hongming
80
vendor/istio.io/api/security/v1beta1/jwt.gen.json
generated
vendored
Normal file
80
vendor/istio.io/api/security/v1beta1/jwt.gen.json
generated
vendored
Normal file
@@ -0,0 +1,80 @@
|
||||
{
|
||||
"openapi": "3.0.0",
|
||||
"info": {
|
||||
"title": "Configuration to validate JWT.",
|
||||
"version": "v1beta1"
|
||||
},
|
||||
"components": {
|
||||
"schemas": {
|
||||
"istio.security.v1beta1.JWTRule": {
|
||||
"description": "JSON Web Token (JWT) token format for authentication as defined by [RFC 7519](https://tools.ietf.org/html/rfc7519). See [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and [OIDC 1.0](http://openid.net/connect) for how this is used in the whole authentication flow.",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"issuer": {
|
||||
"description": "Identifies the issuer that issued the JWT. See [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1) A JWT with different `iss` claim will be rejected.",
|
||||
"type": "string",
|
||||
"format": "string"
|
||||
},
|
||||
"audiences": {
|
||||
"description": "The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string",
|
||||
"format": "string"
|
||||
}
|
||||
},
|
||||
"jwksUri": {
|
||||
"description": "URL of the provider's public key set to validate signature of the JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).",
|
||||
"type": "string",
|
||||
"format": "string"
|
||||
},
|
||||
"jwks": {
|
||||
"description": "JSON Web Key Set of public keys to validate signature of the JWT. See https://auth0.com/docs/jwks.",
|
||||
"type": "string",
|
||||
"format": "string"
|
||||
},
|
||||
"fromHeaders": {
|
||||
"description": "List of header locations from which JWT is expected. For example, below is the location spec if JWT is expected to be found in `x-jwt-assertion` header, and have \"Bearer \" prefix: ``` fromHeaders: - name: x-jwt-assertion prefix: \"Bearer \" ```",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/components/schemas/istio.security.v1beta1.JWTHeader"
|
||||
}
|
||||
},
|
||||
"fromParams": {
|
||||
"description": "List of query parameters from which JWT is expected. For example, if JWT is provided via query parameter `my_token` (e.g /path?my_token=\u003cJWT\u003e), the config is: ``` fromParams: - \"my_token\" ```",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string",
|
||||
"format": "string"
|
||||
}
|
||||
},
|
||||
"outputPayloadToHeader": {
|
||||
"description": "This field specifies the header name to output a successfully verified JWT payload to the backend. The forwarded data is `base64_encoded(jwt_payload_in_JSON)`. If it is not specified, the payload will not be emitted.",
|
||||
"type": "string",
|
||||
"format": "string"
|
||||
},
|
||||
"forwardOriginalToken": {
|
||||
"description": "If set to true, the orginal token will be kept for the ustream request. Default is false.",
|
||||
"type": "boolean"
|
||||
}
|
||||
}
|
||||
},
|
||||
"istio.security.v1beta1.JWTHeader": {
|
||||
"description": "This message specifies a header location to extract JWT token.",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"name": {
|
||||
"description": "The HTTP header name.",
|
||||
"type": "string",
|
||||
"format": "string"
|
||||
},
|
||||
"prefix": {
|
||||
"description": "The prefix that should be stripped before decoding the token. For example, for \"Authorization: Bearer \u003ctoken\u003e\", prefix=\"Bearer \" with a space at the end. If the header doesn't have this exact prefix, it is considerred invalid.",
|
||||
"type": "string",
|
||||
"format": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user