package jwt
- Alphabetic
- Public
- Protected
Type Members
- final case class JwtFieldOptions(claim: JwtClaimInclude = kalix.jwt.JwtFieldOptions.JwtClaimInclude.UNSPECIFIED, name: String = "", token: Boolean = false, includeParentClaims: Boolean = false, includeBearerTokenClaim: Seq[String] = _root_.scala.Seq.empty, issuer: Seq[String] = _root_.scala.Seq.empty, expiresSeconds: Long = 0L, staticClaim: Seq[JwtStaticClaim] = _root_.scala.Seq.empty, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[JwtFieldOptions] with Product with Serializable
- claim
The inclusion strategy for this field as a claim.
- name
The name of the claim for this field. Only valid for fields with a claim annotation of INCLUDE or NEST. If not set, the name will be the name of this field.
- token
Indicates that this field contains a token, either to be validated, or to be written to. If the field is a single string, then the JWT claim for the containing message will be written to it. If the field is a message or repeated field of messages, then this instructs validation and signing to descend into the message or messages, and validate/sign each one according to the annotations present. If no token annotation is present in the child message, an error will be raised.
- includeParentClaims
If this token annotated field is a child message of a parent, include the claims from the parent in the token.
- includeBearerTokenClaim
A list of bearer token claims to include when signing or validating a token annotated field. The most common use case for this will be pinning tokens contained in this message to the subject in the bearer token, to ensure that the tokens in the message can't be used by other subjects. Bearer token claims will only be included if the method is configured to validate the bearer token, otherwise, validation will fail if the claim can't be read.
- issuer
If set, then when validating a token, only accept the token if it comes from this issuer, and when signing, set the issuer to this value. This can be used in combination with the issuer field of configuration for JWT secrets, if there is at least one secret that has this issuer set, then only those secrets with that issuer set will be used for validating or signing this token, so you can be sure that the token did come from a particular issuer. If an issuer (iss) claim is extracted from another field, this configuration, if set, will override that.
- expiresSeconds
When signing, set the expires claim to be in this many seconds. If unset or zero, will default to 3600 (1 hour). Set to -1 for no expiry. This configuration will override any expiry (exp) claim extracted from other fields. Leave unset, or set to -1, to allow the expiry to be dynamically set.
- staticClaim
If set, the static claims provided and their values will be required when calling the service. When multiple claims are provided, all of them will be required to successfully call the service. When signing, these static claims will also included in the token.
- Annotations
- @SerialVersionUID()
- final case class JwtMessageOptions(validateBearerToken: Boolean = false, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[JwtMessageOptions] with Product with Serializable
- validateBearerToken
Indicates that the token that this message should be validated against is the bearer token, rather than a token annotated field.
- Annotations
- @SerialVersionUID()
- final case class JwtMethodOptions(validate: Seq[JwtMethodMode] = _root_.scala.Seq.empty, sign: Seq[JwtMethodMode] = _root_.scala.Seq.empty, bearerTokenIssuer: Seq[String] = _root_.scala.Seq.empty, staticClaim: Seq[JwtStaticClaim] = _root_.scala.Seq.empty, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[JwtMethodOptions] with Product with Serializable
- bearerTokenIssuer
If set, then the token extracted from the bearer token must have this issuer. This can be used in combination with the issuer field of configuration for JWT secrets, if there is at least one secret that has this issuer set, then only those secrets with that issuer set will be used for validating or signing this token, so you can be sure that the token did come from a particular issuer.
- staticClaim
If set, the static claims provided and their values will be required when calling the service. When multiple claims are provided, all of them will be required to successfully call the service.
- Annotations
- @SerialVersionUID()
- final case class JwtServiceOptions(validate: JwtServiceMode = kalix.jwt.JwtServiceOptions.JwtServiceMode.UNSPECIFIED, bearerTokenIssuer: Seq[String] = _root_.scala.Seq.empty, staticClaim: Seq[JwtStaticClaim] = _root_.scala.Seq.empty, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[JwtServiceOptions] with Product with Serializable
- bearerTokenIssuer
If set, then the token extracted from the bearer token must have this issuer. This can be used in combination with the issuer field of configuration for JWT secrets, if there is at least one secret that has this issuer set, then only those secrets with that issuer set will be used for validating or signing this token, so you can be sure that the token did come from a particular issuer.
- staticClaim
If set, the static claims provided and their values will be required when calling the service. When multiple claims are provided, all of them will be required to successfully call the service.
- Annotations
- @SerialVersionUID()
- final case class JwtStaticClaim(claim: String = "", value: Seq[String] = _root_.scala.Seq.empty, pattern: String = "", unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[JwtStaticClaim] with Product with Serializable
- claim
The claim name needs to be a hardcoded literal (e.g. "role")
- value
The value can be set as: a hardcoded literal (e.g. "admin"), an ENV variable (e.g "${ENV_VAR}") or a combination of both (e.g. "${ENV_VAR}-admin"). Providing multiple values means ALL of them will be required when validating and ALL will be included when signing.
- pattern
This receives a regex expression (Java flavor) used to match on the incoming claim value. Cannot be used in conjunction with
value
field above. It's one or the other. NOTE: when signing, a static claim defined with a pattern will not be included in the token. Usage examples:- claim value is not empty: "&92;&92;S+"
- claim value has one of 2 possible values: "^(admin|manager)$"
- Annotations
- @SerialVersionUID()
Value Members
- object JwtFieldOptions extends GeneratedMessageCompanion[JwtFieldOptions]
- object JwtMessageOptions extends GeneratedMessageCompanion[JwtMessageOptions]
- object JwtMethodOptions extends GeneratedMessageCompanion[JwtMethodOptions]
- object JwtProto extends GeneratedFileObject
- object JwtServiceOptions extends GeneratedMessageCompanion[JwtServiceOptions]
- object JwtStaticClaim extends GeneratedMessageCompanion[JwtStaticClaim]