Skip to content

Commit

Permalink
add documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@kozjan
kozjan committed Jul 22, 2024
1 parent 047b509 commit 6c83109
Showing 1 changed file with 18 additions and 16 deletions.
34 changes: 18 additions & 16 deletions docs/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,19 +227,21 @@ Property
**envoy-control.source.consul.tags.canary** | Service instance tag which indicate canary instance | canary

## JWT filter
Property | Description | Default value
--------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | ---------
**envoy-control.envoy.snapshot.jwt.forwardJwt** | If false, the JWT is removed in the request after a success verification. If true, the JWT is not removed in the request | true
**envoy-control.envoy.snapshot.jwt.forwardPayloadHeader** | the header name to forward a successfully verified JWT payload to the backend. The forwarded data is: `base64url_encoded(jwt_payload_in_JSON)` | x-oauth-token-validated
**envoy-control.envoy.snapshot.jwt.payloadInMetadata** | Key for token fields, the value is the protobuf::Struct converted from JWT JSON payload. | jwt
**envoy-control.envoy.snapshot.jwt.fieldRequiredInToken** | Name of the field that will be checked if its present in JWT. This field should be present in every token. | exp
**envoy-control.envoy.snapshot.jwt.defaultVerificationType** | Type of token validation, either ONLINE or OFFLINE (currently only OFFLINE supported) | offline
**envoy-control.envoy.snapshot.jwt.defaultOAuthPolicy** | Policy specifies a Jwt requirement. Allowed values are allowMissingOrFailed, allowMissing and strict. | strict
**envoy-control.envoy.snapshot.jwt.providers.{providerName}** | Provider of OAuth JWKs | empty map
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.jwksUri** | Uri of the endpoint serving JWKs | http://localhost
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.createCluster** | If true, cluster will be created for OAuth provider | false
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.clusterName** | Name of the cluster | ""
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.clusterPort** | Port of the cluster that will be created for provider | 443
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.cacheDuration** | Duration of caching public key fetched from provider | 300s
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.connectionTimeout** | Connection timeout for request fetching JWKs | 1s
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.matchings.{matching}** | Name of the token field that should be verified for given selector | empty map
Property | Description | Default value
--------------------------------------------------------------------------------------------- |--------------------------------------------------------------------------------------------------------------------------------------------------| ---------
**envoy-control.envoy.snapshot.jwt.forwardJwt** | If false, the JWT is removed in the request after a success verification. If true, the JWT is not removed in the request | true
**envoy-control.envoy.snapshot.jwt.forwardPayloadHeader** | the header name to forward a successfully verified JWT payload to the backend. The forwarded data is: `base64url_encoded(jwt_payload_in_JSON)` | x-oauth-token-validated
**envoy-control.envoy.snapshot.jwt.payloadInMetadata** | Key for token fields, the value is the protobuf::Struct converted from JWT JSON payload. | jwt
**envoy-control.envoy.snapshot.jwt.failedStatusInMetadata** | Key for non-verified JWT status, the value is the protobuf::Struct with `code` and `message` fields. | jwt_failure_reason
**envoy-control.envoy.snapshot.jwt.failedStatusInMetadataEnabled** | If true, metadata will contain expanded JWT status information. | true
**envoy-control.envoy.snapshot.jwt.fieldRequiredInToken** | Name of the field that will be checked if its present in JWT. This field should be present in every token. | exp
**envoy-control.envoy.snapshot.jwt.defaultVerificationType** | Type of token validation, either ONLINE or OFFLINE (currently only OFFLINE supported) | offline
**envoy-control.envoy.snapshot.jwt.defaultOAuthPolicy** | Policy specifies a Jwt requirement. Allowed values are allowMissingOrFailed, allowMissing and strict. | strict
**envoy-control.envoy.snapshot.jwt.providers.{providerName}** | Provider of OAuth JWKs | empty map
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.jwksUri** | Uri of the endpoint serving JWKs | http://localhost
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.createCluster** | If true, cluster will be created for OAuth provider | false
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.clusterName** | Name of the cluster | ""
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.clusterPort** | Port of the cluster that will be created for provider | 443
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.cacheDuration** | Duration of caching public key fetched from provider | 300s
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.connectionTimeout** | Connection timeout for request fetching JWKs | 1s
**envoy-control.envoy.snapshot.jwt.providers.{providerName}.matchings.{matching}** | Name of the token field that should be verified for given selector | empty map

0 comments on commit 6c83109

Please sign in to comment.