Sync APIs. @tag-name=gloo-conradhanson

api/gloo/enterprise.gloo/v1/auth_config.proto

@@ -620,6 +620,28 @@ message ClaimToHeader {
     bool append = 3;
 }
 
+// For apps in Microsoft Azure, configure Microsoft Entra ID as the OpenID Connect (OIDC) provider.
+// This way, you can enable distibuted claims and caching for when users are members of more than 200 groups.
+message Azure {
+    // The client ID for the ExtAuthService app that is registered in MS Entra,
+    // to access the Microsoft Graph API to retrieve distributed claims.
+    // This app is NOT the app that you want to configure external auth for.
+    string client_id = 1;
+
+    // The tenant ID represents the MS Entra organization ID where the ExtAuthService app is registered.
+    // This tenant ID may or may not be the same as in the top level `OidcAuthorizationCodeConfig`,
+    // depending on how your Azure account is provisioned.
+    string tenant_id = 2;
+
+    // The client secret of the ExtAuthService app that is registered with MS Entra to communciate with the MS Graph API.
+    core.solo.io.ResourceRef client_secret = 3;
+
+    // Redis connection details to cache MS Entera claims.
+    // This way, you avoid performance issues of accessing the Microsoft Graph API too many times.
+    // Note that this setting does NOT turn on Redis caching for the user session.
+    // To turn on Redis user session caching, use the `userSessionConfig` field.
+    RedisOptions claims_caching_options = 4;
+}
 
 message OidcAuthorizationCode {
     // your client id as registered with the issuer
@@ -826,29 +848,6 @@ message OidcAuthorizationCode {
     // No-op, represents default OIDC behavior
     message Default {}
 
-    // For apps in Microsoft Azure, configure Microsoft Entra ID as the OpenID Connect (OIDC) provider.
-    // This way, you can enable distributed claims and caching for when users are members of more than 200 groups.
-    message Azure {
-        // The client ID for the ExtAuthService app that is registered in MS Entra,
-        // to access the Microsoft Graph API to retrieve distributed claims.
-        // This app is NOT the app that you want to configure external auth for.
-        string client_id = 1;
-
-        // The tenant ID represents the MS Entra organization ID where the ExtAuthService app is registered.
-        // This tenant ID may or may not be the same as in the top level `OidcAuthorizationCodeConfig`,
-        // depending on how your Azure account is provisioned.
-        string tenant_id = 2;
-
-        // The client secret of the ExtAuthService app that is registered with MS Entra to communicate with the MS Graph API.
-        core.solo.io.ResourceRef client_secret = 3;
-
-        // Redis connection details to cache MS Entera claims.
-        // This way, you avoid performance issues of accessing the Microsoft Graph API too many times.
-        // Note that this setting does NOT turn on Redis caching for the user session.
-        // To turn on Redis user session caching, use the `userSessionConfig` field.
-        RedisOptions claims_caching_options = 4;
-    }
-
     // For the moment this is just path, but we may want to configure things like iss/sid validation
     message FrontChannelLogout {
         // Path to use for front channel logout. Should not be the same as logout or callback paths.
@@ -1082,6 +1081,13 @@ message AccessTokenValidation {
     // and the structure of the claim value will be preserved in the metadata struct.
     map<string, string> dynamic_metadata_from_claims = 7;
 
+    // A list of claims to be mapped from the JWT token received by ext-auth-service to an upstream destination
+    repeated ClaimToHeader claims_to_headers = 8;
+
+    // For apps in Microsoft Azure, configure Microsoft Entra ID as the OpenID Connect (OIDC) provider.
+    // This way, you can enable distibuted claims and caching for when users are members of more than 200 groups.
+    Azure azure = 9;
+
     message ScopeList {
       repeated string scope = 1;
     }
@@ -1846,7 +1852,7 @@ message ExtAuthConfig {
         message Default {}
 
         // For apps in Microsoft Azure, configure Microsoft Entra ID as the OpenID Connect (OIDC) provider.
-        // This way, you can enable distributed claims and caching for when users are members of more than 200 groups.
+        // This way, you can enable distibuted claims and caching for when users are members of more than 200 groups.
         message Azure {
             // The client ID for the ExtAuthService app that is registered in MS Entra,
             // to access the Microsoft Graph API to retrieve distributed claims.
@@ -1858,7 +1864,7 @@ message ExtAuthConfig {
             // depending on how your Azure account is provisioned.
             string tenant_id = 2;
 
-            // The client secret of the ExtAuthService app that is registered with MS Entra to communicate with the MS Graph API.
+            // The client secret of the ExtAuthService app that is registered with MS Entra to communciate with the MS Graph API.
             string client_secret = 3 [(extproto.sensitive) = true];
 
             // Redis connection details to cache MS Entera claims.