config/gen/go/v1/oidc/config.pb.go

// Copyright 2024 Tetrate
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// 	protoc-gen-go v1.34.1
// 	protoc        (unknown)
// source: v1/oidc/config.proto

package oidc

import (
	reflect "reflect"
	sync "sync"

	_ "github.com/envoyproxy/protoc-gen-validate/validate"
	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
	durationpb "google.golang.org/protobuf/types/known/durationpb"
	structpb "google.golang.org/protobuf/types/known/structpb"
)

const (
	// Verify that this generated code is sufficiently up-to-date.
	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
	// Verify that runtime/protoimpl is sufficiently up-to-date.
	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)

// Defines how a token obtained through an OIDC flow is forwarded to services.
type TokenConfig struct {
	state         protoimpl.MessageState
	sizeCache     protoimpl.SizeCache
	unknownFields protoimpl.UnknownFields

	// The name of the header that Authservice adds to the request when forwarding to services.
	// The value of this header will contain the `preamble` and the token.
	// This value is case-insensitive, as http header names are case-insensitive.
	// Note that this value must be `Authorization` for the
	// [Istio Authentication Policy](https://istio.io/docs/tasks/security/authn-policy/)
	// to inspect the token.
	// Required.
	Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
	// The authentication scheme of the token.
	// For example, when the preamble is `Bearer` and `header` is `Authorization`, the following
	// header will be added to the request to the service: `Authorization: Bearer ID_TOKEN_VALUE`.
	// Note that this value must be `Bearer`, case-sensitive, when header is `Authorization`.
	// Optional.
	Preamble string `protobuf:"bytes,2,opt,name=preamble,proto3" json:"preamble,omitempty"`
}

func (x *TokenConfig) Reset() {
	*x = TokenConfig{}
	if protoimpl.UnsafeEnabled {
		mi := &file_v1_oidc_config_proto_msgTypes[0]
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		ms.StoreMessageInfo(mi)
	}
}

func (x *TokenConfig) String() string {
	return protoimpl.X.MessageStringOf(x)
}

func (*TokenConfig) ProtoMessage() {}

func (x *TokenConfig) ProtoReflect() protoreflect.Message {
	mi := &file_v1_oidc_config_proto_msgTypes[0]
	if protoimpl.UnsafeEnabled && x != nil {
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		if ms.LoadMessageInfo() == nil {
			ms.StoreMessageInfo(mi)
		}
		return ms
	}
	return mi.MessageOf(x)
}

// Deprecated: Use TokenConfig.ProtoReflect.Descriptor instead.
func (*TokenConfig) Descriptor() ([]byte, []int) {
	return file_v1_oidc_config_proto_rawDescGZIP(), []int{0}
}

func (x *TokenConfig) GetHeader() string {
	if x != nil {
		return x.Header
	}
	return ""
}

func (x *TokenConfig) GetPreamble() string {
	if x != nil {
		return x.Preamble
	}
	return ""
}

// When specified, the Authservice will use the configured Redis server to store session data
type RedisConfig struct {
	state         protoimpl.MessageState
	sizeCache     protoimpl.SizeCache
	unknownFields protoimpl.UnknownFields

	// The Redis server uri, e.g. "tcp://127.0.0.1:6379"
	ServerUri string `protobuf:"bytes,1,opt,name=server_uri,json=serverUri,proto3" json:"server_uri,omitempty"`
}

func (x *RedisConfig) Reset() {
	*x = RedisConfig{}
	if protoimpl.UnsafeEnabled {
		mi := &file_v1_oidc_config_proto_msgTypes[1]
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		ms.StoreMessageInfo(mi)
	}
}

func (x *RedisConfig) String() string {
	return protoimpl.X.MessageStringOf(x)
}

func (*RedisConfig) ProtoMessage() {}

func (x *RedisConfig) ProtoReflect() protoreflect.Message {
	mi := &file_v1_oidc_config_proto_msgTypes[1]
	if protoimpl.UnsafeEnabled && x != nil {
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		if ms.LoadMessageInfo() == nil {
			ms.StoreMessageInfo(mi)
		}
		return ms
	}
	return mi.MessageOf(x)
}

// Deprecated: Use RedisConfig.ProtoReflect.Descriptor instead.
func (*RedisConfig) Descriptor() ([]byte, []int) {
	return file_v1_oidc_config_proto_rawDescGZIP(), []int{1}
}

func (x *RedisConfig) GetServerUri() string {
	if x != nil {
		return x.ServerUri
	}
	return ""
}

// When specified, the Authservice will destroy the Authservice session when a request is
// made to the configured path.
type LogoutConfig struct {
	state         protoimpl.MessageState
	sizeCache     protoimpl.SizeCache
	unknownFields protoimpl.UnknownFields

	// A http request path that the Authservice matches against to initiate logout.
	// Whenever a request is made to that path, the Authservice will remove the Authservice-specific
	// cookies and respond with a redirect to the configured `redirect_uri`. Removing the cookies
	// causes the user to be unauthenticated in future requests.
	// If the service application has its own logout controller, then it may be desirable to have its
	// logout controller redirect to this path. If the service application does not need its own logout
	// controller, then the application's logout button/link's href can GET or POST directly to this path.
	// Required.
	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
	// A URI specifying the destination to which the Authservice will redirect any request made to the
	// logout `path`. For example, it may be desirable to redirect the logged out user to the homepage
	// of the service application, or to the
	// [logout endpoint of the OIDC Provider](https://openid.net/specs/openid-connect-session-1_0.html#RPLogout).
	// As with all redirects, the user's browser will perform a GET to this URI.
	// Required when the OIDC discovery is not used or when the OIDC discovery does not provide the
	// `end_session_endpoint`.
	RedirectUri string `protobuf:"bytes,2,opt,name=redirect_uri,json=redirectUri,proto3" json:"redirect_uri,omitempty"`
}

func (x *LogoutConfig) Reset() {
	*x = LogoutConfig{}
	if protoimpl.UnsafeEnabled {
		mi := &file_v1_oidc_config_proto_msgTypes[2]
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		ms.StoreMessageInfo(mi)
	}
}

func (x *LogoutConfig) String() string {
	return protoimpl.X.MessageStringOf(x)
}

func (*LogoutConfig) ProtoMessage() {}

func (x *LogoutConfig) ProtoReflect() protoreflect.Message {
	mi := &file_v1_oidc_config_proto_msgTypes[2]
	if protoimpl.UnsafeEnabled && x != nil {
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		if ms.LoadMessageInfo() == nil {
			ms.StoreMessageInfo(mi)
		}
		return ms
	}
	return mi.MessageOf(x)
}

// Deprecated: Use LogoutConfig.ProtoReflect.Descriptor instead.
func (*LogoutConfig) Descriptor() ([]byte, []int) {
	return file_v1_oidc_config_proto_rawDescGZIP(), []int{2}
}

func (x *LogoutConfig) GetPath() string {
	if x != nil {
		return x.Path
	}
	return ""
}

func (x *LogoutConfig) GetRedirectUri() string {
	if x != nil {
		return x.RedirectUri
	}
	return ""
}

// The configuration of an OpenID Connect filter that can be used to retrieve identity and access tokens
// via the standard authorization code grant flow from an OIDC Provider.
type OIDCConfig struct {
	state         protoimpl.MessageState
	sizeCache     protoimpl.SizeCache
	unknownFields protoimpl.UnknownFields

	// The OIDC Provider's [issuer identifier](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig).
	// If this is set, the endpoints will be dynamically retrieved from the OIDC Provider's configuration endpoint.
	ConfigurationUri string `protobuf:"bytes,19,opt,name=configuration_uri,json=configurationUri,proto3" json:"configuration_uri,omitempty"`
	// The OIDC Provider's [authorization endpoint](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint).
	// Required if `configuration_uri` is not set.
	AuthorizationUri string `protobuf:"bytes,1,opt,name=authorization_uri,json=authorizationUri,proto3" json:"authorization_uri,omitempty"`
	// The OIDC Provider's [token endpoint](https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint).
	// Required if `configuration_uri` is not set.
	TokenUri string `protobuf:"bytes,2,opt,name=token_uri,json=tokenUri,proto3" json:"token_uri,omitempty"`
	// This value will be used as the `redirect_uri` param of the authorization code grant
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// This URL must be one of the Redirection URI values for the Client pre-registered at the OIDC provider.
	// Note: The Istio gateway's VirtualService must be prepared to ensure that this URL will get routed to
	// the service so that the Authservice can intercept the request and handle it
	// (see [example](https://github.com/istio-ecosystem/authservice/blob/master/bookinfo-example/config/bookinfo-gateway.yaml)).
	// Required.
	CallbackUri string `protobuf:"bytes,3,opt,name=callback_uri,json=callbackUri,proto3" json:"callback_uri,omitempty"`
	// Types that are assignable to JwksConfig:
	//
	//	*OIDCConfig_Jwks
	//	*OIDCConfig_JwksFetcher
	JwksConfig isOIDCConfig_JwksConfig `protobuf_oneof:"jwks_config"`
	// The OIDC client ID assigned to the filter to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// Required.
	ClientId string `protobuf:"bytes,5,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// Types that are assignable to ClientSecretConfig:
	//
	//	*OIDCConfig_ClientSecret
	//	*OIDCConfig_ClientSecretRef
	ClientSecretConfig isOIDCConfig_ClientSecretConfig `protobuf_oneof:"client_secret_config"`
	// Additional scopes passed to the OIDC Provider in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// The `openid` scope is always sent to the OIDC Provider, and does not need to be specified here.
	// Required, but an empty array is allowed.
	Scopes []string `protobuf:"bytes,7,rep,name=scopes,proto3" json:"scopes,omitempty"`
	// A unique identifier of the Authservice's browser cookies. Can be any string.
	// Needed when multiple services in the same domain are each protected by
	// their own Authservice, in which case each service's Authservice should have
	// a unique value to avoid cookie name conflicts. Also needed when an Authservice
	// is configured with multiple `oidc` filters (across multiple `chains`), each
	// sharing a Redis server for their session storage, to avoid having those
	// `oidc` filters read/write the same sessions in Redis.
	// Optional.
	CookieNamePrefix string `protobuf:"bytes,8,opt,name=cookie_name_prefix,json=cookieNamePrefix,proto3" json:"cookie_name_prefix,omitempty"`
	// The configuration for adding ID Tokens as headers to requests forwarded to a service.
	// Required.
	IdToken *TokenConfig `protobuf:"bytes,9,opt,name=id_token,json=idToken,proto3" json:"id_token,omitempty"`
	// The configuration for adding Access Tokens as headers to requests forwarded to a service.
	// Optional.
	AccessToken *TokenConfig `protobuf:"bytes,10,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
	// When specified, the Authservice will destroy the Authservice session when a request is
	// made to the configured path.
	// Optional.
	Logout *LogoutConfig `protobuf:"bytes,11,opt,name=logout,proto3" json:"logout,omitempty"`
	// The Authservice associates obtained OIDC tokens with a session ID in a session store.
	// It also stores some temporary information during the login process into the session store,
	// which will be removed when the user finishes the login.
	// This configuration option sets the number of seconds since a user's session with the Authservice has started
	// until that session should expire.
	// When configured to `0`, which is the default value, the session will never timeout based on the time
	// that it was started, but can still timeout due to being idle.
	// When both `absolute_session_timeout` and `idle_session_timeout` are zero, then sessions will never
	// expire. These settings do not affect how quickly the OIDC tokens contained inside the user's session expire.
	// Optional.
	AbsoluteSessionTimeout uint32 `protobuf:"varint,12,opt,name=absolute_session_timeout,json=absoluteSessionTimeout,proto3" json:"absolute_session_timeout,omitempty"`
	// The Authservice associates obtained OIDC tokens with a session ID in a session store.
	// It also stores some temporary information during the login process into the session store,
	// which will be removed when the user finishes the login.
	// This configuration option sets the number of seconds since the most recent incoming request from that user
	// until the user's session with the Authservice should expire.
	// When configured to `0`, which is the default value, session expiration will not consider idle time,
	// but can still consider timeout based on maximum absolute time since added.
	// When both `absolute_session_timeout` and `idle_session_timeout` are zero, then sessions will never
	// expire. These settings do not affect how quickly the OIDC tokens contained inside the user's session expire.
	// Optional.
	IdleSessionTimeout uint32 `protobuf:"varint,13,opt,name=idle_session_timeout,json=idleSessionTimeout,proto3" json:"idle_session_timeout,omitempty"`
	// When specified, the Authservice will trust the specified Certificate Authority when performing HTTPS calls to
	// the OIDC Identity Provider.
	//
	// Types that are assignable to TrustedCaConfig:
	//
	//	*OIDCConfig_TrustedCertificateAuthority
	//	*OIDCConfig_TrustedCertificateAuthorityFile
	TrustedCaConfig isOIDCConfig_TrustedCaConfig `protobuf_oneof:"trusted_ca_config"`
	// The duration between refreshes of the trusted certificate authority if `trusted_certificate_authority_file` is set.
	// Unset or 0 (the default) disables the refresh, useful is no rotation is expected.
	// Is a String that ends in `s` to indicate seconds and is preceded by the number of seconds, e.g. `120s` (represents 2 minutes).
	// Optional.
	TrustedCertificateAuthorityRefreshInterval *durationpb.Duration `protobuf:"bytes,22,opt,name=trusted_certificate_authority_refresh_interval,json=trustedCertificateAuthorityRefreshInterval,proto3" json:"trusted_certificate_authority_refresh_interval,omitempty"`
	// The Authservice makes two kinds of direct network connections directly to the OIDC Provider.
	// Both are POST requests to the configured `token_uri` of the OIDC Provider.
	// The first is to exchange the authorization code for tokens, and the other is to use the
	// refresh token to obtain new tokens. Configure the `proxy_uri` when
	// both of these requests should be made through a web proxy. The format of `proxy_uri` is
	// `http://proxyserver.example.com:8080`, where `:<port_number>` is optional.
	// Userinfo (usernames and passwords) in the `proxy_uri` setting are not yet supported.
	// The `proxy_uri` should always start with `http://`.
	// The Authservice will upgrade the connection to the OIDC provider to HTTPS using
	// an HTTP CONNECT request to the proxy server. The proxy server will see the hostname and port number
	// of the OIDC provider in plain text in the CONNECT request, but all other communication will occur
	// over an encrypted HTTPS connection negotiated directly between the Authservice and
	// the OIDC provider. See also the related `trusted_certificate_authority` configuration option.
	// Optional.
	ProxyUri string `protobuf:"bytes,15,opt,name=proxy_uri,json=proxyUri,proto3" json:"proxy_uri,omitempty"`
	// When specified, the Authservice will use the configured Redis server to store session data.
	// Optional.
	RedisSessionStoreConfig *RedisConfig `protobuf:"bytes,16,opt,name=redis_session_store_config,json=redisSessionStoreConfig,proto3" json:"redis_session_store_config,omitempty"`
	// If set to true, the verification of the destination certificate will be skipped when
	// making a request to the Token Endpoint. This option is useful when you want to use a
	// self-signed certificate for testing purposes, but basically should not be set to true
	// in any other cases.
	// Optional.
	SkipVerifyPeerCert *structpb.Value `protobuf:"bytes,18,opt,name=skip_verify_peer_cert,json=skipVerifyPeerCert,proto3" json:"skip_verify_peer_cert,omitempty"` // keep this field out from the trusted_ca_config one of for backward compatibility.
}

func (x *OIDCConfig) Reset() {
	*x = OIDCConfig{}
	if protoimpl.UnsafeEnabled {
		mi := &file_v1_oidc_config_proto_msgTypes[3]
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		ms.StoreMessageInfo(mi)
	}
}

func (x *OIDCConfig) String() string {
	return protoimpl.X.MessageStringOf(x)
}

func (*OIDCConfig) ProtoMessage() {}

func (x *OIDCConfig) ProtoReflect() protoreflect.Message {
	mi := &file_v1_oidc_config_proto_msgTypes[3]
	if protoimpl.UnsafeEnabled && x != nil {
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		if ms.LoadMessageInfo() == nil {
			ms.StoreMessageInfo(mi)
		}
		return ms
	}
	return mi.MessageOf(x)
}

// Deprecated: Use OIDCConfig.ProtoReflect.Descriptor instead.
func (*OIDCConfig) Descriptor() ([]byte, []int) {
	return file_v1_oidc_config_proto_rawDescGZIP(), []int{3}
}

func (x *OIDCConfig) GetConfigurationUri() string {
	if x != nil {
		return x.ConfigurationUri
	}
	return ""
}

func (x *OIDCConfig) GetAuthorizationUri() string {
	if x != nil {
		return x.AuthorizationUri
	}
	return ""
}

func (x *OIDCConfig) GetTokenUri() string {
	if x != nil {
		return x.TokenUri
	}
	return ""
}

func (x *OIDCConfig) GetCallbackUri() string {
	if x != nil {
		return x.CallbackUri
	}
	return ""
}

func (m *OIDCConfig) GetJwksConfig() isOIDCConfig_JwksConfig {
	if m != nil {
		return m.JwksConfig
	}
	return nil
}

func (x *OIDCConfig) GetJwks() string {
	if x, ok := x.GetJwksConfig().(*OIDCConfig_Jwks); ok {
		return x.Jwks
	}
	return ""
}

func (x *OIDCConfig) GetJwksFetcher() *OIDCConfig_JwksFetcherConfig {
	if x, ok := x.GetJwksConfig().(*OIDCConfig_JwksFetcher); ok {
		return x.JwksFetcher
	}
	return nil
}

func (x *OIDCConfig) GetClientId() string {
	if x != nil {
		return x.ClientId
	}
	return ""
}

func (m *OIDCConfig) GetClientSecretConfig() isOIDCConfig_ClientSecretConfig {
	if m != nil {
		return m.ClientSecretConfig
	}
	return nil
}

func (x *OIDCConfig) GetClientSecret() string {
	if x, ok := x.GetClientSecretConfig().(*OIDCConfig_ClientSecret); ok {
		return x.ClientSecret
	}
	return ""
}

func (x *OIDCConfig) GetClientSecretRef() *OIDCConfig_SecretReference {
	if x, ok := x.GetClientSecretConfig().(*OIDCConfig_ClientSecretRef); ok {
		return x.ClientSecretRef
	}
	return nil
}

func (x *OIDCConfig) GetScopes() []string {
	if x != nil {
		return x.Scopes
	}
	return nil
}

func (x *OIDCConfig) GetCookieNamePrefix() string {
	if x != nil {
		return x.CookieNamePrefix
	}
	return ""
}

func (x *OIDCConfig) GetIdToken() *TokenConfig {
	if x != nil {
		return x.IdToken
	}
	return nil
}

func (x *OIDCConfig) GetAccessToken() *TokenConfig {
	if x != nil {
		return x.AccessToken
	}
	return nil
}

func (x *OIDCConfig) GetLogout() *LogoutConfig {
	if x != nil {
		return x.Logout
	}
	return nil
}

func (x *OIDCConfig) GetAbsoluteSessionTimeout() uint32 {
	if x != nil {
		return x.AbsoluteSessionTimeout
	}
	return 0
}

func (x *OIDCConfig) GetIdleSessionTimeout() uint32 {
	if x != nil {
		return x.IdleSessionTimeout
	}
	return 0
}

func (m *OIDCConfig) GetTrustedCaConfig() isOIDCConfig_TrustedCaConfig {
	if m != nil {
		return m.TrustedCaConfig
	}
	return nil
}

func (x *OIDCConfig) GetTrustedCertificateAuthority() string {
	if x, ok := x.GetTrustedCaConfig().(*OIDCConfig_TrustedCertificateAuthority); ok {
		return x.TrustedCertificateAuthority
	}
	return ""
}

func (x *OIDCConfig) GetTrustedCertificateAuthorityFile() string {
	if x, ok := x.GetTrustedCaConfig().(*OIDCConfig_TrustedCertificateAuthorityFile); ok {
		return x.TrustedCertificateAuthorityFile
	}
	return ""
}

func (x *OIDCConfig) GetTrustedCertificateAuthorityRefreshInterval() *durationpb.Duration {
	if x != nil {
		return x.TrustedCertificateAuthorityRefreshInterval
	}
	return nil
}

func (x *OIDCConfig) GetProxyUri() string {
	if x != nil {
		return x.ProxyUri
	}
	return ""
}

func (x *OIDCConfig) GetRedisSessionStoreConfig() *RedisConfig {
	if x != nil {
		return x.RedisSessionStoreConfig
	}
	return nil
}

func (x *OIDCConfig) GetSkipVerifyPeerCert() *structpb.Value {
	if x != nil {
		return x.SkipVerifyPeerCert
	}
	return nil
}

type isOIDCConfig_JwksConfig interface {
	isOIDCConfig_JwksConfig()
}

type OIDCConfig_Jwks struct {
	// The JSON JWKS response from the OIDC provider’s `jwks_uri` URI which can be found in
	// the OIDC provider's
	// [configuration response](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse).
	// Note that this JSON value must be escaped when embedded in a json configmap
	// (see [example](https://github.com/istio-ecosystem/authservice/blob/master/bookinfo-example/config/authservice-configmap-template.yaml)).
	// Used during token verification.
	Jwks string `protobuf:"bytes,4,opt,name=jwks,proto3,oneof"`
}

type OIDCConfig_JwksFetcher struct {
	// Configuration to allow JWKs to be retrieved and updated asynchronously at regular intervals.
	JwksFetcher *OIDCConfig_JwksFetcherConfig `protobuf:"bytes,17,opt,name=jwks_fetcher,json=jwksFetcher,proto3,oneof"`
}

func (*OIDCConfig_Jwks) isOIDCConfig_JwksConfig() {}

func (*OIDCConfig_JwksFetcher) isOIDCConfig_JwksConfig() {}

type isOIDCConfig_ClientSecretConfig interface {
	isOIDCConfig_ClientSecretConfig()
}

type OIDCConfig_ClientSecret struct {
	// The OIDC client secret assigned to the filter to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// This field keeps the client secret in plain text. Recommend to use `client_secret_ref` instead
	// when running in a Kubernetes cluster.
	ClientSecret string `protobuf:"bytes,6,opt,name=client_secret,json=clientSecret,proto3,oneof"`
}

type OIDCConfig_ClientSecretRef struct {
	// The Kubernetes secret that contains the OIDC client secret assigned to the filter to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	//
	// This is an Opaque secret. The client secret should be stored in the key "client-secret".
	// This filed is only valid when running in a Kubernetes cluster.
	ClientSecretRef *OIDCConfig_SecretReference `protobuf:"bytes,21,opt,name=client_secret_ref,json=clientSecretRef,proto3,oneof"`
}

func (*OIDCConfig_ClientSecret) isOIDCConfig_ClientSecretConfig() {}

func (*OIDCConfig_ClientSecretRef) isOIDCConfig_ClientSecretConfig() {}

type isOIDCConfig_TrustedCaConfig interface {
	isOIDCConfig_TrustedCaConfig()
}

type OIDCConfig_TrustedCertificateAuthority struct {
	// String PEM-encoded certificate authority to trust when performing HTTPS calls to the OIDC Identity Provider.
	// Optional.
	TrustedCertificateAuthority string `protobuf:"bytes,14,opt,name=trusted_certificate_authority,json=trustedCertificateAuthority,proto3,oneof"`
}

type OIDCConfig_TrustedCertificateAuthorityFile struct {
	// The file path to the PEM-encoded certificate authority to trust when performing HTTPS calls to the OIDC Identity Provider.
	// Optional.
	TrustedCertificateAuthorityFile string `protobuf:"bytes,20,opt,name=trusted_certificate_authority_file,json=trustedCertificateAuthorityFile,proto3,oneof"`
}

func (*OIDCConfig_TrustedCertificateAuthority) isOIDCConfig_TrustedCaConfig() {}

func (*OIDCConfig_TrustedCertificateAuthorityFile) isOIDCConfig_TrustedCaConfig() {}

// This message defines a setting to allow asynchronous retrieval and update of the JWK for
// JWT validation at regular intervals.
type OIDCConfig_JwksFetcherConfig struct {
	state         protoimpl.MessageState
	sizeCache     protoimpl.SizeCache
	unknownFields protoimpl.UnknownFields

	// Request URI that has the JWKs.
	// Required if `configuration_uri` is not set.
	JwksUri string `protobuf:"bytes,1,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"`
	// Request interval to check whether new JWKs are available. If not specified,
	// default to 1200 seconds, 20min.
	// Optional.
	PeriodicFetchIntervalSec uint32 `protobuf:"varint,2,opt,name=periodic_fetch_interval_sec,json=periodicFetchIntervalSec,proto3" json:"periodic_fetch_interval_sec,omitempty"`
	// If set to true, the verification of the destination certificate will be skipped when
	// making a request to the JWKs URI. This option is useful when you want to use a
	// self-signed certificate for testing purposes, but basically should not be set to
	// true in any other cases.
	// Optional.
	// Deprecated: Use the one from the OIDCConfig instead.
	//
	// Deprecated: Marked as deprecated in v1/oidc/config.proto.
	SkipVerifyPeerCert *structpb.Value `protobuf:"bytes,3,opt,name=skip_verify_peer_cert,json=skipVerifyPeerCert,proto3" json:"skip_verify_peer_cert,omitempty"`
}

func (x *OIDCConfig_JwksFetcherConfig) Reset() {
	*x = OIDCConfig_JwksFetcherConfig{}
	if protoimpl.UnsafeEnabled {
		mi := &file_v1_oidc_config_proto_msgTypes[4]
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		ms.StoreMessageInfo(mi)
	}
}

func (x *OIDCConfig_JwksFetcherConfig) String() string {
	return protoimpl.X.MessageStringOf(x)
}

func (*OIDCConfig_JwksFetcherConfig) ProtoMessage() {}

func (x *OIDCConfig_JwksFetcherConfig) ProtoReflect() protoreflect.Message {
	mi := &file_v1_oidc_config_proto_msgTypes[4]
	if protoimpl.UnsafeEnabled && x != nil {
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		if ms.LoadMessageInfo() == nil {
			ms.StoreMessageInfo(mi)
		}
		return ms
	}
	return mi.MessageOf(x)
}

// Deprecated: Use OIDCConfig_JwksFetcherConfig.ProtoReflect.Descriptor instead.
func (*OIDCConfig_JwksFetcherConfig) Descriptor() ([]byte, []int) {
	return file_v1_oidc_config_proto_rawDescGZIP(), []int{3, 0}
}

func (x *OIDCConfig_JwksFetcherConfig) GetJwksUri() string {
	if x != nil {
		return x.JwksUri
	}
	return ""
}

func (x *OIDCConfig_JwksFetcherConfig) GetPeriodicFetchIntervalSec() uint32 {
	if x != nil {
		return x.PeriodicFetchIntervalSec
	}
	return 0
}

// Deprecated: Marked as deprecated in v1/oidc/config.proto.
func (x *OIDCConfig_JwksFetcherConfig) GetSkipVerifyPeerCert() *structpb.Value {
	if x != nil {
		return x.SkipVerifyPeerCert
	}
	return nil
}

// This message defines a reference to a Kubernetes Secret resource.
type OIDCConfig_SecretReference struct {
	state         protoimpl.MessageState
	sizeCache     protoimpl.SizeCache
	unknownFields protoimpl.UnknownFields

	// The namespace of the referenced Secret, if not set, default to "default" namespace.
	Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// The name of the referenced Secret.
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
}

func (x *OIDCConfig_SecretReference) Reset() {
	*x = OIDCConfig_SecretReference{}
	if protoimpl.UnsafeEnabled {
		mi := &file_v1_oidc_config_proto_msgTypes[5]
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		ms.StoreMessageInfo(mi)
	}
}

func (x *OIDCConfig_SecretReference) String() string {
	return protoimpl.X.MessageStringOf(x)
}

func (*OIDCConfig_SecretReference) ProtoMessage() {}

func (x *OIDCConfig_SecretReference) ProtoReflect() protoreflect.Message {
	mi := &file_v1_oidc_config_proto_msgTypes[5]
	if protoimpl.UnsafeEnabled && x != nil {
		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
		if ms.LoadMessageInfo() == nil {
			ms.StoreMessageInfo(mi)
		}
		return ms
	}
	return mi.MessageOf(x)
}

// Deprecated: Use OIDCConfig_SecretReference.ProtoReflect.Descriptor instead.
func (*OIDCConfig_SecretReference) Descriptor() ([]byte, []int) {
	return file_v1_oidc_config_proto_rawDescGZIP(), []int{3, 1}
}

func (x *OIDCConfig_SecretReference) GetNamespace() string {
	if x != nil {
		return x.Namespace
	}
	return ""
}

func (x *OIDCConfig_SecretReference) GetName() string {
	if x != nil {
		return x.Name
	}
	return ""
}

var File_v1_oidc_config_proto protoreflect.FileDescriptor

var file_v1_oidc_config_proto_rawDesc = []byte{
	0x0a, 0x14, 0x76, 0x31, 0x2f, 0x6f, 0x69, 0x64, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1a, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76,
	0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69,
	0x64, 0x63, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
	0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f,
	0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
	0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
	0x1a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64,
	0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4a, 0x0a, 0x0b, 0x54, 0x6f, 0x6b,
	0x65, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1f, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64,
	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10,
	0x01, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x65,
	0x61, 0x6d, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x65,
	0x61, 0x6d, 0x62, 0x6c, 0x65, 0x22, 0x35, 0x0a, 0x0b, 0x52, 0x65, 0x64, 0x69, 0x73, 0x43, 0x6f,
	0x6e, 0x66, 0x69, 0x67, 0x12, 0x26, 0x0a, 0x0a, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x75,
	0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10,
	0x01, 0x52, 0x09, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x72, 0x69, 0x22, 0x4e, 0x0a, 0x0c,
	0x4c, 0x6f, 0x67, 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1b, 0x0a, 0x04,
	0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72,
	0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, 0x64,
	0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
	0x0b, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x55, 0x72, 0x69, 0x22, 0x9e, 0x0d, 0x0a,
	0x0a, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2b, 0x0a, 0x11, 0x63,
	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69,
	0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x12, 0x2b, 0x0a, 0x11, 0x61, 0x75, 0x74, 0x68,
	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20,
	0x01, 0x28, 0x09, 0x52, 0x10, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
	0x6f, 0x6e, 0x55, 0x72, 0x69, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x75,
	0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x55,
	0x72, 0x69, 0x12, 0x2a, 0x0a, 0x0c, 0x63, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x5f, 0x75,
	0x72, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10,
	0x01, 0x52, 0x0b, 0x63, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x55, 0x72, 0x69, 0x12, 0x14,
	0x0a, 0x04, 0x6a, 0x77, 0x6b, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04,
	0x6a, 0x77, 0x6b, 0x73, 0x12, 0x5d, 0x0a, 0x0c, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x66, 0x65, 0x74,
	0x63, 0x68, 0x65, 0x72, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x61, 0x75, 0x74,
	0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e,
	0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66,
	0x69, 0x67, 0x2e, 0x4a, 0x77, 0x6b, 0x73, 0x46, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x43, 0x6f,
	0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0b, 0x6a, 0x77, 0x6b, 0x73, 0x46, 0x65, 0x74, 0x63,
	0x68, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64,
	0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52,
	0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x2e, 0x0a, 0x0d, 0x63, 0x6c, 0x69,
	0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09,
	0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x69,
	0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x64, 0x0a, 0x11, 0x63, 0x6c, 0x69,
	0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x15,
	0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69,
	0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64,
	0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x65, 0x63,
	0x72, 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x48, 0x01, 0x52, 0x0f,
	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12,
	0x16, 0x0a, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52,
	0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x63, 0x6f, 0x6f, 0x6b, 0x69,
	0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x08, 0x20,
	0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x50,
	0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x4c, 0x0a, 0x08, 0x69, 0x64, 0x5f, 0x74, 0x6f, 0x6b, 0x65,
	0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65,
	0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e,
	0x6f, 0x69, 0x64, 0x63, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
	0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x07, 0x69, 0x64, 0x54, 0x6f,
	0x6b, 0x65, 0x6e, 0x12, 0x4a, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f,
	0x6b, 0x65, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68,
	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76,
	0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f, 0x6e, 0x66,
	0x69, 0x67, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12,
	0x40, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x6f, 0x75, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32,
	0x28, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f,
	0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4c, 0x6f, 0x67,
	0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x6c, 0x6f, 0x67, 0x6f, 0x75,
	0x74, 0x12, 0x38, 0x0a, 0x18, 0x61, 0x62, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x65, 0x5f, 0x73, 0x65,
	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x0c, 0x20,
	0x01, 0x28, 0x0d, 0x52, 0x16, 0x61, 0x62, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x65, 0x53, 0x65, 0x73,
	0x73, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x30, 0x0a, 0x14, 0x69,
	0x64, 0x6c, 0x65, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65,
	0x6f, 0x75, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, 0x69, 0x64, 0x6c, 0x65, 0x53,
	0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x44, 0x0a,
	0x1d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
	0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x0e,
	0x20, 0x01, 0x28, 0x09, 0x48, 0x02, 0x52, 0x1b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
	0x69, 0x74, 0x79, 0x12, 0x4d, 0x0a, 0x22, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63,
	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f,
	0x72, 0x69, 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x48,
	0x02, 0x52, 0x1f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
	0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x46, 0x69,
	0x6c, 0x65, 0x12, 0x7d, 0x0a, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x65,
	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72,
	0x69, 0x74, 0x79, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65,
	0x72, 0x76, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x2a, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x65,
	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
	0x74, 0x79, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
	0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x0f,
	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x55, 0x72, 0x69, 0x12, 0x64,
	0x0a, 0x1a, 0x72, 0x65, 0x64, 0x69, 0x73, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f,
	0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x10, 0x20, 0x01,
	0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e,
	0x52, 0x65, 0x64, 0x69, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x17, 0x72, 0x65, 0x64,
	0x69, 0x73, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x43, 0x6f,
	0x6e, 0x66, 0x69, 0x67, 0x12, 0x49, 0x0a, 0x15, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72,
	0x69, 0x66, 0x79, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x12, 0x20,
	0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x73, 0x6b, 0x69,
	0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x1a,
	0xbc, 0x01, 0x0a, 0x11, 0x4a, 0x77, 0x6b, 0x73, 0x46, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x43,
	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x19, 0x0a, 0x08, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x75, 0x72,
	0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6a, 0x77, 0x6b, 0x73, 0x55, 0x72, 0x69,
	0x12, 0x3d, 0x0a, 0x1b, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x69, 0x63, 0x5f, 0x66, 0x65, 0x74,
	0x63, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x63, 0x18,
	0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x18, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x69, 0x63, 0x46,
	0x65, 0x74, 0x63, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x53, 0x65, 0x63, 0x12,
	0x4d, 0x0a, 0x15, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x70,
	0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16,
	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
	0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x12, 0x73, 0x6b, 0x69, 0x70,
	0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x1a, 0x4c,
	0x0a, 0x0f, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63,
	0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01,
	0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12,
	0x1b, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa,
	0x42, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x0d, 0x0a, 0x0b,
	0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x1b, 0x0a, 0x14, 0x63,
	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x63, 0x6f, 0x6e,
	0x66, 0x69, 0x67, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x42, 0x13, 0x0a, 0x11, 0x74, 0x72, 0x75, 0x73,
	0x74, 0x65, 0x64, 0x5f, 0x63, 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0xf7, 0x01,
	0x0a, 0x1e, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
	0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63,
	0x42, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
	0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x69, 0x73, 0x74, 0x69,
	0x6f, 0x2d, 0x65, 0x63, 0x6f, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68,
	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67,
	0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31, 0x2f, 0x6f, 0x69, 0x64, 0x63, 0xa2, 0x02, 0x04,
	0x41, 0x43, 0x56, 0x4f, 0xaa, 0x02, 0x1a, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69,
	0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x56, 0x31, 0x2e, 0x4f, 0x69, 0x64,
	0x63, 0xca, 0x02, 0x1a, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c,
	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5c, 0x56, 0x31, 0x5c, 0x4f, 0x69, 0x64, 0x63, 0xe2, 0x02,
	0x26, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x43, 0x6f, 0x6e,
	0x66, 0x69, 0x67, 0x5c, 0x56, 0x31, 0x5c, 0x4f, 0x69, 0x64, 0x63, 0x5c, 0x47, 0x50, 0x42, 0x4d,
	0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x1d, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65,
	0x72, 0x76, 0x69, 0x63, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x3a, 0x3a, 0x56,
	0x31, 0x3a, 0x3a, 0x4f, 0x69, 0x64, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}

var (
	file_v1_oidc_config_proto_rawDescOnce sync.Once
	file_v1_oidc_config_proto_rawDescData = file_v1_oidc_config_proto_rawDesc
)

func file_v1_oidc_config_proto_rawDescGZIP() []byte {
	file_v1_oidc_config_proto_rawDescOnce.Do(func() {
		file_v1_oidc_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_v1_oidc_config_proto_rawDescData)
	})
	return file_v1_oidc_config_proto_rawDescData
}

var file_v1_oidc_config_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
var file_v1_oidc_config_proto_goTypes = []interface{}{
	(*TokenConfig)(nil),                  // 0: authservice.config.v1.oidc.TokenConfig
	(*RedisConfig)(nil),                  // 1: authservice.config.v1.oidc.RedisConfig
	(*LogoutConfig)(nil),                 // 2: authservice.config.v1.oidc.LogoutConfig
	(*OIDCConfig)(nil),                   // 3: authservice.config.v1.oidc.OIDCConfig
	(*OIDCConfig_JwksFetcherConfig)(nil), // 4: authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig
	(*OIDCConfig_SecretReference)(nil),   // 5: authservice.config.v1.oidc.OIDCConfig.SecretReference
	(*durationpb.Duration)(nil),          // 6: google.protobuf.Duration
	(*structpb.Value)(nil),               // 7: google.protobuf.Value
}
var file_v1_oidc_config_proto_depIdxs = []int32{
	4, // 0: authservice.config.v1.oidc.OIDCConfig.jwks_fetcher:type_name -> authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig
	5, // 1: authservice.config.v1.oidc.OIDCConfig.client_secret_ref:type_name -> authservice.config.v1.oidc.OIDCConfig.SecretReference
	0, // 2: authservice.config.v1.oidc.OIDCConfig.id_token:type_name -> authservice.config.v1.oidc.TokenConfig
	0, // 3: authservice.config.v1.oidc.OIDCConfig.access_token:type_name -> authservice.config.v1.oidc.TokenConfig
	2, // 4: authservice.config.v1.oidc.OIDCConfig.logout:type_name -> authservice.config.v1.oidc.LogoutConfig
	6, // 5: authservice.config.v1.oidc.OIDCConfig.trusted_certificate_authority_refresh_interval:type_name -> google.protobuf.Duration
	1, // 6: authservice.config.v1.oidc.OIDCConfig.redis_session_store_config:type_name -> authservice.config.v1.oidc.RedisConfig
	7, // 7: authservice.config.v1.oidc.OIDCConfig.skip_verify_peer_cert:type_name -> google.protobuf.Value
	7, // 8: authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig.skip_verify_peer_cert:type_name -> google.protobuf.Value
	9, // [9:9] is the sub-list for method output_type
	9, // [9:9] is the sub-list for method input_type
	9, // [9:9] is the sub-list for extension type_name
	9, // [9:9] is the sub-list for extension extendee
	0, // [0:9] is the sub-list for field type_name
}

func init() { file_v1_oidc_config_proto_init() }
func file_v1_oidc_config_proto_init() {
	if File_v1_oidc_config_proto != nil {
		return
	}
	if !protoimpl.UnsafeEnabled {
		file_v1_oidc_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
			switch v := v.(*TokenConfig); i {
			case 0:
				return &v.state
			case 1:
				return &v.sizeCache
			case 2:
				return &v.unknownFields
			default:
				return nil
			}
		}
		file_v1_oidc_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
			switch v := v.(*RedisConfig); i {
			case 0:
				return &v.state
			case 1:
				return &v.sizeCache
			case 2:
				return &v.unknownFields
			default:
				return nil
			}
		}
		file_v1_oidc_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
			switch v := v.(*LogoutConfig); i {
			case 0:
				return &v.state
			case 1:
				return &v.sizeCache
			case 2:
				return &v.unknownFields
			default:
				return nil
			}
		}
		file_v1_oidc_config_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
			switch v := v.(*OIDCConfig); i {
			case 0:
				return &v.state
			case 1:
				return &v.sizeCache
			case 2:
				return &v.unknownFields
			default:
				return nil
			}
		}
		file_v1_oidc_config_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
			switch v := v.(*OIDCConfig_JwksFetcherConfig); i {
			case 0:
				return &v.state
			case 1:
				return &v.sizeCache
			case 2:
				return &v.unknownFields
			default:
				return nil
			}
		}
		file_v1_oidc_config_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
			switch v := v.(*OIDCConfig_SecretReference); i {
			case 0:
				return &v.state
			case 1:
				return &v.sizeCache
			case 2:
				return &v.unknownFields
			default:
				return nil
			}
		}
	}
	file_v1_oidc_config_proto_msgTypes[3].OneofWrappers = []interface{}{
		(*OIDCConfig_Jwks)(nil),
		(*OIDCConfig_JwksFetcher)(nil),
		(*OIDCConfig_ClientSecret)(nil),
		(*OIDCConfig_ClientSecretRef)(nil),
		(*OIDCConfig_TrustedCertificateAuthority)(nil),
		(*OIDCConfig_TrustedCertificateAuthorityFile)(nil),
	}
	type x struct{}
	out := protoimpl.TypeBuilder{
		File: protoimpl.DescBuilder{
			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
			RawDescriptor: file_v1_oidc_config_proto_rawDesc,
			NumEnums:      0,
			NumMessages:   6,
			NumExtensions: 0,
			NumServices:   0,
		},
		GoTypes:           file_v1_oidc_config_proto_goTypes,
		DependencyIndexes: file_v1_oidc_config_proto_depIdxs,
		MessageInfos:      file_v1_oidc_config_proto_msgTypes,
	}.Build()
	File_v1_oidc_config_proto = out.File
	file_v1_oidc_config_proto_rawDesc = nil
	file_v1_oidc_config_proto_goTypes = nil
	file_v1_oidc_config_proto_depIdxs = nil
}