool

func (*Provider) GetTokenSource

func (x *Provider) GetTokenSource() *TokenSource

func (*Provider) Hash deprecated added in v1.2.13

func (m *Provider) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Provider) HashUnique added in v1.18.0

func (m *Provider) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Provider) ProtoMessage

func (*Provider) ProtoMessage()

func (*Provider) ProtoReflect added in v1.6.0

func (x *Provider) ProtoReflect() protoreflect.Message

func (*Provider) Reset

func (x *Provider) Reset()

func (*Provider) String

func (x *Provider) String() string

type RemoteJwks

type RemoteJwks struct {

	// The url used when accessing the upstream for Json Web Key Set.
	// This is used to set the host and path in the request
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// The Upstream representing the Json Web Key Set server
	UpstreamRef *core.ResourceRef `protobuf:"bytes,2,opt,name=upstream_ref,json=upstreamRef,proto3" json:"upstream_ref,omitempty"`
	// Duration after which the cached JWKS should be expired.
	// If not specified, default cache duration is 5 minutes.
	CacheDuration *durationpb.Duration `protobuf:"bytes,4,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"`
	// Fetch Jwks asynchronously in the main thread before the listener is activated.
	// Fetched Jwks can be used by all worker threads.
	//
	// If this feature is not enabled:
	//
	//   - The Jwks is fetched on-demand when the requests come. During the fetching, first
	//     few requests are paused until the Jwks is fetched.
	//   - Each worker thread fetches its own Jwks since Jwks cache is per worker thread.
	//
	// If this feature is enabled:
	//
	//   - Fetched Jwks is done in the main thread before the listener is activated. Its fetched
	//     Jwks can be used by all worker threads. Each worker thread doesn't need to fetch its own.
	//   - Jwks is ready when the requests come, not need to wait for the Jwks fetching.
	AsyncFetch *v3.JwksAsyncFetch `protobuf:"bytes,3,opt,name=async_fetch,json=asyncFetch,proto3" json:"async_fetch,omitempty"`
	// contains filtered or unexported fields
}

func (*RemoteJwks) Clone added in v1.8.24

func (m *RemoteJwks) Clone() proto.Message

Clone function

func (*RemoteJwks) Descriptor deprecated

func (*RemoteJwks) Descriptor() ([]byte, []int)

Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.

func (*RemoteJwks) Equal

func (m *RemoteJwks) Equal(that interface{}) bool

Equal function

func (*RemoteJwks) GetAsyncFetch added in v1.9.0

func (x *RemoteJwks) GetAsyncFetch() *v3.JwksAsyncFetch

func (*RemoteJwks) GetCacheDuration

func (x *RemoteJwks) GetCacheDuration() *durationpb.Duration

func (*RemoteJwks) GetUpstreamRef

func (x *RemoteJwks) GetUpstreamRef() *core.ResourceRef

func (*RemoteJwks) GetUrl

func (x *RemoteJwks) GetUrl() string

func (*RemoteJwks) Hash deprecated added in v1.2.13

func (m *RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*RemoteJwks) HashUnique added in v1.18.0

func (m *RemoteJwks) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*RemoteJwks) ProtoMessage

func (*RemoteJwks) ProtoMessage()

func (*RemoteJwks) ProtoReflect added in v1.6.0

func (x *RemoteJwks) ProtoReflect() protoreflect.Message

func (*RemoteJwks) Reset

func (x *RemoteJwks) Reset()

func (*RemoteJwks) String

func (x *RemoteJwks) String() string

type RouteExtension

type RouteExtension struct {

	// Disable JWT checks on this route.
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"`
	// contains filtered or unexported fields
}

func (*RouteExtension) Clone added in v1.8.24

func (m *RouteExtension) Clone() proto.Message

Clone function

func (*RouteExtension) Descriptor deprecated

func (*RouteExtension) Descriptor() ([]byte, []int)

Deprecated: Use RouteExtension.ProtoReflect.Descriptor instead.

func (*RouteExtension) Equal

func (m *RouteExtension) Equal(that interface{}) bool

Equal function

func (*RouteExtension) GetDisable

func (x *RouteExtension) GetDisable() bool

func (*RouteExtension) Hash deprecated added in v1.2.13

func (m *RouteExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*RouteExtension) HashUnique added in v1.18.0

func (m *RouteExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*RouteExtension) ProtoMessage

func (*RouteExtension) ProtoMessage()

func (*RouteExtension) ProtoReflect added in v1.6.0

func (x *RouteExtension) ProtoReflect() protoreflect.Message

func (*RouteExtension) Reset

func (x *RouteExtension) Reset()

func (*RouteExtension) String

func (x *RouteExtension) String() string

type TokenSource

type TokenSource struct {

	// Try to retrieve token from these headers
	Headers []*TokenSource_HeaderSource `protobuf:"bytes,1,rep,name=headers,proto3" json:"headers,omitempty"`
	// Try to retrieve token from these query params
	QueryParams []string `protobuf:"bytes,2,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty"`
	// contains filtered or unexported fields
}

Describes the location of a JWT token

func (*TokenSource) Clone added in v1.8.24

func (m *TokenSource) Clone() proto.Message

Clone function

func (*TokenSource) Descriptor deprecated

func (*TokenSource) Descriptor() ([]byte, []int)

Deprecated: Use TokenSource.ProtoReflect.Descriptor instead.

func (*TokenSource) Equal

func (m *TokenSource) Equal(that interface{}) bool

Equal function

func (*TokenSource) GetHeaders

func (x *TokenSource) GetHeaders() []*TokenSource_HeaderSource

func (*TokenSource) GetQueryParams

func (x *TokenSource) GetQueryParams() []string

func (*TokenSource) Hash deprecated added in v1.2.13

func (m *TokenSource) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*TokenSource) HashUnique added in v1.18.0

func (m *TokenSource) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*TokenSource) ProtoMessage

func (*TokenSource) ProtoMessage()

func (*TokenSource) ProtoReflect added in v1.6.0

func (x *TokenSource) ProtoReflect() protoreflect.Message

func (*TokenSource) Reset

func (x *TokenSource) Reset()

func (*TokenSource) String

func (x *TokenSource) String() string

type TokenSource_HeaderSource

type TokenSource_HeaderSource struct {

	// The name of the header. for example, "authorization"
	Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
	// Prefix before the token. for example, "Bearer "
	Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"`
	// contains filtered or unexported fields
}

Describes how to retrieve a JWT from a header

func (*TokenSource_HeaderSource) Clone added in v1.8.24

Clone function

func (*TokenSource_HeaderSource) Descriptor deprecated

func (*TokenSource_HeaderSource) Descriptor() ([]byte, []int)

Deprecated: Use TokenSource_HeaderSource.ProtoReflect.Descriptor instead.

func (*TokenSource_HeaderSource) Equal

func (m *TokenSource_HeaderSource) Equal(that interface{}) bool

Equal function

func (*TokenSource_HeaderSource) GetHeader

func (x *TokenSource_HeaderSource) GetHeader() string

func (*TokenSource_HeaderSource) GetPrefix

func (x *TokenSource_HeaderSource) GetPrefix() string

func (*TokenSource_HeaderSource) Hash deprecated added in v1.2.13

func (m *TokenSource_HeaderSource) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*TokenSource_HeaderSource) HashUnique added in v1.18.0

func (m *TokenSource_HeaderSource) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*TokenSource_HeaderSource) ProtoMessage

func (*TokenSource_HeaderSource) ProtoMessage()

func (*TokenSource_HeaderSource) ProtoReflect added in v1.6.0

func (x *TokenSource_HeaderSource) ProtoReflect() protoreflect.Message

func (*TokenSource_HeaderSource) Reset

func (x *TokenSource_HeaderSource) Reset()

func (*TokenSource_HeaderSource) String

func (x *TokenSource_HeaderSource) String() string

type VhostExtension

type VhostExtension struct {

	// Map of JWT provider name to Provider.
	// If specified, multiple providers will be `OR`-ed together and will allow validation to any of the providers.
	Providers map[string]*Provider `` /* 159-byte string literal not displayed */
	// Allow pass through of JWT requests for this virtual host, even if JWT token is missing or JWT auth failed.
	// If this is false (default false), requests that fail JWT authentication will fail authorization immediately.
	// For example, if a request requires either JWT auth OR another auth method, this can be enabled to allow a failed JWT auth request to pass through to the other auth method.
	// Deprecated: use validation_policy instead.
	//
	// Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/jwt/jwt.proto.
	AllowMissingOrFailedJwt bool `` /* 137-byte string literal not displayed */
	// Optional: Configure how JWT validation works, with the flexibility to handle requests with missing or invalid JWTs.
	// By default, after applying JWT policy to a route, only requests that authenticate with a valid JWT succeed.
	ValidationPolicy VhostExtension_ValidationPolicy `` /* 172-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*VhostExtension) Clone added in v1.8.24

func (m *VhostExtension) Clone() proto.Message

Clone function

func (*VhostExtension) Descriptor deprecated

func (*VhostExtension) Descriptor() ([]byte, []int)

Deprecated: Use VhostExtension.ProtoReflect.Descriptor instead.

func (*VhostExtension) Equal

func (m *VhostExtension) Equal(that interface{}) bool

Equal function

func (*VhostExtension) GetAllowMissingOrFailedJwt deprecated added in v1.6.0

func (x *VhostExtension) GetAllowMissingOrFailedJwt() bool

Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/jwt/jwt.proto.

func (*VhostExtension) GetProviders

func (x *VhostExtension) GetProviders() map[string]*Provider

func (*VhostExtension) GetValidationPolicy added in v1.18.0

func (x *VhostExtension) GetValidationPolicy() VhostExtension_ValidationPolicy

func (*VhostExtension) Hash deprecated added in v1.2.13

func (m *VhostExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*VhostExtension) HashUnique added in v1.18.0

func (m *VhostExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*VhostExtension) ProtoMessage

func (*VhostExtension) ProtoMessage()

func (*VhostExtension) ProtoReflect added in v1.6.0

func (x *VhostExtension) ProtoReflect() protoreflect.Message

func (*VhostExtension) Reset

func (x *VhostExtension) Reset()

func (*VhostExtension) String

func (x *VhostExtension) String() string

type VhostExtension_ValidationPolicy added in v1.18.0

type VhostExtension_ValidationPolicy int32
const (
	// Default value. Allow only requests that authenticate with a valid JWT to succeed.
	// Note that the `allowMissingOrFailed=true` setting takes precedence. In such a case, even if you explicitly set `validationPolicy=REQUIRE_VALID`, this field is ignored.
	VhostExtension_REQUIRE_VALID VhostExtension_ValidationPolicy = 0
	// Allow requests to succeed even if JWT authentication is missing, but fail when an invalid JWT token is presented.
	// You might use this setting when later steps depend on input from the JWT.
	// For example, you might add claims from the JWT to request headers with the claimsToHeaders field.
	// As such, you may want to make sure that any provided JWT is valid. If not, the request fails,
	// which informs the requester that their JWT is not valid.
	// Requests without a JWT, however, still succeed and skip JWT validation.
	VhostExtension_ALLOW_MISSING VhostExtension_ValidationPolicy = 1
	// Allow requests to succeed even when a JWT is missing or JWT verification fails.
	// For example, you might apply multiple policies to your routes so that requests can authenticate with either a
	// JWT or another method such as external auth. Use this value
	// to allow a failed JWT auth request to pass through to the other authentication method.
	VhostExtension_ALLOW_MISSING_OR_FAILED VhostExtension_ValidationPolicy = 2
)

func (VhostExtension_ValidationPolicy) Descriptor added in v1.18.0

func (VhostExtension_ValidationPolicy) Enum added in v1.18.0

func (VhostExtension_ValidationPolicy) EnumDescriptor deprecated added in v1.18.0

func (VhostExtension_ValidationPolicy) EnumDescriptor() ([]byte, []int)

Deprecated: Use VhostExtension_ValidationPolicy.Descriptor instead.

func (VhostExtension_ValidationPolicy) Number added in v1.18.0

func (VhostExtension_ValidationPolicy) String added in v1.18.0

func (VhostExtension_ValidationPolicy) Type added in v1.18.0

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL