fix JWT claim based routing doc (#2918)

istio · Aug 29, 2023 · 68bd84f · 68bd84f
1 parent 708fbc7
commit 68bd84f
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 10 deletions.
diff --git a/security/v1/request_authentication.pb.go b/security/v1/request_authentication.pb.go
diff --git a/security/v1/request_authentication.proto b/security/v1/request_authentication.proto
@@ -295,8 +295,10 @@ option go_package="istio.io/api/security/v1";
 // is now supported. A prefix '@' is used to denote a match against internal metadata instead of the headers in the request.
 // Currently this feature is only supported for the following metadata:
 //
-// - `request.auth.claims.{claim-name}[.{sub-claim}]*` which are extracted from validated JWT tokens. The claim name
-// currently does not support the `.` character. Examples: `request.auth.claims.sub` and `request.auth.claims.name.givenName`.
+// - `request.auth.claims.{claim-name}[.{nested-claim}]*` which are extracted from validated JWT tokens.
+// Use the `.` or `[]` as a separator for nested claim names.
+// Examples: `request.auth.claims.sub`, `request.auth.claims.name.givenName` and `request.auth.claims[foo.com/name]`.
+// For more information, see [JWT claim based routing](https://istio.io/latest/docs/tasks/security/authentication/jwt-route/).
 //
 // The use of matches against JWT claim metadata is only supported in Gateways. The following example shows:
 //

diff --git a/security/v1beta1/request_authentication.pb.go b/security/v1beta1/request_authentication.pb.go
diff --git a/security/v1beta1/request_authentication.pb.html b/security/v1beta1/request_authentication.pb.html
diff --git a/security/v1beta1/request_authentication.proto b/security/v1beta1/request_authentication.proto
@@ -293,8 +293,10 @@ option go_package="istio.io/api/security/v1beta1";
 // is now supported. A prefix '@' is used to denote a match against internal metadata instead of the headers in the request.
 // Currently this feature is only supported for the following metadata:
 //
-// - `request.auth.claims.{claim-name}[.{sub-claim}]*` which are extracted from validated JWT tokens. The claim name
-// currently does not support the `.` character. Examples: `request.auth.claims.sub` and `request.auth.claims.name.givenName`.
+// - `request.auth.claims.{claim-name}[.{nested-claim}]*` which are extracted from validated JWT tokens.
+// Use the `.` or `[]` as a separator for nested claim names.
+// Examples: `request.auth.claims.sub`, `request.auth.claims.name.givenName` and `request.auth.claims[foo.com/name]`.
+// For more information, see [JWT claim based routing](https://istio.io/latest/docs/tasks/security/authentication/jwt-route/).
 //
 // The use of matches against JWT claim metadata is only supported in Gateways. The following example shows:
 //