admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d264572dc15f8a805d74371e33d30b4e164639e
kubesphere/vendor/istio.io/api/security/v1beta1/jwt.gen.json
hongming fe6c5de00f update dependencies 
Signed-off-by: hongming <talonwan@yunify.com>
2021-01-04 15:35:32 +08:00

80 lines
3.8 KiB
JSON
Raw Blame History

{
"openapi": "3.0.0",
"info": {
"title": "Configuration to validate JWT.",
"version": "v1beta1"
},
"components": {
"schemas": {
"istio.security.v1beta1.JWTRule": {
"description": "JSON Web Token (JWT) token format for authentication as defined by [RFC 7519](https://tools.ietf.org/html/rfc7519). See [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and [OIDC 1.0](http://openid.net/connect) for how this is used in the whole authentication flow.",
"type": "object",
"properties": {
"issuer": {
"description": "Identifies the issuer that issued the JWT. See [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1) A JWT with different `iss` claim will be rejected.",
"type": "string",
"format": "string"
},
"audiences": {
"description": "The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"jwksUri": {
"description": "URL of the provider's public key set to validate signature of the JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).",
"type": "string",
"format": "string"
},
"jwks": {
"description": "JSON Web Key Set of public keys to validate signature of the JWT. See https://auth0.com/docs/jwks.",
"type": "string",
"format": "string"
},
"fromHeaders": {
"description": "List of header locations from which JWT is expected. For example, below is the location spec if JWT is expected to be found in `x-jwt-assertion` header, and have \"Bearer \" prefix: ``` fromHeaders: - name: x-jwt-assertion prefix: \"Bearer \" ```",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.security.v1beta1.JWTHeader"
}
},
"fromParams": {
"description": "List of query parameters from which JWT is expected. For example, if JWT is provided via query parameter `my_token` (e.g /path?my_token=\u003cJWT\u003e), the config is: ``` fromParams: - \"my_token\" ```",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"outputPayloadToHeader": {
"description": "This field specifies the header name to output a successfully verified JWT payload to the backend. The forwarded data is `base64_encoded(jwt_payload_in_JSON)`. If it is not specified, the payload will not be emitted.",
"type": "string",
"format": "string"
},
"forwardOriginalToken": {
"description": "If set to true, the orginal token will be kept for the ustream request. Default is false.",
"type": "boolean"
}
}
},
"istio.security.v1beta1.JWTHeader": {
"description": "This message specifies a header location to extract JWT token.",
"type": "object",
"properties": {
"name": {
"description": "The HTTP header name.",
"type": "string",
"format": "string"
},
"prefix": {
"description": "The prefix that should be stripped before decoding the token. For example, for \"Authorization: Bearer \u003ctoken\u003e\", prefix=\"Bearer \" with a space at the end. If the header doesn't have this exact prefix, it is considerred invalid.",
"type": "string",
"format": "string"
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink