Documentation ¶
Index ¶
- Variables
- type OAuth2
- type OAuth2Config
- func (*OAuth2Config) Descriptor() ([]byte, []int)deprecated
- func (x *OAuth2Config) GetAuthScopes() []string
- func (x *OAuth2Config) GetAuthType() OAuth2Config_AuthType
- func (x *OAuth2Config) GetAuthorizationEndpoint() string
- func (x *OAuth2Config) GetCredentials() *OAuth2Credentials
- func (x *OAuth2Config) GetForwardBearerToken() bool
- func (x *OAuth2Config) GetPassThroughMatcher() []*v33.HeaderMatcher
- func (x *OAuth2Config) GetRedirectPathMatcher() *v32.PathMatcher
- func (x *OAuth2Config) GetRedirectUri() string
- func (x *OAuth2Config) GetResources() []string
- func (x *OAuth2Config) GetSignoutPath() *v32.PathMatcher
- func (x *OAuth2Config) GetTokenEndpoint() *v31.HttpUri
- func (*OAuth2Config) ProtoMessage()
- func (x *OAuth2Config) ProtoReflect() protoreflect.Message
- func (x *OAuth2Config) Reset()
- func (x *OAuth2Config) String() string
- type OAuth2Config_AuthType
- func (OAuth2Config_AuthType) Descriptor() protoreflect.EnumDescriptor
- func (x OAuth2Config_AuthType) Enum() *OAuth2Config_AuthType
- func (OAuth2Config_AuthType) EnumDescriptor() ([]byte, []int)deprecated
- func (x OAuth2Config_AuthType) Number() protoreflect.EnumNumber
- func (x OAuth2Config_AuthType) String() string
- func (OAuth2Config_AuthType) Type() protoreflect.EnumType
- type OAuth2Credentials
- func (*OAuth2Credentials) Descriptor() ([]byte, []int)deprecated
- func (x *OAuth2Credentials) GetClientId() string
- func (x *OAuth2Credentials) GetCookieNames() *OAuth2Credentials_CookieNames
- func (x *OAuth2Credentials) GetHmacSecret() *v3.SdsSecretConfig
- func (m *OAuth2Credentials) GetTokenFormation() isOAuth2Credentials_TokenFormation
- func (x *OAuth2Credentials) GetTokenSecret() *v3.SdsSecretConfig
- func (*OAuth2Credentials) ProtoMessage()
- func (x *OAuth2Credentials) ProtoReflect() protoreflect.Message
- func (x *OAuth2Credentials) Reset()
- func (x *OAuth2Credentials) String() string
- type OAuth2Credentials_CookieNames
- func (*OAuth2Credentials_CookieNames) Descriptor() ([]byte, []int)deprecated
- func (x *OAuth2Credentials_CookieNames) GetBearerToken() string
- func (x *OAuth2Credentials_CookieNames) GetIdToken() string
- func (x *OAuth2Credentials_CookieNames) GetOauthExpires() string
- func (x *OAuth2Credentials_CookieNames) GetOauthHmac() string
- func (x *OAuth2Credentials_CookieNames) GetRefreshToken() string
- func (*OAuth2Credentials_CookieNames) ProtoMessage()
- func (x *OAuth2Credentials_CookieNames) ProtoReflect() protoreflect.Message
- func (x *OAuth2Credentials_CookieNames) Reset()
- func (x *OAuth2Credentials_CookieNames) String() string
- type OAuth2Credentials_HmacSecret
Constants ¶
This section is empty.
Variables ¶
View Source
var ( OAuth2Config_AuthType_name = map[int32]string{ 0: "URL_ENCODED_BODY", 1: "BASIC_AUTH", } OAuth2Config_AuthType_value = map[string]int32{ "URL_ENCODED_BODY": 0, "BASIC_AUTH": 1, } )
Enum value maps for OAuth2Config_AuthType.
View Source
var File_envoy_extensions_filters_http_oauth2_v3_oauth_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type OAuth2 ¶
type OAuth2 struct { // Leave this empty to disable OAuth2 for a specific route, using per filter config. Config *OAuth2Config `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` // contains filtered or unexported fields }
Filter config.
func (*OAuth2) GetConfig ¶
func (x *OAuth2) GetConfig() *OAuth2Config
func (*OAuth2) ProtoReflect ¶
func (x *OAuth2) ProtoReflect() protoreflect.Message
type OAuth2Config ¶
type OAuth2Config struct { // Endpoint on the authorization server to retrieve the access token from. TokenEndpoint *v31.HttpUri `protobuf:"bytes,1,opt,name=token_endpoint,json=tokenEndpoint,proto3" json:"token_endpoint,omitempty"` // The endpoint redirect to for authorization in response to unauthorized requests. AuthorizationEndpoint string `protobuf:"bytes,2,opt,name=authorization_endpoint,json=authorizationEndpoint,proto3" json:"authorization_endpoint,omitempty"` // Credentials used for OAuth. Credentials *OAuth2Credentials `protobuf:"bytes,3,opt,name=credentials,proto3" json:"credentials,omitempty"` // The redirect URI passed to the authorization endpoint. Supports header formatting // tokens. For more information, including details on header value syntax, see the // documentation on :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`. // // This URI should not contain any query parameters. RedirectUri string `protobuf:"bytes,4,opt,name=redirect_uri,json=redirectUri,proto3" json:"redirect_uri,omitempty"` // Matching criteria used to determine whether a path appears to be the result of a redirect from the authorization server. RedirectPathMatcher *v32.PathMatcher `protobuf:"bytes,5,opt,name=redirect_path_matcher,json=redirectPathMatcher,proto3" json:"redirect_path_matcher,omitempty"` // The path to sign a user out, clearing their credential cookies. SignoutPath *v32.PathMatcher `protobuf:"bytes,6,opt,name=signout_path,json=signoutPath,proto3" json:"signout_path,omitempty"` // Forward the OAuth token as a Bearer to upstream web service. ForwardBearerToken bool `protobuf:"varint,7,opt,name=forward_bearer_token,json=forwardBearerToken,proto3" json:"forward_bearer_token,omitempty"` // Any request that matches any of the provided matchers will be passed through without OAuth validation. PassThroughMatcher []*v33.HeaderMatcher `protobuf:"bytes,8,rep,name=pass_through_matcher,json=passThroughMatcher,proto3" json:"pass_through_matcher,omitempty"` // Optional list of OAuth scopes to be claimed in the authorization request. If not specified, // defaults to "user" scope. // OAuth RFC https://tools.ietf.org/html/rfc6749#section-3.3 AuthScopes []string `protobuf:"bytes,9,rep,name=auth_scopes,json=authScopes,proto3" json:"auth_scopes,omitempty"` // Optional resource parameter for authorization request // RFC: https://tools.ietf.org/html/rfc8707 Resources []string `protobuf:"bytes,10,rep,name=resources,proto3" json:"resources,omitempty"` // Defines how “client_id“ and “client_secret“ are sent in OAuth client to OAuth server requests. // RFC https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1 AuthType OAuth2Config_AuthType `` /* 154-byte string literal not displayed */ // contains filtered or unexported fields }
OAuth config
[#next-free-field: 12]
func (*OAuth2Config) Descriptor
deprecated
func (*OAuth2Config) Descriptor() ([]byte, []int)
Deprecated: Use OAuth2Config.ProtoReflect.Descriptor instead.
func (*OAuth2Config) GetAuthScopes ¶
func (x *OAuth2Config) GetAuthScopes() []string
func (*OAuth2Config) GetAuthType ¶
func (x *OAuth2Config) GetAuthType() OAuth2Config_AuthType
func (*OAuth2Config) GetAuthorizationEndpoint ¶
func (x *OAuth2Config) GetAuthorizationEndpoint() string
func (*OAuth2Config) GetCredentials ¶
func (x *OAuth2Config) GetCredentials() *OAuth2Credentials
func (*OAuth2Config) GetForwardBearerToken ¶
func (x *OAuth2Config) GetForwardBearerToken() bool
func (*OAuth2Config) GetPassThroughMatcher ¶
func (x *OAuth2Config) GetPassThroughMatcher() []*v33.HeaderMatcher
func (*OAuth2Config) GetRedirectPathMatcher ¶
func (x *OAuth2Config) GetRedirectPathMatcher() *v32.PathMatcher
func (*OAuth2Config) GetRedirectUri ¶
func (x *OAuth2Config) GetRedirectUri() string
func (*OAuth2Config) GetResources ¶
func (x *OAuth2Config) GetResources() []string
func (*OAuth2Config) GetSignoutPath ¶
func (x *OAuth2Config) GetSignoutPath() *v32.PathMatcher
func (*OAuth2Config) GetTokenEndpoint ¶
func (x *OAuth2Config) GetTokenEndpoint() *v31.HttpUri
func (*OAuth2Config) ProtoMessage ¶
func (*OAuth2Config) ProtoMessage()
func (*OAuth2Config) ProtoReflect ¶
func (x *OAuth2Config) ProtoReflect() protoreflect.Message
func (*OAuth2Config) Reset ¶
func (x *OAuth2Config) Reset()
func (*OAuth2Config) String ¶
func (x *OAuth2Config) String() string
type OAuth2Config_AuthType ¶
type OAuth2Config_AuthType int32
const ( // The “client_id“ and “client_secret“ will be sent in the URL encoded request body. // This type should only be used when Auth server does not support Basic authentication. OAuth2Config_URL_ENCODED_BODY OAuth2Config_AuthType = 0 // The “client_id“ and “client_secret“ will be sent using HTTP Basic authentication scheme. OAuth2Config_BASIC_AUTH OAuth2Config_AuthType = 1 )
func (OAuth2Config_AuthType) Descriptor ¶
func (OAuth2Config_AuthType) Descriptor() protoreflect.EnumDescriptor
func (OAuth2Config_AuthType) Enum ¶
func (x OAuth2Config_AuthType) Enum() *OAuth2Config_AuthType
func (OAuth2Config_AuthType) EnumDescriptor
deprecated
func (OAuth2Config_AuthType) EnumDescriptor() ([]byte, []int)
Deprecated: Use OAuth2Config_AuthType.Descriptor instead.
func (OAuth2Config_AuthType) Number ¶
func (x OAuth2Config_AuthType) Number() protoreflect.EnumNumber
func (OAuth2Config_AuthType) String ¶
func (x OAuth2Config_AuthType) String() string
func (OAuth2Config_AuthType) Type ¶
func (OAuth2Config_AuthType) Type() protoreflect.EnumType
type OAuth2Credentials ¶
type OAuth2Credentials struct { // The client_id to be used in the authorize calls. This value will be URL encoded when sent to the OAuth server. ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` // The secret used to retrieve the access token. This value will be URL encoded when sent to the OAuth server. TokenSecret *v3.SdsSecretConfig `protobuf:"bytes,2,opt,name=token_secret,json=tokenSecret,proto3" json:"token_secret,omitempty"` // Configures how the secret token should be created. // // Types that are assignable to TokenFormation: // // *OAuth2Credentials_HmacSecret TokenFormation isOAuth2Credentials_TokenFormation `protobuf_oneof:"token_formation"` // The cookie names used in OAuth filters flow. CookieNames *OAuth2Credentials_CookieNames `protobuf:"bytes,4,opt,name=cookie_names,json=cookieNames,proto3" json:"cookie_names,omitempty"` // contains filtered or unexported fields }
func (*OAuth2Credentials) Descriptor
deprecated
func (*OAuth2Credentials) Descriptor() ([]byte, []int)
Deprecated: Use OAuth2Credentials.ProtoReflect.Descriptor instead.
func (*OAuth2Credentials) GetClientId ¶
func (x *OAuth2Credentials) GetClientId() string
func (*OAuth2Credentials) GetCookieNames ¶
func (x *OAuth2Credentials) GetCookieNames() *OAuth2Credentials_CookieNames
func (*OAuth2Credentials) GetHmacSecret ¶
func (x *OAuth2Credentials) GetHmacSecret() *v3.SdsSecretConfig
func (*OAuth2Credentials) GetTokenFormation ¶
func (m *OAuth2Credentials) GetTokenFormation() isOAuth2Credentials_TokenFormation
func (*OAuth2Credentials) GetTokenSecret ¶
func (x *OAuth2Credentials) GetTokenSecret() *v3.SdsSecretConfig
func (*OAuth2Credentials) ProtoMessage ¶
func (*OAuth2Credentials) ProtoMessage()
func (*OAuth2Credentials) ProtoReflect ¶
func (x *OAuth2Credentials) ProtoReflect() protoreflect.Message
func (*OAuth2Credentials) Reset ¶
func (x *OAuth2Credentials) Reset()
func (*OAuth2Credentials) String ¶
func (x *OAuth2Credentials) String() string
type OAuth2Credentials_CookieNames ¶
type OAuth2Credentials_CookieNames struct { // Cookie name to hold OAuth bearer token value. When the authentication server validates the // client and returns an authorization token back to the OAuth filter, no matter what format // that token is, if :ref:`forward_bearer_token <envoy_v3_api_field_extensions.filters.http.oauth2.v3.OAuth2Config.forward_bearer_token>` // is set to true the filter will send over the bearer token as a cookie with this name to the // upstream. Defaults to “BearerToken“. BearerToken string `protobuf:"bytes,1,opt,name=bearer_token,json=bearerToken,proto3" json:"bearer_token,omitempty"` // Cookie name to hold OAuth HMAC value. Defaults to “OauthHMAC“. OauthHmac string `protobuf:"bytes,2,opt,name=oauth_hmac,json=oauthHmac,proto3" json:"oauth_hmac,omitempty"` // Cookie name to hold OAuth expiry value. Defaults to “OauthExpires“. OauthExpires string `protobuf:"bytes,3,opt,name=oauth_expires,json=oauthExpires,proto3" json:"oauth_expires,omitempty"` // Cookie name to hold the id token. Defaults to “IdToken“. IdToken string `protobuf:"bytes,4,opt,name=id_token,json=idToken,proto3" json:"id_token,omitempty"` // Cookie name to hold the refresh token. Defaults to “RefreshToken“. RefreshToken string `protobuf:"bytes,5,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"` // contains filtered or unexported fields }
[#next-free-field: 6]
func (*OAuth2Credentials_CookieNames) Descriptor
deprecated
func (*OAuth2Credentials_CookieNames) Descriptor() ([]byte, []int)
Deprecated: Use OAuth2Credentials_CookieNames.ProtoReflect.Descriptor instead.
func (*OAuth2Credentials_CookieNames) GetBearerToken ¶
func (x *OAuth2Credentials_CookieNames) GetBearerToken() string
func (*OAuth2Credentials_CookieNames) GetIdToken ¶
func (x *OAuth2Credentials_CookieNames) GetIdToken() string
func (*OAuth2Credentials_CookieNames) GetOauthExpires ¶
func (x *OAuth2Credentials_CookieNames) GetOauthExpires() string
func (*OAuth2Credentials_CookieNames) GetOauthHmac ¶
func (x *OAuth2Credentials_CookieNames) GetOauthHmac() string
func (*OAuth2Credentials_CookieNames) GetRefreshToken ¶
func (x *OAuth2Credentials_CookieNames) GetRefreshToken() string
func (*OAuth2Credentials_CookieNames) ProtoMessage ¶
func (*OAuth2Credentials_CookieNames) ProtoMessage()
func (*OAuth2Credentials_CookieNames) ProtoReflect ¶
func (x *OAuth2Credentials_CookieNames) ProtoReflect() protoreflect.Message
func (*OAuth2Credentials_CookieNames) Reset ¶
func (x *OAuth2Credentials_CookieNames) Reset()
func (*OAuth2Credentials_CookieNames) String ¶
func (x *OAuth2Credentials_CookieNames) String() string
type OAuth2Credentials_HmacSecret ¶
type OAuth2Credentials_HmacSecret struct { // If present, the secret token will be a HMAC using the provided secret. HmacSecret *v3.SdsSecretConfig `protobuf:"bytes,3,opt,name=hmac_secret,json=hmacSecret,proto3,oneof"` }
Click to show internal directories.
Click to hide internal directories.