Package: jwt.options.gloo.solo.io


Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/jwt/jwt.proto


"providers": map<string, .jwt.options.gloo.solo.io.Provider>

Field Type Description Default
providers map<string, .jwt.options.gloo.solo.io.Provider> Auth providers can be used instead of the fields above where more than one is required. if this list is provided the fields above are ignored.


"disable": bool

Field Type Description Default
disable bool Disable JWT checks on this route.


"jwks": .jwt.options.gloo.solo.io.Jwks
"audiences": []string
"issuer": string
"tokenSource": .jwt.options.gloo.solo.io.TokenSource
"keepToken": bool
"claimsToHeaders": []jwt.options.gloo.solo.io.ClaimToHeader

Field Type Description Default
jwks .jwt.options.gloo.solo.io.Jwks The source for the keys to validate JWTs.
audiences []string An incoming JWT must have an ‘aud’ claim and it must be in this list.
issuer string Issuer of the JWT. the ‘iss’ claim of the JWT must match this.
tokenSource .jwt.options.gloo.solo.io.TokenSource Where to find the JWT of the current provider.
keepToken bool Should the token forwarded upstream. if false, the header containing the token will be removed.
claimsToHeaders []jwt.options.gloo.solo.io.ClaimToHeader What claims should be copied to upstream headers.


"remote": .jwt.options.gloo.solo.io.RemoteJwks
"local": .jwt.options.gloo.solo.io.LocalJwks

Field Type Description Default
remote .jwt.options.gloo.solo.io.RemoteJwks Use a remote JWKS server. Only one of remote or local can be set.
local .jwt.options.gloo.solo.io.LocalJwks Use an inline JWKS. Only one of local or remote can be set.


"url": string
"upstreamRef": .core.solo.io.ResourceRef
"cacheDuration": .google.protobuf.Duration

Field Type Description Default
url string The url used when accessing the upstream for Json Web Key Set. This is used to set the host and path in the request.
upstreamRef .core.solo.io.ResourceRef The Upstream representing the Json Web Key Set server.
cacheDuration .google.protobuf.Duration Duration after which the cached JWKS should be expired. If not specified, default cache duration is 5 minutes.


"key": string

Field Type Description Default
key string Inline key. this can be json web key, key-set or PEM format.


Describes the location of a JWT token

"headers": []jwt.options.gloo.solo.io.TokenSource.HeaderSource
"queryParams": []string

Field Type Description Default
headers []jwt.options.gloo.solo.io.TokenSource.HeaderSource Try to retrieve token from these headers.
queryParams []string Try to retrieve token from these query params.


Describes how to retrieve a JWT from a header

"header": string
"prefix": string

Field Type Description Default
header string The name of the header. for example, “authorization”.
prefix string Prefix before the token. for example, “Bearer “.


Allows copying verified claims to headers sent upstream

"claim": string
"header": string
"append": bool

Field Type Description Default
claim string Claim name. for example, “sub”.
header string The header the claim will be copied to. for example, “x-sub”.
append bool If the header exists, append to it (true), or overwrite it (false).