jwt

package
v1.18.0-beta24 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 1, 2024 License: Apache-2.0 Imports: 23 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	VhostExtension_ValidationPolicy_name = map[int32]string{
		0: "REQUIRE_VALID",
		1: "ALLOW_MISSING",
		2: "ALLOW_MISSING_OR_FAILED",
	}
	VhostExtension_ValidationPolicy_value = map[string]int32{
		"REQUIRE_VALID":           0,
		"ALLOW_MISSING":           1,
		"ALLOW_MISSING_OR_FAILED": 2,
	}
)

Enum value maps for VhostExtension_ValidationPolicy.

View Source 
var File_github_com_solo_io_gloo_projects_gloo_api_v1_enterprise_options_jwt_jwt_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type ClaimToHeader 

type ClaimToHeader struct {

	// Claim name. for example, "sub"
	Claim string `protobuf:"bytes,1,opt,name=claim,proto3" json:"claim,omitempty"`
	// The header the claim will be copied to. for example, "x-sub".
	Header string `protobuf:"bytes,2,opt,name=header,proto3" json:"header,omitempty"`
	// If the header exists, append to it (true), or overwrite it (false).
	Append bool `protobuf:"varint,4,opt,name=append,proto3" json:"append,omitempty"`
	// contains filtered or unexported fields
}

Allows copying verified claims to headers sent upstream

func (*ClaimToHeader) Clone added in v1.8.24 

func (m *ClaimToHeader) Clone() proto.Message

Clone function

func (*ClaimToHeader) Descriptor deprecated 

func (*ClaimToHeader) Descriptor() ([]byte, []int)

Deprecated: Use ClaimToHeader.ProtoReflect.Descriptor instead.

func (*ClaimToHeader) Equal 

func (m *ClaimToHeader) Equal(that interface{}) bool

Equal function

func (*ClaimToHeader) GetAppend 

func (x *ClaimToHeader) GetAppend() bool

func (*ClaimToHeader) GetClaim 

func (x *ClaimToHeader) GetClaim() string

func (*ClaimToHeader) GetHeader 

func (x *ClaimToHeader) GetHeader() string

func (*ClaimToHeader) Hash deprecated added in v1.2.13 

func (m *ClaimToHeader) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*ClaimToHeader) HashUnique 

func (m *ClaimToHeader) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*ClaimToHeader) ProtoMessage 

func (*ClaimToHeader) ProtoMessage()

func (*ClaimToHeader) ProtoReflect added in v1.6.0 

func (x *ClaimToHeader) ProtoReflect() protoreflect.Message

func (*ClaimToHeader) Reset 

func (x *ClaimToHeader) Reset()

func (*ClaimToHeader) String 

func (x *ClaimToHeader) String() string

type Jwks 

type Jwks struct {

	// Types that are assignable to Jwks:
	//
	//	*Jwks_Remote
	//	*Jwks_Local
	Jwks isJwks_Jwks `protobuf_oneof:"jwks"`
	// contains filtered or unexported fields
}

func (*Jwks) Clone added in v1.8.24 

func (m *Jwks) Clone() proto.Message

Clone function

func (*Jwks) Descriptor deprecated 

func (*Jwks) Descriptor() ([]byte, []int)

Deprecated: Use Jwks.ProtoReflect.Descriptor instead.

func (*Jwks) Equal 

func (m *Jwks) Equal(that interface{}) bool

Equal function

func (*Jwks) GetJwks 

func (m *Jwks) GetJwks() isJwks_Jwks

func (*Jwks) GetLocal 

func (x *Jwks) GetLocal() *LocalJwks

func (*Jwks) GetRemote 

func (x *Jwks) GetRemote() *RemoteJwks

func (*Jwks) Hash deprecated added in v1.2.13 

func (m *Jwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Jwks) HashUnique 

func (m *Jwks) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Jwks) ProtoMessage 

func (*Jwks) ProtoMessage()

func (*Jwks) ProtoReflect added in v1.6.0 

func (x *Jwks) ProtoReflect() protoreflect.Message

func (*Jwks) Reset 

func (x *Jwks) Reset()

func (*Jwks) String 

func (x *Jwks) String() string

type Jwks_Local 

type Jwks_Local struct {
	// Use an inline JWKS
	Local *LocalJwks `protobuf:"bytes,2,opt,name=local,proto3,oneof"`
}

type Jwks_Remote 

type Jwks_Remote struct {
	// Use a remote JWKS server
	Remote *RemoteJwks `protobuf:"bytes,1,opt,name=remote,proto3,oneof"`
}

type JwtStagedRouteExtension added in v1.6.4 

type JwtStagedRouteExtension struct {

	// Per-route JWT config for the JWT filter that runs before the extauth filter.
	BeforeExtAuth *RouteExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"`
	// Per-route JWT config for the JWT filter that runs before the extauth filter.
	AfterExtAuth *RouteExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"`
	// contains filtered or unexported fields
}

func (*JwtStagedRouteExtension) Clone added in v1.8.24 

func (m *JwtStagedRouteExtension) Clone() proto.Message

Clone function

func (*JwtStagedRouteExtension) Descriptor deprecated added in v1.6.4 

func (*JwtStagedRouteExtension) Descriptor() ([]byte, []int)

Deprecated: Use JwtStagedRouteExtension.ProtoReflect.Descriptor instead.

func (*JwtStagedRouteExtension) Equal added in v1.6.4 

func (m *JwtStagedRouteExtension) Equal(that interface{}) bool

Equal function

func (*JwtStagedRouteExtension) GetAfterExtAuth added in v1.6.4 

func (x *JwtStagedRouteExtension) GetAfterExtAuth() *RouteExtension

func (*JwtStagedRouteExtension) GetBeforeExtAuth added in v1.6.4 

func (x *JwtStagedRouteExtension) GetBeforeExtAuth() *RouteExtension

func (*JwtStagedRouteExtension) Hash deprecated added in v1.6.4 

func (m *JwtStagedRouteExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*JwtStagedRouteExtension) HashUnique 

func (m *JwtStagedRouteExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*JwtStagedRouteExtension) ProtoMessage added in v1.6.4 

func (*JwtStagedRouteExtension) ProtoMessage()

func (*JwtStagedRouteExtension) ProtoReflect added in v1.6.4 

func (x *JwtStagedRouteExtension) ProtoReflect() protoreflect.Message

func (*JwtStagedRouteExtension) Reset added in v1.6.4 

func (x *JwtStagedRouteExtension) Reset()

func (*JwtStagedRouteExtension) String added in v1.6.4 

func (x *JwtStagedRouteExtension) String() string

type JwtStagedRouteProvidersExtension 

type JwtStagedRouteProvidersExtension struct {

	// Per-route JWT config for the JWT filter that runs before the extauth filter.
	BeforeExtAuth *VhostExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"`
	// Per-route JWT config for the JWT filter that runs before the extauth filter.
	AfterExtAuth *VhostExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"`
	// contains filtered or unexported fields
}

func (*JwtStagedRouteProvidersExtension) Clone 

func (m *JwtStagedRouteProvidersExtension) Clone() proto.Message

Clone function

func (*JwtStagedRouteProvidersExtension) Descriptor deprecated 

func (*JwtStagedRouteProvidersExtension) Descriptor() ([]byte, []int)

Deprecated: Use JwtStagedRouteProvidersExtension.ProtoReflect.Descriptor instead.

func (*JwtStagedRouteProvidersExtension) Equal 

func (m *JwtStagedRouteProvidersExtension) Equal(that interface{}) bool

Equal function

func (*JwtStagedRouteProvidersExtension) GetAfterExtAuth 

func (x *JwtStagedRouteProvidersExtension) GetAfterExtAuth() *VhostExtension

func (*JwtStagedRouteProvidersExtension) GetBeforeExtAuth 

func (x *JwtStagedRouteProvidersExtension) GetBeforeExtAuth() *VhostExtension

func (*JwtStagedRouteProvidersExtension) Hash deprecated 

func (m *JwtStagedRouteProvidersExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*JwtStagedRouteProvidersExtension) HashUnique 

func (m *JwtStagedRouteProvidersExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*JwtStagedRouteProvidersExtension) ProtoMessage 

func (*JwtStagedRouteProvidersExtension) ProtoMessage()

func (*JwtStagedRouteProvidersExtension) ProtoReflect 

func (x *JwtStagedRouteProvidersExtension) ProtoReflect() protoreflect.Message

func (*JwtStagedRouteProvidersExtension) Reset 

func (x *JwtStagedRouteProvidersExtension) Reset()

func (*JwtStagedRouteProvidersExtension) String 

func (x *JwtStagedRouteProvidersExtension) String() string

type JwtStagedVhostExtension added in v1.6.4 

type JwtStagedVhostExtension struct {

	// JWT Virtual host config for the JWT filter that runs before the extauth filter.
	BeforeExtAuth *VhostExtension `protobuf:"bytes,1,opt,name=before_ext_auth,json=beforeExtAuth,proto3" json:"before_ext_auth,omitempty"`
	// JWT Virtual host config for the JWT filter that runs after the extauth filter.
	AfterExtAuth *VhostExtension `protobuf:"bytes,2,opt,name=after_ext_auth,json=afterExtAuth,proto3" json:"after_ext_auth,omitempty"`
	// contains filtered or unexported fields
}

func (*JwtStagedVhostExtension) Clone added in v1.8.24 

func (m *JwtStagedVhostExtension) Clone() proto.Message

Clone function

func (*JwtStagedVhostExtension) Descriptor deprecated added in v1.6.4 

func (*JwtStagedVhostExtension) Descriptor() ([]byte, []int)

Deprecated: Use JwtStagedVhostExtension.ProtoReflect.Descriptor instead.

func (*JwtStagedVhostExtension) Equal added in v1.6.4 

func (m *JwtStagedVhostExtension) Equal(that interface{}) bool

Equal function

func (*JwtStagedVhostExtension) GetAfterExtAuth added in v1.6.4 

func (x *JwtStagedVhostExtension) GetAfterExtAuth() *VhostExtension

func (*JwtStagedVhostExtension) GetBeforeExtAuth added in v1.6.4 

func (x *JwtStagedVhostExtension) GetBeforeExtAuth() *VhostExtension

func (*JwtStagedVhostExtension) Hash deprecated added in v1.6.4 

func (m *JwtStagedVhostExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*JwtStagedVhostExtension) HashUnique 

func (m *JwtStagedVhostExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*JwtStagedVhostExtension) ProtoMessage added in v1.6.4 

func (*JwtStagedVhostExtension) ProtoMessage()

func (*JwtStagedVhostExtension) ProtoReflect added in v1.6.4 

func (x *JwtStagedVhostExtension) ProtoReflect() protoreflect.Message

func (*JwtStagedVhostExtension) Reset added in v1.6.4 

func (x *JwtStagedVhostExtension) Reset()

func (*JwtStagedVhostExtension) String added in v1.6.4 

func (x *JwtStagedVhostExtension) String() string

type LocalJwks 

type LocalJwks struct {

	// Inline key. this can be json web key, key-set or PEM format.
	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// contains filtered or unexported fields
}

func (*LocalJwks) Clone added in v1.8.24 

func (m *LocalJwks) Clone() proto.Message

Clone function

func (*LocalJwks) Descriptor deprecated 

func (*LocalJwks) Descriptor() ([]byte, []int)

Deprecated: Use LocalJwks.ProtoReflect.Descriptor instead.

func (*LocalJwks) Equal 

func (m *LocalJwks) Equal(that interface{}) bool

Equal function

func (*LocalJwks) GetKey 

func (x *LocalJwks) GetKey() string

func (*LocalJwks) Hash deprecated added in v1.2.13 

func (m *LocalJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*LocalJwks) HashUnique 

func (m *LocalJwks) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*LocalJwks) ProtoMessage 

func (*LocalJwks) ProtoMessage()

func (*LocalJwks) ProtoReflect added in v1.6.0 

func (x *LocalJwks) ProtoReflect() protoreflect.Message

func (*LocalJwks) Reset 

func (x *LocalJwks) Reset()

func (*LocalJwks) String 

func (x *LocalJwks) String() string

type Provider 

type Provider struct {

	// The source for the keys to validate JWTs.
	Jwks *Jwks `protobuf:"bytes,1,opt,name=jwks,proto3" json:"jwks,omitempty"`
	// An incoming JWT must have an 'aud' claim and it must be in this list.
	Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
	// Issuer of the JWT. the 'iss' claim of the JWT must match this.
	Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// Where to find the JWT of the current provider.
	TokenSource *TokenSource `protobuf:"bytes,4,opt,name=token_source,json=tokenSource,proto3" json:"token_source,omitempty"`
	// Should the token forwarded upstream. if false, the header containing the token will be removed.
	KeepToken bool `protobuf:"varint,5,opt,name=keep_token,json=keepToken,proto3" json:"keep_token,omitempty"`
	// What claims should be copied to upstream headers.
	ClaimsToHeaders []*ClaimToHeader `protobuf:"bytes,6,rep,name=claims_to_headers,json=claimsToHeaders,proto3" json:"claims_to_headers,omitempty"`
	// Optional: ClockSkewSeconds is used to verify time constraints, such as `exp` and `npf`. Default is 60s
	ClockSkewSeconds *wrapperspb.UInt32Value `protobuf:"bytes,8,opt,name=clock_skew_seconds,json=clockSkewSeconds,proto3" json:"clock_skew_seconds,omitempty"`
	// contains filtered or unexported fields
}

func (*Provider) Clone added in v1.8.24 

func (m *Provider) Clone() proto.Message

Clone function

func (*Provider) Descriptor deprecated 

func (*Provider) Descriptor() ([]byte, []int)

Deprecated: Use Provider.ProtoReflect.Descriptor instead.

func (*Provider) Equal 

func (m *Provider) Equal(that interface{}) bool

Equal function

func (*Provider) GetAudiences 

func (x *Provider) GetAudiences() []string

func (*Provider) GetClaimsToHeaders 

func (x *Provider) GetClaimsToHeaders() []*ClaimToHeader

func (*Provider) GetClockSkewSeconds added in v1.14.0 

func (x *Provider) GetClockSkewSeconds() *wrapperspb.UInt32Value

func (*Provider) GetIssuer 

func (x *Provider) GetIssuer() string

func (*Provider) GetJwks 

func (x *Provider) GetJwks() *Jwks

func (*Provider) GetKeepToken 

func (x *Provider) GetKeepToken() bool

func (*Provider) GetTokenSource 

func (x *Provider) GetTokenSource() *TokenSource

func (*Provider) Hash deprecated added in v1.2.13 

func (m *Provider) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*Provider) HashUnique 

func (m *Provider) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*Provider) ProtoMessage 

func (*Provider) ProtoMessage()

func (*Provider) ProtoReflect added in v1.6.0 

func (x *Provider) ProtoReflect() protoreflect.Message

func (*Provider) Reset 

func (x *Provider) Reset()

func (*Provider) String 

func (x *Provider) String() string

type RemoteJwks 

type RemoteJwks struct {

	// The url used when accessing the upstream for Json Web Key Set.
	// This is used to set the host and path in the request
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// The Upstream representing the Json Web Key Set server
	UpstreamRef *core.ResourceRef `protobuf:"bytes,2,opt,name=upstream_ref,json=upstreamRef,proto3" json:"upstream_ref,omitempty"`
	// Duration after which the cached JWKS should be expired.
	// If not specified, default cache duration is 5 minutes.
	CacheDuration *durationpb.Duration `protobuf:"bytes,4,opt,name=cache_duration,json=cacheDuration,proto3" json:"cache_duration,omitempty"`
	// Fetch Jwks asynchronously in the main thread before the listener is activated.
	// Fetched Jwks can be used by all worker threads.
	//
	// If this feature is not enabled:
	//
	//   - The Jwks is fetched on-demand when the requests come. During the fetching, first
	//     few requests are paused until the Jwks is fetched.
	//   - Each worker thread fetches its own Jwks since Jwks cache is per worker thread.
	//
	// If this feature is enabled:
	//
	//   - Fetched Jwks is done in the main thread before the listener is activated. Its fetched
	//     Jwks can be used by all worker threads. Each worker thread doesn't need to fetch its own.
	//   - Jwks is ready when the requests come, not need to wait for the Jwks fetching.
	AsyncFetch *v3.JwksAsyncFetch `protobuf:"bytes,3,opt,name=async_fetch,json=asyncFetch,proto3" json:"async_fetch,omitempty"`
	// contains filtered or unexported fields
}

func (*RemoteJwks) Clone added in v1.8.24 

func (m *RemoteJwks) Clone() proto.Message

Clone function

func (*RemoteJwks) Descriptor deprecated 

func (*RemoteJwks) Descriptor() ([]byte, []int)

Deprecated: Use RemoteJwks.ProtoReflect.Descriptor instead.

func (*RemoteJwks) Equal 

func (m *RemoteJwks) Equal(that interface{}) bool

Equal function

func (*RemoteJwks) GetAsyncFetch added in v1.9.0 

func (x *RemoteJwks) GetAsyncFetch() *v3.JwksAsyncFetch

func (*RemoteJwks) GetCacheDuration 

func (x *RemoteJwks) GetCacheDuration() *durationpb.Duration

func (*RemoteJwks) GetUpstreamRef 

func (x *RemoteJwks) GetUpstreamRef() *core.ResourceRef

func (*RemoteJwks) GetUrl 

func (x *RemoteJwks) GetUrl() string

func (*RemoteJwks) Hash deprecated added in v1.2.13 

func (m *RemoteJwks) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*RemoteJwks) HashUnique 

func (m *RemoteJwks) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*RemoteJwks) ProtoMessage 

func (*RemoteJwks) ProtoMessage()

func (*RemoteJwks) ProtoReflect added in v1.6.0 

func (x *RemoteJwks) ProtoReflect() protoreflect.Message

func (*RemoteJwks) Reset 

func (x *RemoteJwks) Reset()

func (*RemoteJwks) String 

func (x *RemoteJwks) String() string

type RouteExtension 

type RouteExtension struct {

	// Disable JWT checks on this route.
	Disable bool `protobuf:"varint,1,opt,name=disable,proto3" json:"disable,omitempty"`
	// contains filtered or unexported fields
}

func (*RouteExtension) Clone added in v1.8.24 

func (m *RouteExtension) Clone() proto.Message

Clone function

func (*RouteExtension) Descriptor deprecated 

func (*RouteExtension) Descriptor() ([]byte, []int)

Deprecated: Use RouteExtension.ProtoReflect.Descriptor instead.

func (*RouteExtension) Equal 

func (m *RouteExtension) Equal(that interface{}) bool

Equal function

func (*RouteExtension) GetDisable 

func (x *RouteExtension) GetDisable() bool

func (*RouteExtension) Hash deprecated added in v1.2.13 

func (m *RouteExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*RouteExtension) HashUnique 

func (m *RouteExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*RouteExtension) ProtoMessage 

func (*RouteExtension) ProtoMessage()

func (*RouteExtension) ProtoReflect added in v1.6.0 

func (x *RouteExtension) ProtoReflect() protoreflect.Message

func (*RouteExtension) Reset 

func (x *RouteExtension) Reset()

func (*RouteExtension) String 

func (x *RouteExtension) String() string

type TokenSource 

type TokenSource struct {

	// Try to retrieve token from these headers
	Headers []*TokenSource_HeaderSource `protobuf:"bytes,1,rep,name=headers,proto3" json:"headers,omitempty"`
	// Try to retrieve token from these query params
	QueryParams []string `protobuf:"bytes,2,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty"`
	// contains filtered or unexported fields
}

Describes the location of a JWT token

func (*TokenSource) Clone added in v1.8.24 

func (m *TokenSource) Clone() proto.Message

Clone function

func (*TokenSource) Descriptor deprecated 

func (*TokenSource) Descriptor() ([]byte, []int)

Deprecated: Use TokenSource.ProtoReflect.Descriptor instead.

func (*TokenSource) Equal 

func (m *TokenSource) Equal(that interface{}) bool

Equal function

func (*TokenSource) GetHeaders 

func (x *TokenSource) GetHeaders() []*TokenSource_HeaderSource

func (*TokenSource) GetQueryParams 

func (x *TokenSource) GetQueryParams() []string

func (*TokenSource) Hash deprecated added in v1.2.13 

func (m *TokenSource) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*TokenSource) HashUnique 

func (m *TokenSource) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*TokenSource) ProtoMessage 

func (*TokenSource) ProtoMessage()

func (*TokenSource) ProtoReflect added in v1.6.0 

func (x *TokenSource) ProtoReflect() protoreflect.Message

func (*TokenSource) Reset 

func (x *TokenSource) Reset()

func (*TokenSource) String 

func (x *TokenSource) String() string

type TokenSource_HeaderSource 

type TokenSource_HeaderSource struct {

	// The name of the header. for example, "authorization"
	Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
	// Prefix before the token. for example, "Bearer "
	Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"`
	// contains filtered or unexported fields
}

Describes how to retrieve a JWT from a header

func (*TokenSource_HeaderSource) Clone added in v1.8.24 

func (m *TokenSource_HeaderSource) Clone() proto.Message

Clone function

func (*TokenSource_HeaderSource) Descriptor deprecated 

func (*TokenSource_HeaderSource) Descriptor() ([]byte, []int)

Deprecated: Use TokenSource_HeaderSource.ProtoReflect.Descriptor instead.

func (*TokenSource_HeaderSource) Equal 

func (m *TokenSource_HeaderSource) Equal(that interface{}) bool

Equal function

func (*TokenSource_HeaderSource) GetHeader 

func (x *TokenSource_HeaderSource) GetHeader() string

func (*TokenSource_HeaderSource) GetPrefix 

func (x *TokenSource_HeaderSource) GetPrefix() string

func (*TokenSource_HeaderSource) Hash deprecated added in v1.2.13 

func (m *TokenSource_HeaderSource) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*TokenSource_HeaderSource) HashUnique 

func (m *TokenSource_HeaderSource) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*TokenSource_HeaderSource) ProtoMessage 

func (*TokenSource_HeaderSource) ProtoMessage()

func (*TokenSource_HeaderSource) ProtoReflect added in v1.6.0 

func (x *TokenSource_HeaderSource) ProtoReflect() protoreflect.Message

func (*TokenSource_HeaderSource) Reset 

func (x *TokenSource_HeaderSource) Reset()

func (*TokenSource_HeaderSource) String 

func (x *TokenSource_HeaderSource) String() string

type VhostExtension 

type VhostExtension struct {

	// Map of JWT provider name to Provider.
	// If specified, multiple providers will be `OR`-ed together and will allow validation to any of the providers.
	Providers map[string]*Provider `` /* 159-byte string literal not displayed */
	// Allow pass through of JWT requests for this virtual host, even if JWT token is missing or JWT auth failed.
	// If this is false (default false), requests that fail JWT authentication will fail authorization immediately.
	// For example, if a request requires either JWT auth OR another auth method, this can be enabled to allow a failed JWT auth request to pass through to the other auth method.
	// Deprecated: use validation_policy instead.
	//
	// Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/jwt/jwt.proto.
	AllowMissingOrFailedJwt bool `` /* 137-byte string literal not displayed */
	// Optional: Configure how JWT validation works, with the flexibility to handle requests with missing or invalid JWTs.
	// By default, after applying JWT policy to a route, only requests that authenticate with a valid JWT succeed.
	ValidationPolicy VhostExtension_ValidationPolicy `` /* 172-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*VhostExtension) Clone added in v1.8.24 

func (m *VhostExtension) Clone() proto.Message

Clone function

func (*VhostExtension) Descriptor deprecated 

func (*VhostExtension) Descriptor() ([]byte, []int)

Deprecated: Use VhostExtension.ProtoReflect.Descriptor instead.

func (*VhostExtension) Equal 

func (m *VhostExtension) Equal(that interface{}) bool

Equal function

func (*VhostExtension) GetAllowMissingOrFailedJwt deprecated added in v1.6.0 

func (x *VhostExtension) GetAllowMissingOrFailedJwt() bool

Deprecated: Marked as deprecated in github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/jwt/jwt.proto.

func (*VhostExtension) GetProviders 

func (x *VhostExtension) GetProviders() map[string]*Provider

func (*VhostExtension) GetValidationPolicy 

func (x *VhostExtension) GetValidationPolicy() VhostExtension_ValidationPolicy

func (*VhostExtension) Hash deprecated added in v1.2.13 

func (m *VhostExtension) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*VhostExtension) HashUnique 

func (m *VhostExtension) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*VhostExtension) ProtoMessage 

func (*VhostExtension) ProtoMessage()

func (*VhostExtension) ProtoReflect added in v1.6.0 

func (x *VhostExtension) ProtoReflect() protoreflect.Message

func (*VhostExtension) Reset 

func (x *VhostExtension) Reset()

func (*VhostExtension) String 

func (x *VhostExtension) String() string

type VhostExtension_ValidationPolicy 

type VhostExtension_ValidationPolicy int32
const (
	// Default value. Allow only requests that authenticate with a valid JWT to succeed.
	// Note that the `allowMissingOrFailed=true` setting takes precedence. In such a case, even if you explicitly set `validationPolicy=REQUIRE_VALID`, this field is ignored.
	VhostExtension_REQUIRE_VALID VhostExtension_ValidationPolicy = 0
	// Allow requests to succeed even if JWT authentication is missing, but fail when an invalid JWT token is presented.
	// You might use this setting when later steps depend on input from the JWT.
	// For example, you might add claims from the JWT to request headers with the claimsToHeaders field.
	// As such, you may want to make sure that any provided JWT is valid. If not, the request fails,
	// which informs the requester that their JWT is not valid.
	// Requests without a JWT, however, still succeed and skip JWT validation.
	VhostExtension_ALLOW_MISSING VhostExtension_ValidationPolicy = 1
	// Allow requests to succeed even when a JWT is missing or JWT verification fails.
	// For example, you might apply multiple policies to your routes so that requests can authenticate with either a
	// JWT or another method such as external auth. Use this value
	// to allow a failed JWT auth request to pass through to the other authentication method.
	VhostExtension_ALLOW_MISSING_OR_FAILED VhostExtension_ValidationPolicy = 2
)

func (VhostExtension_ValidationPolicy) Descriptor 

func (VhostExtension_ValidationPolicy) Descriptor() protoreflect.EnumDescriptor

func (VhostExtension_ValidationPolicy) Enum 

func (x VhostExtension_ValidationPolicy) Enum() *VhostExtension_ValidationPolicy

func (VhostExtension_ValidationPolicy) EnumDescriptor deprecated 

func (VhostExtension_ValidationPolicy) EnumDescriptor() ([]byte, []int)

Deprecated: Use VhostExtension_ValidationPolicy.Descriptor instead.

func (VhostExtension_ValidationPolicy) Number 

func (x VhostExtension_ValidationPolicy) Number() protoreflect.EnumNumber

func (VhostExtension_ValidationPolicy) String 

func (x VhostExtension_ValidationPolicy) String() string

func (VhostExtension_ValidationPolicy) Type 

func (VhostExtension_ValidationPolicy) Type() protoreflect.EnumType

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.