From 1a1cc30c678488ae2dea1c27f94971fde84d6584 Mon Sep 17 00:00:00 2001
From: Caleb Doxsey <cdoxsey@pomerium.com>
Date: Wed, 17 Feb 2021 13:43:18 -0700
Subject: [PATCH] config: support map of jwt claim headers (#1906)

* config: support map of jwt claim headers

* fix array handling, add test

* update docs

* use separate hook, add tests
---
 authorize/check_response_test.go          |   2 +-
 authorize/evaluator/opa/policy/authz.rego |   5 +-
 authorize/evaluator/opa/policy/statik.go  |   2 +-
 authorize/evaluator/opa_test.go           |   2 +-
 authorize/evaluator/store.go              |   2 +-
 config/constants.go                       |   1 +
 config/custom.go                          |  93 ++++
 config/custom_test.go                     |  89 ++++
 config/options.go                         |   2 +-
 docs/reference/readme.md                  |   9 +
 docs/reference/settings.yaml              |   9 +
 pkg/grpc/config/config.pb.go              | 530 +++++++++++-----------
 pkg/grpc/config/config.proto              |   3 +-
 proxy/state.go                            |   2 +-
 14 files changed, 482 insertions(+), 269 deletions(-)

diff --git a/authorize/check_response_test.go b/authorize/check_response_test.go
index 893089182..0037a2c3c 100644
--- a/authorize/check_response_test.go
+++ b/authorize/check_response_test.go
@@ -33,7 +33,7 @@ func TestAuthorize_okResponse(t *testing.T) {
 				Rego: []string{"allow = true"},
 			}},
 		}},
-		JWTClaimsHeaders: []string{"email"},
+		JWTClaimsHeaders: config.NewJWTClaimHeaders("email"),
 	}
 	a := &Authorize{currentOptions: config.NewAtomicOptions(), state: newAtomicAuthorizeState(new(authorizeState))}
 	encoder, _ := jws.NewHS256Signer([]byte{0, 0, 0, 0})
diff --git a/authorize/evaluator/opa/policy/authz.rego b/authorize/evaluator/opa/policy/authz.rego
index c90ef1e89..7691e2831 100644
--- a/authorize/evaluator/opa/policy/authz.rego
+++ b/authorize/evaluator/opa/policy/authz.rego
@@ -262,11 +262,12 @@ identity_headers := {key: value |
 		claim_value != null
 
 		# only include those headers requested by the user
-		available := data.jwt_claim_headers[_]
+		some header_name
+		available := data.jwt_claim_headers[header_name]
 		available == claim_key
 
 		# create the header key and value
-		k := concat("", ["x-pomerium-claim-", claim_key])
+		k := header_name
 		v := get_header_string_value(claim_value)
 	]
 
diff --git a/authorize/evaluator/opa/policy/statik.go b/authorize/evaluator/opa/policy/statik.go
index 0aef1578f..a0da82fcb 100644
--- a/authorize/evaluator/opa/policy/statik.go
+++ b/authorize/evaluator/opa/policy/statik.go
@@ -9,6 +9,6 @@ import (
 const Rego = "rego" // static asset namespace
 
 func init() {
-	data := "PK\x03\x04\x14\x00\x08\x00\x08\x00\x00\x00!(\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00	\x00authz.regoUT\x05\x00\x01\x80Cm8\xc4ZKs\xdb8\xf2?\x93\x9f\xa2\xff\xcca\xc4\xff\xd0t\x1c{\x0e\xab\x946\x9b\x9d\xda\x9a\x9d}ej\x92\xd4\x1eX\x1c\x0eD\xc2\x12,\x8a\xe0\x02\xa0,\xc5\xc9w\xdfj\x80\x0f\x88\x0fEv\x92\xda\x8bE\x02\xfd\xf8u\x03ht7]\x92tCV\x14J\xbe\xa5\x82U\xdb\x90Tj\xfd\xc1u3zK\xaa\\\x01\xc9s~\x0f\x0b\xb8%\xb9\xa4\xae+x\xa5hR\xf2\x9c\xa5\x87\x84e{\x98/\xe0\x96	\xa9\x12MH\xb3\xa4O1cEY\xa9p\xadT\x19V\"\xf7\x8fe \x7fF\x14	\xadAFe\xd4\x97\x12\xbb\xae\xa4R2^\xc0\x02$<\xb8\x8e\x84\x05\xf0\xe5\x1dMU\xb2\xa2j\xa6\x85\xe0\x9f\xa5\xe0\x1b*\x12|\x8c<u(i\xb8\xe2|\x95SR2\x19\xa6|\xeb\xc5\x91WI*\xc2\xb7T\xecXJ_\xa7)\xaf\n\xe5\xc5\x01\x18\xa4\xb5\x9e\x90e\x01\x14U\x9e\xfb\xa8\xeb\xff\x16\xfa\xd9\xfd\x044\x97\xf4k`h\xd4\xbc5\xbf\x8f\xd5\xff\xf0	\x01(QQ\xf7\x93\xeb\xa2A\xb0\x80\n\xc7\xaa/\x00\xa5\x1d\xf3^R\x81pZ \xdb\x92\n\xc9\x0b\xa2h\x82\x04\x89\x85\xac\x1a\"\xfb6 \xceP|\xec\x92\x8c	\x9a*.\x0eI\xed\x9cL\x03\xcb\xbe\x04Y+\xf3Q>\xcaF\xb0~S0\xe7\x008v\xd6J\xf0\xaaLX\x86\x1bz\xa5\xb7\xf6\n\x1f\xc7\xac\xd3\xa4R\x13\x0c\x84Z\xac\xc7\xee\x0f[\x05\xe3\x8cQ<@#14\x10!\xc8!Ly\x91\x125ke\x04\xbdq\xaa\x12\xcbi\x86\xac [*;\x16?\x80Q2\xba%,\xb7\xe9|\xdfuI\x9e\xb7\xe1,\xe3[\xc2\n\x0d\x06\x05\xf4\x86gv\x9c\xeaqvV\xd8\x8cf\xf4\x14\x1f\xfak\xc0\xa6\x07Oq\xb1\xacL\xd2\x9c\xb0\xed\x80\xb5\x9b\xe9\xf33\x99t+\xcb\x8a\x15r\xea`8\x1b[x\xed*\x1f\xfe\x08\xcf]\xf7Y}/\x94\xd52g\xa9k^\x1e\\\xc7V\x10\xbe\xc6\xd1_4\xc5\xfb\x02\xaf\x15Z(\x96\x12E\xb3\xd7iJ\xa5\x84\xc5\x02\x9a%o\x04\xa6\\H(\x05\xbd\xcd\xd9j\xad&\x04\xff\xf8\xe6\xd7\xb7FxC\xd8\x8ar\xac\xdbfK\xd5\x9ag8\xe5\xbd\xf9\xe5\xdd\xcfo\xfe\xf5\xd6s\x1dc\x9f9s!\x9e9\x8baMIF\x85\x0c\xc03\x00/~\xe4\x85\x12<\xbf\xf8\x95\xfe\xa7\xa2R]\xfcSK\xf4\x02\x88b\xdfx\xe2Lyo\x04[\xb1\xc2f\xb4l&\xc5\x01\x8e\xdc\x03\xb8\xda\xa7\x9c\xfa\xba8\xbc\xb6\x19\xde\xeb\x08\xd7\xb8\xa0\x17\x06\xf0\xb4y\x9e\xadpy\xd0\x1a@\xafh\xa7\xa7\xe0\n\xfa[\xc2u\xf4\xf1\xd5\x94\xa8a\xb0Q\xa3$\x1e\x13\xcd\xb2\xb3\xe4\xb2\xec\x1c\xa1\xfa\xcc|N\x9e\xe4[ZS:\xe6\x90EI\x8c1\xc9\x0c\x0dO\xa6=}l\x81\xb5\xeb\xfb>\x1a\xea\x1d\x03?\x11:\x8d\xaci]=;O\xdb8\x1d\x9b\x9fl\xb7	jg9\xba&u\xb4I	+\xea\x808\xebvK\x00#a42\xbf\xb1\x7f\xc2\x0b}\x14\x8fD0\xe9\xf8G\x01\"b\xc9\x94 \xe2\x00,+\xc1\x84\xcf\x0e\x12\x11\xb4\x0e\xa9\x8d\xbc\xd9x,\x8e\x12\xebZ6CZ\xd3\x13%i\xefZb\xda0\\'\xefP\x89\xdc\x82\x99\xf2B\xe9[\xea8\x05\x0f\xc0\xbb\x0c\x1b\x96KOK\xcahq\x88\x04%\x92\x17\xfa*6\x8fx3\xdf\xfc\xe1\x87\x00<V\xecH\xce2HsF\x0b\x05)\x15\x8a\xdd\xea\xe0\xe3\xc5z\x89\x96\x9c\xe7\x94\x14\xb5*&\x13M\x9f\x18\xfa\xc4\xa2\xf7\xeb}\xf59:Duw\xaf\x92:\x88b\xca\xe2:\x98\x0bys\xf0\xfe\xf6\xefw^\xe0:\x1e\xc9W\xde\xdc\x14\x10\x92\xad\nV\xac\x92\x0d=\x84$_\xe1\xec\x86ec\xb3\x1b\x96\x05\x8d\xf4\x92\x1crN\xb2\x84T\x19,`\x87:v\xb0\x80\x92\x08I\x93J\xe4\xfd\xea%\\s\xa90\xb7\xe8r\x17\xcf\xb3s\x17[(\x93:\x13B\xfdL\xca\x8a\x8a\xe3\xe9;\xc5l\x9d]\xde\x7f\x8el\xba/\xc7\x98\xe9\xbed\x82\xca\x84`\x1d\x91\xf2\"\x93\x9d0L\xb9&\xa1\x12\xd5\x88{\xd6\x08\x93 \x15\x17\x14\xd4\x9a\x82\xc6\x9f%D\x01/\xcc@\x96(\xbe\xa1E\x1f\xbb\x19\x0d[\xfa!\x8cV\x89.\xbf\x80\x98\xfak\xa8\x0c\x88\xaa\xb3\xc8\xfc\xd0\xd32-\xfc\x94\x8d\xb2Z\xda.\xab/\xa0s\x9c]W\x10Oa\xado\xce\x91e\x1e^\x0cG\x1e\xda\x0d\x93\xe8)\xb2\xb1\xc9iDu^j\xf1Oe\xd9g%\xd6\xfeT\x16\x8f:\xbb\x8c4r\x9d\xc8cRz\x01\xf4\x8eH\x1c\xe0\x14\xa9\xb2\xde\x14\xa923u\xa7Xo\xeaN13E\xf7eo\x8a\xeeK3\xc5\x88\xea\xeb\"\xcaL\xc9j\xd9\x9b\x92\xd5\xd2L\xa1+{s8TkC\x17\xf7\xf5\xe1\x98\x996\x8e\xed\xcd\x9b\xc18p\xe3\xa3U\xc0p\xb6\xa1\x879\xecH^Q\xf8\x88'\xa2\x92\x14\x08\xa4|[\n\xba\xa6\x85nv\xf0\x1d\x15@\n\xb3D\xa08\x08\xba\xe5;\n\x05\xcb\x0d\xabt\x9dhC\x0f\x81y\x8b\xd1\xd5\x9d\xe31\x8fr\x8c\x86\xb6\xe4r]\x8c\x854K\xee\xee\xf1\xc83\x1e\xde\xdd\xab\x90\x16)\xcfh\x82S3+\xea\x1e\xd9\x12\x0cB\xa9\xef\xba\x9bjIEA\x15\x95V\xa4^\x0f\xd2\xd6\xbf\xb7d\xc7m\x97w\x18-\xea\x0c\xd5Y\xd7\x1b\xc5\x89<Lo\xb9`\x1f\x88b\x1c\xf3\xe6zsz\x809\xb4\xf7gJ\x84^\xa7\xf3u\xc4>.\x92\x13y?w\xe7\xee\xe2\xfdp\xb5\xdb\xf5\xec\x91\xfe\x84\xeb\xe8\x993a\x0cM\xa4\x12\xe8\x07\xed\xdf\xd9p\xcd\xb5\xc2x\xb2\xc6\xd5\xf5|\x92\xe6\xbc\xca\x12\x8c\x85T\xe4T\xca\xc4*\x04\x18/\x92:J&u\x94\xec\x1aOM\xdf\xecir\xa6\xe2\xc4\x94\xb4SK\xfb\x97\x82,s\xfa\x93\xe6\xfc\x11\x19\xdf\xb6|\xaf\x8f@\xb8N\xd4\xdc\x9e\x01$z\xab\x9a{\x16G\x93\x92\x0buT\xa0\x86\xefx\xf4<\x0e\xdf\xff\xfa\x8f\xf0\xaf\\*\xdfuH\x951Z\xa4\xd4\xd4\xa9fC\xe8\xfd\x80\xd7\xb3\x9c_^z\x014\x1ab\xbf\xdeO\xb8`\x9f1k\xf64'\x06\xd0\x00\xf2\xa7\xfa*,Cvuh\x1d8\x1f\x9c\xfb\xf5\x95\xde\xf5\x91\xb7\xbfhr\xb2\x8b\xbb{uA\xa4\xc4dH\xef\xfe\xee\xc4\xc6\xb1\xeb\xac_\x18\x8eM\x00\xbb\x18E8\x91>\xee\x89\x8e\x03\xe6q2\x1a8\xd6|\x1b\x14\\\xc7y\x06\xbc\xc8\x0f\xc0\x8a4\xaf2\xbc\x86\xb9\xa4\xd0\xa0\x16\xa6\xfe\xa5\x19\xa6\xc6xC\xeb\x02\xd5q\xc8\x8e\xb0\x1cW\xbf\xdd\x8e\xad\xb6\xc6b\xa3\xb4#\\,\xa0\x05k\xf4\xa6\x82b\xda\x8fb\x0d\x0fl\xe8\x01H\x91\x19\x1f\xb9\x8e\xb3\x19,\xb8\xe5+-\xed\xc2\x0b:\xb1\xb8\xf4\xce\xaeY\xfb\xb1\xc3j\xf9\xc0\xc73\xea:\xebk\xa4\x1f\x063\xd7Y\xdf\x1cy\x1b\x8c\xe0\xd3\x1b*\xda\xc4Z\xe8\xa0\x855\xfd\xb2\xbe\n`\xfd\xc2\x0f`}\x8d\x7fn\xfca\\_\xb7e\xb1\xa0\xaa\x12\x85\xd4>\xd3\xddw\xd8\x12\x95\xaeY\xb12\x11\xd1=\xa7%\x8f\xe9\xad\x0fM\xfb\xdej\xe9?\xb8\xce`\x0c]\x80\xbf\x1fA\x17_,\xdb\x07`\xa6_\xd6\xbf0\xde\xc8g\xd9>~	GH\x06\xe5H\xdd\x90\x8a\xa3\xe7q[\x1c\x1d\x13'6\x9d.\n\x9b\xd1\x84/\xef\xbaH\xd2f\xec\xda8]\xfdZ\x1e\x90\xbc\x12\xa9%\x11y[\xa9}\xe2R\xd0[\xb6?\x97\x98\xa8\xf5\x99\xa4\x82\xae\xe8\xa4\xd8\xbe\xf5\xa7!\xa3#\xac\xce\x93\x19\x0d\xc03L^\x00\x9e\xe7\xeb\xf6\x97\xf7-\x04\xd7\x97\xb6\x19\x1b_\x8a:\x90\x1b\x12\xbf\xb7j\xba\x94Bx\xc7\x12\xf4\xf0\x10\xef\xc9\xe5\x98\xc2k\x98N;\xe2\xcb\x057\x8ePD(y\xcf\xfa;!\xc4\xcd\xd1H\x0c\x0d\xe7\xc8J\x9f\xd8B\x93(\x88Z\x7f\xc6\xb8/\x12Z\x1b\xd6 'j\x8dz\x86\xc6\x0d\xf5\x9e\xda\xe4S\x8a5\xcfis\xbeTlm\x90\xa0\x89\x8e\x97\xcd\xfe\xd4$\xc1\x88az\x99\xba\xed,\x95\xc0\x80\xf9\xe0\xc9tM\xb7\xd4\x9b\x83y\x08\xc0\xc3M\xeb\xcdu\xf6Q\xbfa\x12R\x8f\x98\x8c\xc7xv\x0e\xf8\xa3\x93\x84(	Z\x01\x86Q\x90{\x9c\x8da\x01\x1aSx\xcb\x8a\x0c\xc3xs}\xc9j\xa9\x91'\xc5\xec\xf7\xd9\xab\xf9l\xf6j\xae\xd22\xfa>\xf6_a8\x8dd\xfc\xca\x9f_^\xfa\xaff\xd1o\x97\xf1\xf7\xfe,\xfa\xed\xd5\xb3\xf8\xff\xfd\xdf\x03\x90J\x04p\xe5c\x8c\xed\xe5a\xc34lm\xf2-\xb3\xe2Pp\xb1%9\xfb`\x8e\xa8\xdeR5P\xcb?\x1ds\xed\xa5\xc8\x98\x84C:\xf1m\x9bQ\x1a\x887\xf7\xfc\x1aGC\xb3\x00Y\xe6LY\xf3]\xea\xdc\x93e\"\x07\x9a\x84\xbbS\xe0\xb3wss\xadw\xcc\x08\xda\x1a\x91w\xa9s]\xa9D\xb7\xbf\xa6\xa9\x91\xac\xa6n\x1b\xe8\xfd^c\xddW4oz\x07\xea\x9b\xd2\xd8QOz\x7fBK\xcdg\x82\xbd\xde\xd9/\\g\x1f]\xc5\xf8X71QtN\xb7\xb4P(<gR\xcd\xf0O\x008\xaa\xe5\xe2\xabi\xdc\xe2\x90N\xd5\x07_\x87\x9a\x83PW\xf6\xb2Z\xf6\xbe)- \x92ex<\xf6\x11d\xa9\x83v\x1d\xaa\xabeww'\x98m\xea|\xe7\x01o\xfe}\xbfUP\xf3\x1c	\x0c \xaa\xe0#T\xd32\x8f\xe9Q\x89\x1f%\xf1\xa7\xbeM\xcd\x17\xb6\x9eU\xe7\xc3\xa9\x05<\x02P\xd3\x13\x9e\x82T\x7f\xbb{2\"\xc3\xff\x08@m\xc3~\x1c\x8f\xf5eo\x0c\xd3\x11\x94\xa8\x87\xa5\xe3\x8d\x1f\x01\xc8\xe22W\xd8H\xfb:\x80\xa5I\xd1db\xe2\xf1\x8c\xf8\xf6\xdb\x12S\xa2\x9d\xf9\xbc\x1b\x91M\xec:K\xf3fE\xefe\x00d\xd3|\xbf\xd6\xcc\xda\x98\x19\xd9I\xdfz]\xeaW\xb23\xdf4\x16\xb0\xdc5\x9f\x8eN\xb4\xaeX&}\xfb[5\xa6\xb68\x03\x1f\x81e\xf8\xc62\x19\xb1\xf8\xa5\xf9D\xd2V6\x8f\xff,oZ\x06q\xc4\xb2\xf8%h\x0d\xf3\xfa\xbbK\xa8+\xd4I\x9c\xf5G\xe91\xa0\xa6\x9d\xf8M\x91\x1a\x15-T\xd3\x10i\xb0\x8eUS|y\xe77\x8d\x89vip\xb0\xeeS4\x95[\xe0\x05\xa0\x87\xfb\xffD\xd3\xa3\x89\xf8\xf2\xae\xf9 \xd3\xfds\x040	9\xdbPk\x9b\x04\xb0\xac\x14\xc8\xaa\xc4;@\xa2\x8c\x1d\x96\xcc\xc5J\x87zV`!)Aq\x90\xb4$\x02\x8b\xcc\x9c\xf3MUJ]B\xad8d\x9c\xca\xe2\xbbV\x04\x08\x9aVB2^\x04 9\xdcSX\x13\x91A\xca3\n\x04r\xb6eX\x02\x17\xd5vI\x05\xf0[\xb8\xfcN\xba\xd6\x7fo\xe8lD\xd7l\x19\xbd\xd5GQ\x17\xd9h\"]ap\x97\xdd\xe5\xa0\xc9\xbc\xcb\xeejhH\x9a\x1b\x82_\xf5\x8e\x84\x96\xdePE\xcf\xe3\x00\x1e>\xf9Mw\xef\x98\xf2\xca\"\xbc\x8a\x0d\x1c\xabm\xfcTT\xd7\xe7\xa3\xe2/\xfat}L\x93\xe0_X\x84/\xbe\x1e\xf8\x9b\xaf\x0e\x9e_\xf7\xc9\xfa\xd0'm\xbc\xb6\x08\xaf\xbf\x9e\x8d?\xfc\xafl\xe47}\xb2\xbe\x85\x93\xae\xb8\xb1\x08o\xa6]1\xc6zt\xdc\xdcO\xee\x7f\x03\x00\x00\xff\xffPK\x07\x08\xa5\xe6\x0dy\xba\n\x00\x00\xcb(\x00\x00PK\x03\x04\x14\x00\x08\x00\x08\x00\x00\x00!(\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00	\x00authz_test.regoUT\x05\x00\x01\x80Cm8\xecY]o\xdb6\x17\xbe\x96~\x05\xc1\xab\xe4}\x1d\x19I\xbb]\x180V\xaf\x18\x8a]l)\xfaq\x15\x04\x02-\x9dZ\\%Q%\xa9\xd5\x8e\xe1\xff>\x1cR\x92eYj%\xd7\xf6\xd2.\xbe\xb0%\xf2|=\xe79\xfct\xc6\x82\x8fl\x01$\x13	H\x9e'\x1e\xcbu\xf4\xe0\xba\x0b\xd0\xfeB\x88E\x0c~\x10\x8b<\xf4\x15\xc8\xbfA\xc6\xa0\x94\x1f\x01\x0bA\xaa\x0bl\xe2\x01\xcc\x82@\xe4\xa9\x1e\x11\x96\x87\x1c\xd2\x00.\xc9\x94Dd\xed\x12BHD&\xd3\xe2\x11?t\x96\xebHH\xfe\xc04\x17)\x9d\x10\xfa+0	\x92,\x97Kj\xa46\xee\xc6u5(\xedC\xc2x\xec\xb38\x16\x9f!$k\xd71\x8f\xe43\xd7\x11	\x99f\x9e\x14\xb9\x06?\x131\x0f8(\xc2\x14\xb9[\xbb\x8eC\x95\xc8e\x00h\x1c\x96,\xc9b\xf0\x02\x91\xd0\x11v\x15\xd6\xfc\\\x81TtB\xee\xe8\xf2E]\xe8~\xe4:\x9b{\xd7qjn\xf0k.\xc5G\x90>>\xa2\x9f5\xd5\xab\x0c<\x9b \x96qe\x94'\x18$\xfa\x07\xa5\xb8H\xbd\xb7\xf6\x17\xdb\xcb\xb6k\xf3\xc2C\x0c\xaej\x1a\x11\x8a\xf1\xf8\xb6\x19\x1f\xaf\xe9f32\xb6\xf0\xcd{\xaf@\x1aE\xdb\xb75a\xdfG\x84\x9a\\a\xcb.\x1cke\xb3\xa9\x00\xf14\xcb\xb5\x17i\x9dY\x18\xb94Z\xd80\x19\x8fwT\x1b:E\xb4V\xad\x01`\xcb\x19O2\x90J\xa4LC\xc1_*t\x9d\xc3Th\xf2_\xe2qD\xe8^N\xb0w\xd5\xc2\xd3\x0f\xc0\xf6\xa9G\xeb\xea\x89\xe5\xb3\xb3\xbc\x90\"\xcfN\xc4\xac\xb1m\xa95\x8f\xd7\x8f\x87\xd3c\xb2\xe5\xd0\x90K\x08\xb4\x90\xab\x1e\xa6l\xc2y\xb8\x9b\x97}K\xaf\xb0\xc7\x18(d\xb6\xb6\x8a\x86\xb3\xd7J}\x14XnO\xbc\x00<\xe2\x02\xea7)4\xa4\x9axn\xb6\xc4?\x15\xe2\xb7\x15\xe2yf\xb0\x9b\xa7\x02|*@\xa5\xfdP$\x8c\xa7'*:k\xdcf\xe5Qn\x88\x8eY2g$\xad>\x10\n\x02O\xbb|=z\"\xbb\xe7\x90T\xe8\x1f`s\xdb\xc2\xf8\xe9\x87l#uOd\x9f\x8b\xec0\xf3\x83\x98\xf1\xe4T\x9b\x81\xad\x03\x9b\x7f\x91\x80g\xde\x0d\xed\x0cs1\xa7\xf7\x9bo\xe4\xfb\x10\xae\xbb\xa3\xc2\x80\xf0s6\x16\n\x0b\x03fS\xd7q\x8a\"\xaf(h\x89\xc6\x96d\xc6t\x84\x02cV4\xf4\x99j\x1dS\x89\xc3}\xcc\x1b>\xf2\xea\xa2\"\x15\"\x85\x17\xd5\xad\xea\x8e\xa3\xfb\xe1\xa9\x1e\xcf\xf7\x92\x8d\xbe\xea\x99\xde\x1di\x7f	\xd8\x1dk\x8dk\xd5\x10R~\x92\x15m\x9b\x82\xb9\x98\x7f\xe9\xb6\xa67\xf6\xa3!\xcf\xf2y\xcc\x83#\x0f\xfd\x19\x9axm,\xbfOY\xae#H5\x0f\x98\x86p\x16\x04\xa00\x15Z\xe6p8\xf6F\xf4\x83\x89k)\xec\x96\x8a\x96\xf0\x81/mM\xaf\xae0\xc1\x9d\x95\xddFk\xfb\xf8\xd9w\xd3?Y\x87\x0f\x94\"\xfcZ\xe2\x8aAxd\xe2\xfbe\xe6\x10\xd2\xc7^\x19\xf2\xb8\x06#\x10R\xf9\xc8S\xcc\x17\x91\xfeW\xc08\xf4\xe5\xed\x9b\xb7\x96\xc42\x90>\xf5m\xb8O@G\xc2\x8c\xd7\xdb\xd7\xef~\xbf\xfd\xf3mQ\x13\xddi(\x04\x8a\xbf\x9b\xca\x9d\x8eCo%_\xf0\xd4D\x89k\x99\xb0\xaf&@\xac1SIW/E\xaa\xa5\x88\xaf\xde\xc0\xa7\x1c\x94\xbe\xfa\xa3t\x7fG_\xfd\xf6\xae\x90\xb6\x1b\x90\xae\x14\x0f\x1ej\xc7\xc9\xf2\xf7\x9f\xc7\x8cI\x05~.c\xf4\x84?\x93)\xa9\xda.\xdaBD\xffc\\V\x7f\xf9\xa4\xe8\xa5Q\xf2T\x10A\x02d:\xb5\xa0\xa8m\x8d\x84\xd2\xa6\xad\x9e6\xdb\x85\xfa\xa6kk\x8e6b\xd2A\xd6\x1d\x97\x0e\xb2\xff\x0f\x8f\xad\xd4\xfa\xc6\xf8\xca\xda\xb0ee\x8b\xa8\x1a\xdce{[\xee\xe8\xc8\xec\xe9\xda\x8ans9\\\xbfm\x0d:\xd0\x8c:\xc4\xce\xf8X\x86\xbeng\xdc\xcfP\x8f\x88\xac\xa5j\x96\xe8\xb4&\xe4\xe2\xcbt\xb5W\x83]\x9d\xfbWCm5\xef	\x91\x85	OMY\x9a\xaal\x181\xbd=!\xb6\xc4P\xa9w\xa0\xc3a\xd1\x1f[\xb9\xf7\xee\x89\xacE\xa9\x17\x88\xd6\x94Tg\x8bC\x12\xb2\xa7\xdc\x9e\x0e	\x0b\x18\xc0\xb5\x11G\xbb\xde\xffzf\xa4\x05Xe\xa4\xe8,l\xf5\x07W\x19\xb8[\xae\x1e\xee\xeb\xe0T>\xb7\x8b\xe4\n1-q\xca]\xc0\x16\xb3Y\n/\x86/\x9c\xb9\xbd\xc1\xb8)\xf6%\x95\x17\x0e\xa6\x1f\x17\xa5u\xb7\xda3{\x08\xef\x90\xb912\xcf\x0b\x19\xb3$_\xba\x18\xfbt\x8a\xdb\xb6\xd2\xb35dE7\xae\xeb\xac\x9a\xd8\x8a\x13got\xf5\x13jh\xbc\x84\xfd\xf0\xb5(\xb6 \xdc\x912\xe1\x87{\x18W\x16c\xe5\xdd\x9a\xb2\xa2\x88\xf1\xa1\x89\xd1\xfe]\xd0\x1bb\xfd\xdf\x05{\xc3\xdf\x0f\xe1\xbe^\x0b\xc0\xba\x90	}\xb1\x87\xef\xc1\xe2\xab|[KVt\xbb\x7fa\x12\xda\xee\x89\xf6Z/\xd6\x94\x19w\xd7\xe8\x87\xd4\xdf\xca\xd1\xd3\xads\xd3\xa2\xf3\x15'#BM\xc8\xcf\xda\xdc\x0d\x08\xafn\xe7\xeb\x81>G\xd1\x9f\xf0\xeb\xe7\x01!{s/(\xc5\xb0~<\xf0>\xec\xe0\xdem\xa9\xcd\x86\xe9\xca\xdf9\x1a\x9a\xa1y\xe4\xf3\x8e9\xc3\xcc\xd2\xd5\xac\xee\xa8\xb8\xc8\xdc?\xce\x0c\xbe\xa1;\xda\x8d\xecwz\xd1\xda\xc1\xe1\xd1\x0fT\xc3h<\x1d\xea\x7f\x02\x00\x00\xff\xffPK\x07\x08\x08\x1b\xb1\x1d*\x05\x00\x00F)\x00\x00PK\x01\x02\x14\x03\x14\x00\x08\x00\x08\x00\x00\x00!(\xa5\xe6\x0dy\xba\n\x00\x00\xcb(\x00\x00\n\x00	\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb4\x81\x00\x00\x00\x00authz.regoUT\x05\x00\x01\x80Cm8PK\x01\x02\x14\x03\x14\x00\x08\x00\x08\x00\x00\x00!(\x08\x1b\xb1\x1d*\x05\x00\x00F)\x00\x00\x0f\x00	\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb4\x81\xfb\n\x00\x00authz_test.regoUT\x05\x00\x01\x80Cm8PK\x05\x06\x00\x00\x00\x00\x02\x00\x02\x00\x87\x00\x00\x00k\x10\x00\x00\x00\x00"
+	data := "PK\x03\x04\x14\x00\x08\x00\x08\x00\x00\x00!(\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00	\x00authz.regoUT\x05\x00\x01\x80Cm8\xc4ZKs\xdb8\xf2?\x93\x9f\xa2\xff\xcca\xc4\xff\xd0t\x1c{\x0e\xab\x946\x9b\x9d\xda\x9a\x9d}ej\x92\xd4\x1eX\x1c\x0eD\xc2\x12,\x8a\xe0\x02\xa0,\xc5\xc9w\xdfj\x80\xa4\xc0\x97\";I\xed\xc5\"\x81~\xfc\xba\x014\xba\x9b.I\xba!+\n%\xdfR\xc1\xaamH*\xb5\xfe\xe0\xba\x19\xbd%U\xae\x80\xe49\xbf\x87\x05\xdc\x92\\R\xd7\x15\xbcR4)y\xce\xd2C\xc2\xb2=\xcc\x17p\xcb\x84T\x89&\xa4Y\xd2\xa7\x98\xb1\xa2\xacT\xb8V\xaa\x0c+\x91\xfb]\x19\xc8\x9f\x11EBk\x90Q\x19\xf5\xa5\xc4\xae+\xa9\x94\x8c\x17\xb0\x00	\x0f\xae#a\x01|yGS\x95\xac\xa8\x9ai!\xf8g)\xf8\x86\x8a\x04\x1f#O\x1dJ\x1a\xae8_\xe5\x94\x94L\x86)\xdfzq\xe4U\x92\x8a\xf0-\x15;\x96\xd2\xd7i\xca\xabByq\x00\x06i\xad'dY\x00E\x95\xe7>\xea\xfa\xbf\x85~v?\x01\xcd%\xfd\x1a\x18\x1a5o\xcd\xefc\xf5?|B\x00JT\xd4\xfd\xe4\xbah\x10,\xa0\xc2\xb1\xea\x0b@i\xc7\xbc\x97T \x9c\x16\xc8\xb6\xa4B\xf2\x82(\x9a Ab!\xab\x86\xc8\xbe\x0d\x883\x14w]\x921AS\xc5\xc5!\xa9\x9d\x93i`\xd9\x97 ke>\xcaG\xd9\x08\xd6o\n\xe6\x1c\x00]g\xad\x04\xaf\xca\x84e\xb8\xa1Wzk\xaf\xf0q\xcc:M*5\xc1@\xa8\xc5\xdau\x7f\xd8*\x18g\x8c\xe2\x01\x1a\x89\xa1\x81\x08A\x0ea\xca\x8b\x94\xa8Y+#\xe8\x8dS\x95XN3d\x05\xd9Ryd\xf1\x03\x18%\xa3[\xc2r\x9b\xce\xf7]\x97\xe4y\x1b\xce2\xbe%\xac\xd0`P@oxf\xc7\xa9\x1e\xe7\xd1\n\x9b\xd1\x8c\x9e\xe2C\x7f\x0d\xd8\xf4\xe0).\x96\x95I\x9a\x13\xb6\x1d\xb0\x1eg\xfa\xfcL&\xc7\x95e\xc5\n9u0\x9c\x8d-\xbcv\x95\x0f\x7f\x84\xe7\xae\xfb\xac\xbe\x17\xcaj\x99\xb3\xd45/\x0f\xaec+\x08_\xe3\xe8/\x9a\xe2}\x81\xd7\n-\x14K\x89\xa2\xd9\xeb4\xa5R\xc2b\x01\xcd\x927\x02S.$\x94\x82\xde\xe6l\xb5V\x13\x82\x7f|\xf3\xeb[#\xbc!lE9\xd6m\xb3\xa5j\xcd3\x9c\xf2\xde\xfc\xf2\xee\xe77\xffz\xeb\xb9\x8e\xb1\xcf\x9c\xb9\x10\xcf\x9c\xc5\xb0\xa6$\xa3B\x06\xe0\x19\x80\x17?\xf2B	\x9e_\xfcJ\xffSQ\xa9.\xfe\xa9%z\x01D\xb1o<q\xa6\xbc7\x82\xadXa3Z6\x93\xe2\x00\x1d\xf7\x00\xae\xf6)\xa7\xbe.\x0e\xafm\x86\xf7:\xc25.\xe8\x85\x01<m\x9eg+\\\x1e\xb4\x06\xd0+z\xd4Sp\x05\xfd-\xe1:\xfa\xf8jJ\xd40\xd8\xa8Q\x12\x8f\x89f\xd9YrYv\x8eP}f>'O\xf2-\xad)\x1ds\xc8\xa2$\xc6\x98d\x86\x86'\xd3\x9e\xeeZ`\xed\xfa\xbe\x8f\x86z\xc7\xc0O\x84N#kZW\xcf\xce\xd36N\xc7\xe6'\xdbm\x82\xdaY\x8e\xaeI\x1dmR\xc2\x8a: \xce\x8e\xbb%\x80\x910\x1a\x99\xdf\xd8?\xe1\x85>\x8aG\"\x98t\xfc\xa3\x00\x11\xb1dJ\x10q\x00\x96\x95`\xc2\xe7\x11\x12\x11\xb4\x0e\xa9\x8d\xbc\xd9x,\x8e\x12\xebZ6CZ\xd3\x13%i\xefZb\xda0\\'\xefP\x89\xdc\x82\x99\xf2B\xe9[\xaa\x9b\x82\x07\xe0]\x86\x0d\xcb\xa5\xa7%e\xb48D\x82\x12\xc9\x0b}\x15\x9bG\xbc\x99o\xfe\xf0C\x00\x1e+v$g\x19\xa49\xa3\x85\x82\x94\n\xc5nu\xf0\xf1b\xbdDK\xcesJ\x8aZ\x15\x93\x89\xa6O\x0c}b\xd1\xfb\xf5\xbe\xfa\x1c\x1d\xa2\xba\xbbWI\x1dD1eq\x1d\xcc\x85\xbc9x\x7f\xfb\xf7;/p\x1d\x8f\xe4+on\n\x08\xc9V\x05+V\xc9\x86\x1eB\x92\xafpv\xc3\xb2\xb1\xd9\x0d\xcb\x82FzI\x0e9'YB\xaa\x0c\x16\xb0C\x1d;X@I\x84\xa4I%\xf2~\xf5\x12\xae\xb9T\x98[\x1cs\x17\xcf\xb3s\x17[(\x93:\x13B\xfdL\xca\x8a\x8a\xee\xf4\x9db\xb6\xcec\xde\x7f\x8el\xba/\xc7\x98\xe9\xbed\x82\xca\x84`\x1d\x91\xf2\"\x93Ga\x98rMB%\xaa\x11\xf7\xac\x11&A*.(\xa85\x05\x8d?K\x88\x02^\x98\x81,Q|C\x8b>v3\x1a\xb6\xf4C\x18\xad\x12]~\x011\xf5\xd7P\x19\x10Ug\x91\xf9\xa1\xa7eZ\xf8)\x1be\xb5\xb4]V_@\xe78\xbb\xae \x9e\xc2Z\xdf\x9c#\xcb<\xbc\x18:\x1e\xda\x0d\x93\xe8)\xb2\xb1\xc9iDu^j\xf1Oe\xd9g%\xd6\xfeT\x16\x8f:\x8f\x19i\xe4:\x91\xc7\xa4\xf4\x02\xe8\x1d\x918\xc0)Re\xbd)Ref\xeaN\xb1\xde\xd4\x9dbf\x8a\xee\xcb\xde\x14\xdd\x97f\x8a\x11\xd5\xd7E\x94\x99\x92\xd5\xb27%\xab\xa5\x99BW\xf6\xe6p\xa8\xd6\x86.\xee\xeb\xc313m\x1c\xdb\x9b7\x83q\xe0\xc6\x9dU\xc0p\xb6\xa1\x879\xecH^Q\xf8\x88'\xa2\x92\x14\x08\xa4|[\n\xba\xa6\x85nv\xf0\x1d\x15@\n\xb3D\xa08\x08\xba\xe5;\n\x05\xcb\x0d\xabt\x9dhC\x0f\x81y\x8b\xd1\xd5G\xc7c\x1e\xe5\x18\x0dm\xc9\xe5\xba\x18\x0bi\x96\xdc\xdd\xe3\x91g<\xbc\xbbW!-R\x9e\xd1\x04\xa7fV\xd4\xed\xd8\x12\x0cB\xa9\xef\xba\x9bjIEA\x15\x95V\xa4^\x0f\xd2\xd6\xbf\xb7d\xdd\xb6\xcb;\x8c\x16u\x86\xea\xac\xeb\x8d\xe2D\x1e\xa6\xb7\\\xb0\x0fD1\x8eys\xbd9=\xc0\x1c\xda\xfb3%B\xaf\xd3\xf9:b\x1f\x17\xc9\x89\xbc\x9f\x8f\xe7\xee\xe2\xfdp\xb5\xdb\xf5\xec\x91\xfe\x84\xeb\xe8\x993a\x0cM\xa4\x12\xe8\x07\xed\xdf\xd9p\xcd\xb5\xc2x\xb2\xc6\xd5\xf5|\x92\xe6\xbc\xca\x12\x8c\x85T\xe4T\xca\xc4*\x04\x18/\x92:J&u\x94<6\x9e\x9a\xbe\xd9\xd3\xe4L\xc5\x89)i\xa7\x96\xf6/\x05Y\xe6\xf4'\xcd\xf9#2\xbem\xf9^w@\xb8N\xd4\xdc\x9e\x01$z\xab\x9a{\x16G\x93\x92\x0b\xd5)P\xc3w<z\x1e\x87\xef\x7f\xfdG\xf8W.\x95\xef:\xa4\xca\x18-Rj\xeaT\xb3!\xf4~\xc0\xebY\xce//\xbd\x00\x1a\x0d\xb1_\xef'\\\xb0\xcf\x985{\x9a\x13\x03h\x00\xf9S}\x15\x96!\xbb:\xb4\x0e\x9c\x0f\xce\xfd\xfaJ\xef\xfa\xc8\xdb_49\xd9\xc5\xdd\xbd\xba Rb2\xa4w\xff\xf1\xc4\xc6\xb1\xeb\xac_\x18\x8eM\x00\xbb\x18E8\x91>\xee\x89\x8e\x03\xe6q2\x1a8\xd6|\x1b\x14\\\xc7y\x06\xbc\xc8\x0f\xc0\x8a4\xaf2\xbc\x86\xb9\xa4\xd0\xa0\x16\xa6\xfe\xa5\x19\xa6\xc6xC\xeb\x02\xd51\x89x}\x1atR\xe48dGX\x8e\x1b\xa2\xdd\xa1-\x80\xc6	\x91\xc5\x11wX\x16\x0bh-1\xa0RA\xb1&@\x9d\x86\x0b6\xf4\x00\xa4\xc8\x8c\x03]\xc7\xd9\xa0\xa2.\x86]\xb3\xeec\x07\xd5\xb2\xdf\xc7\xf3\xe9:\xebk\xa4\x1f\x062\xd7Y\xdft<\x0dF\xf0\xe9\xcd\x14mb-t\xd0\xbe\x9a~Y_\x05\xb0~\xe1\x07\xb0\xbe\xc6?7\xfe0\xa6\xaf\xdb\x92XPU\x89Bj\x97\xe8\xce;l\x89J\xd7\xacX\x99h\xe8\x9e\xd3\x8e\xc7\xd4\xd6\x87\xa6uo\xb5\xf3\x1f\\g0\x86.\xc0\xdf\x8f\xa0\xd7\x9be\xfb\x00\xcc\xf4\xcb\xfa\x17\xc6\x9b\xf8,\xdb\xc7/\xa1\x83dP\x8a\xd4\xcd\xa88z\x1e\xb7\x85Q\x978\xb1\xe9tA\xd8\x8c&|yw\x8c\"m\xb6\xae\x8d\xd3\x95\xaf\xe5\x01\xc9+\x91Z\x12\x91\xb7\x95\xda'.\x05\xbde\xfbs\x89\x89Z\x9fI*\xe8\x8aN\x8a\xed[\x7f\x1a2:\xc2\xea:\x99\xd1\x00<\xc3\xe4\x05\xe0y\xben}y\xdfBp}a\x9b\xb1\xf1\xa5\xa8\x83\xb8!\xf1{\xab\xa6\xcb(\x84\xd7\x95\xa0\x87\x87xO.\xc7\x14^\xc3t\xda\x11_.\xb8q\x84\"B\xc9{\xd6\xdf	!n\x8eFbh8GV\xfa\xc4\x16\x9aDA\xd4\xfa3\xc6}\x91\xd0\xda\xb0\x069Qk\xd434n\xa8\xf7\xd4&\x9fR\xacyN\x9b\xf3\xa5bk\x83\x04Mt\xbcl\xf6\xa7&	F\x0c\xd3\xcbt\xdc\xceR	\x0c\x98\x0f\x9eL\xd7tK\xbd9\x98\x87\x00<\xdc\xb4\xde\\g\x1e\xf5\x1b\xdeC\xf5\x88\xc9v\x8cg\xe7\x80?:A\x88\x92\xa0\x15`\x18\x05\xb9\xc7\xd9\x18\x16\xa01\x85\xb7\xac\xc80\x8c7\xd7\x97\xac\x96\x1ayR\xcc~\x9f\xbd\x9a\xcff\xaf\xe6*-\xa3\xefc\xff\x15\x86\xd3H\xc6\xaf\xfc\xf9\xe5\xa5\xffj\x16\xfdv\x19\x7f\xef\xcf\xa2\xdf^=\x8b\xff\xdf\xff=\x00\xa9D\x00W>\xc6\xd8^\x0e6L\xc1\xd6&\xd72+\x0e\x05\x17[\x92\xb3\x0f\xe6\x88\xea-U\x03\xb5\xfcsd\xae\xbd\x14\x19\x93pH'\xbdm#J\x03\xf1\xe6\x9e_\xe3hh\x16 \xcb\x9c)k\xfe\x986\xf7d\x99\xc8\x81&\xe1\xee\x14\xf8\xec\xdd\xdc\\\xeb\x1d3\x82\xb6F\xe4]\xea<W*q\xdc_\xd3\xd4HVS\xb7\xcd\xf3~\x9f\xb1\xee)\x9a7\xbd\x03\xf5Mi\xec\xa8'\xbd?\xa1\xa5\xe6\x13\xc1^\xef\xec\x17\xae\xb3\x8f\xaeb|\xac\x1b\x98(:\xa7[Z(\x14\x9e3\xa9f\xf8'\x00\x1c\xd5r\xf1\xd54mqH\xa7\xe9\x83/C\xcdA\xa8\xabzY-{\xdf\x93\x16\x10\xc92\xec\x8e}\x04Y\xea\xa0]\x87\xeajy\xbc\xbb\x13\xcc4u\xbe\xf3\x807\xff\xbe\xdf&\xa8y:\x02\x03\x88*\xf8\x08\xd5\xb4\xcc.=*\xf1\xa3$\xfe\xd4\xb7\xa9\xf9\xba\xd6\xb3\xea|8\xb5\x80G\x00j\xfa\xc1S\x90\xea\xefvOFd\xf8\x1f\x01\xa8m\xd6\x8f\xe3\xb1\xbe\xea\x8da\xea@\x89zX\x8e\xbc\xf1#\x00Y\\\xe6\n\x1bi]\x07\xb04)\x9aLL<\x9e\x11\xdf~[bJ\xb43\x9fv#\xb2\x89]gi\xde\xac\xe8\xbd\x0c\x80l\x9ao\xd7\x9aY\x1b3#;\xe9[\xafK\xfdJv\xe6{\xc6\x02\x96\xbb\xe6\xb3\xd1\x89\xb6\x15\xcb\xa4o\x7f\xa7\xc6\xd4\x16g\xe0#\xb0\x0c\xdfX&#\x16\xbf4\x9fG\xda\x12\xe6\xf1\x9f\xe4M\xbb \x8eX\x16\xbf\x04\xada^\x7fs	M\xd93\x85\xb3\xfe =\x06\xd4\xb4\x12\xbf)R\xa3\xa2\x85j\x9a!\x0d\xd6\xb1j\x8a/\xef\xfc\xa6)\xd1.\x0d\x0e\xd6=\x8a\xa6L\x0f\xbc\x00\xf4p\xff\x1fhz4\x11_\xde5\x1fc\x8e\xff\x18\x01LB\xce6\xd4\xda&\x01,+\x05\xb2*\xf1\x0e\x90(c\x87\xe5r\xb1\xd2\xa1\x9e\x15X'JP\x1c$-\x89\xc0\x1a2\xe7|S\x95R\x97P+\x0e\x19\xa7\xb2\xf8\xae\x15\x01\x82\xa6\x95\x90\x8c\x17\x01H\x0e\xf7\x14\xd6Dd\x90\xf2\x8c\x02\x81\x9cm\x19\x96\xbfE\xb5]R\x01\xfc\x16.\xbf\x93\xae\xf5\x9f\x1b:\x1b\xd15[Fo\xf5Q\xd4\x056\x9aHW\x18\xdc\xe5\xf1r\xd0d\xde\xe5\xf1jhH\x9a\x1b\x82_\xf5\x8e\x84\x96\xdePE\xcf\xe3\x00\x1e>\xf9Mg\xafKye\x11^\xc5\x06\x8e\xd52~*\xaa\xeb\xf3Q\xf1\x17}\xba>\xa6I\xf0/,\xc2\x17_\x0f\xfc\xcdW\x07\xcf\xaf\xfbd}\xe8\x936^[\x84\xd7_\xcf\xc6\x1f\xfeW6\xf2\x9b>Y\xdf\xc2IW\xdcX\x847\xd3\xae\x18c\xed\x1c7\xf7\x93\xfb\xdf\x00\x00\x00\xff\xffPK\x07\x08\xa6m\xed)\xba\n\x00\x00\xc7(\x00\x00PK\x03\x04\x14\x00\x08\x00\x08\x00\x00\x00!(\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00	\x00authz_test.regoUT\x05\x00\x01\x80Cm8\xecY]o\xdb6\x17\xbe\x96~\x05\xc1\xab\xe4}\x1d\x19I\xbb]\x180V\xaf\x18\x8a]l)\xfaq\x15\x04\x02-\x9dZ\\%Q%\xa9\xd5\x8e\xe1\xff>\x1cR\x92eYj%\xd7\xf6\xd2.\xbe\xb0%\xf2|=\xe79\xfct\xc6\x82\x8fl\x01$\x13	H\x9e'\x1e\xcbu\xf4\xe0\xba\x0b\xd0\xfeB\x88E\x0c~\x10\x8b<\xf4\x15\xc8\xbfA\xc6\xa0\x94\x1f\x01\x0bA\xaa\x0bl\xe2\x01\xcc\x82@\xe4\xa9\x1e\x11\x96\x87\x1c\xd2\x00.\xc9\x94Dd\xed\x12BHD&\xd3\xe2\x11?t\x96\xebHH\xfe\xc04\x17)\x9d\x10\xfa+0	\x92,\x97Kj\xa46\xee\xc6u5(\xedC\xc2x\xec\xb38\x16\x9f!$k\xd71\x8f\xe43\xd7\x11	\x99f\x9e\x14\xb9\x06?\x131\x0f8(\xc2\x14\xb9[\xbb\x8eC\x95\xc8e\x00h\x1c\x96,\xc9b\xf0\x02\x91\xd0\x11v\x15\xd6\xfc\\\x81TtB\xee\xe8\xf2E]\xe8~\xe4:\x9b{\xd7qjn\xf0k.\xc5G\x90>>\xa2\x9f5\xd5\xab\x0c<\x9b \x96qe\x94'\x18$\xfa\x07\xa5\xb8H\xbd\xb7\xf6\x17\xdb\xcb\xb6k\xf3\xc2C\x0c\xaej\x1a\x11\x8a\xf1\xf8\xb6\x19\x1f\xaf\xe9f32\xb6\xf0\xcd{\xaf@\x1aE\xdb\xb75a\xdfG\x84\x9a\\a\xcb.\x1cke\xb3\xa9\x00\xf14\xcb\xb5\x17i\x9dY\x18\xb94Z\xd80\x19\x8fwT\x1b:E\xb4V\xad\x01`\xcb\x19O2\x90J\xa4LC\xc1_*t\x9d\xc3Th\xf2_\xe2qD\xe8^N\xb0w\xd5\xc2\xd3\x0f\xc0\xf6\xa9G\xeb\xea\x89\xe5\xb3\xb3\xbc\x90\"\xcfN\xc4\xac\xb1m\xa95\x8f\xd7\x8f\x87\xd3c\xb2\xe5\xd0\x90K\x08\xb4\x90\xab\x1e\xa6l\xc2y\xb8\x9b\x97}K\xaf\xb0\xc7\x18(d\xb6\xb6\x8a\x86\xb3\xd7J}\x14XnO\xbc\x00<\xe2\x02\xea7)4\xa4\x9axn\xb6\xc4?\x15\xe2\xb7\x15\xe2yf\xb0\x9b\xa7\x02|*@\xa5\xfdP$\x8c\xa7'*:k\xdcf\xe5Qn\x88\x8eY2g$\xad>\x10\n\x02O\xbb|=z\"\xbb\xe7\x90T\xe8\x1f`s\xdb\xc2\xf8\xe9\x87l#uOd\x9f\x8b\xec0\xf3\x83\x98\xf1\xe4T\x9b\x81\xad\x03\x9b\x7f\x91\x80g\xde\x0d\xed\x0cs1\xa7\xf7\x9bo\xe4\xfb\x10\xae\xbb\xa3\xc2\x80\xf0s6\x16\n\x0b\x03fS\xd7q\x8a\"\xaf(h\x89\xc6\x96d\xc6t\x84\x02cV4\xf4\x99j\x1dS\x89\xc3}\xcc\x1b>\xf2\xea\xa2\"\x15\"\x85\x17\xd5\xad\xea\x8e\xa3\xfb\xe1\xa9\x1e\xcf\xf7\x92\x8d\xbe\xea\x99\xde\x1di\x7f	\xd8\x1dk\x8dk\xd5\x10R~\x92\x15m\x9b\x82\xb9\x98\x7f\xe9\xb6\xa67\xf6\xa3!\xcf\xf2y\xcc\x83#\x0f\xfd\x19\x9axm,\xbfOY\xae#H5\x0f\x98\x86p\x16\x04\xa00\x15Z\xe6p8\xf6F\xf4\x83\x89k)\xec\x96\x8a\x96\xf0\x81/mM\xaf\xae0\xc1\x9d\x95\xddFk\xfb\xf8\xd9w\xd3?Y\x87\x0f\x94\"\xfcZ\xe2\x8aAxd\xe2\xfbe\xe6\x10\xd2\xc7^\x19\xf2\xb8\x06#\x10R\xf9\xc8S\xcc\x17\x91\xfeW\xc08\xf4\xe5\xed\x9b\xb7\x96\xc42\x90>\xf5m\xb8O@G\xc2\x8c\xd7\xdb\xd7\xef~\xbf\xfd\xf3mQ\x13\xddi(\x04\x8a\xbf\x9b\xca\x9d\x8eCo%_\xf0\xd4D\x89k\x99\xb0\xaf&@\xac1SIW/E\xaa\xa5\x88\xaf\xde\xc0\xa7\x1c\x94\xbe\xfa\xa3t\x7fG_\xfd\xf6\xae\x90\xb6\x1b\x90\xae\x14\x0f\x1ej\xc7\xc9\xf2\xf7\x9f\xc7\x8cI\x05~.c\xf4\x84?\x93)\xa9\xda.\xdaBD\xffc\\V\x7f\xf9\xa4\xe8\xa5Q\xf2T\x10A\x02d:\xb5\xa0\xa8m\x8d\x84\xd2\xa6\xad\x9e6\xdb\x85\xfa\xa6kk\x8e6b\xd2A\xd6\x1d\x97\x0e\xb2\xff\x0f\x8f\xad\xd4\xfa\xc6\xf8\xca\xda\xb0ee\x8b\xa8\x1a\xdce{[\xee\xe8\xc8\xec\xe9\xda\x8ans9\\\xbfm\x0d:\xd0\x8c:\xc4\xce\xf8X\x86\xbeng\xdc\xcfP\x8f\x88\xac\xa5j\x96\xe8\xb4&\xe4\xe2\xcbt\xb5W\x83]\x9d\xfbWCm5\xef	\x91\x85	OMY\x9a\xaal\x181\xbd=!\xb6\xc4P\xa9w\xa0\xc3a\xd1\x1f[\xb9\xf7\xee\x89\xacE\xa9\x17\x88\xd6\x94Tg\x8bC\x12\xb2\xa7\xdc\x9e\x0e	\x0b\x18\xc0\xb5\x11G\xbb\xde\xffzf\xa4\x05Xe\xa4\xe8,l\xf5\x07W\x19\xb8[\xae\x1e\xee\xeb\xe0T>\xb7\x8b\xe4\n1-q\xca]\xc0\x16\xb3Y\n/\x86/\x9c\xb9\xbd\xc1\xb8)\xf6%\x95\x17\x0e\xa6\x1f\x17\xa5u\xb7\xda3{\x08\xef\x90\xb912\xcf\x0b\x19\xb3$_\xba\x18\xfbt\x8a\xdb\xb6\xd2\xb35dE7\xae\xeb\xac\x9a\xd8\x8a\x13got\xf5\x13jh\xbc\x84\xfd\xf0\xb5(\xb6 \xdc\x912\xe1\x87{\x18W\x16c\xe5\xdd\x9a\xb2\xa2\x88\xf1\xa1\x89\xd1\xfe]\xd0\x1bb\xfd\xdf\x05{\xc3\xdf\x0f\xe1\xbe^\x0b\xc0\xba\x90	}\xb1\x87\xef\xc1\xe2\xab|[KVt\xbb\x7fa\x12\xda\xee\x89\xf6Z/\xd6\x94\x19w\xd7\xe8\x87\xd4\xdf\xca\xd1\xd3\xads\xd3\xa2\xf3\x15'#BM\xc8\xcf\xda\xdc\x0d\x08\xafn\xe7\xeb\x81>G\xd1\x9f\xf0\xeb\xe7\x01!{s/(\xc5\xb0~<\xf0>\xec\xe0\xdem\xa9\xcd\x86\xe9\xca\xdf9\x1a\x9a\xa1y\xe4\xf3\x8e9\xc3\xcc\xd2\xd5\xac\xee\xa8\xb8\xc8\xdc?\xce\x0c\xbe\xa1;\xda\x8d\xecwz\xd1\xda\xc1\xe1\xd1\x0fT\xc3h<\x1d\xea\x7f\x02\x00\x00\xff\xffPK\x07\x08\x08\x1b\xb1\x1d*\x05\x00\x00F)\x00\x00PK\x01\x02\x14\x03\x14\x00\x08\x00\x08\x00\x00\x00!(\xa6m\xed)\xba\n\x00\x00\xc7(\x00\x00\n\x00	\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb4\x81\x00\x00\x00\x00authz.regoUT\x05\x00\x01\x80Cm8PK\x01\x02\x14\x03\x14\x00\x08\x00\x08\x00\x00\x00!(\x08\x1b\xb1\x1d*\x05\x00\x00F)\x00\x00\x0f\x00	\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb4\x81\xfb\n\x00\x00authz_test.regoUT\x05\x00\x01\x80Cm8PK\x05\x06\x00\x00\x00\x00\x02\x00\x02\x00\x87\x00\x00\x00k\x10\x00\x00\x00\x00"
 	fs.RegisterWithNamespace("rego", data)
 }
diff --git a/authorize/evaluator/opa_test.go b/authorize/evaluator/opa_test.go
index 5d3777025..de0585c61 100644
--- a/authorize/evaluator/opa_test.go
+++ b/authorize/evaluator/opa_test.go
@@ -39,7 +39,7 @@ func TestOPA(t *testing.T) {
 		require.NoError(t, err)
 		store := NewStoreFromProtos(data...)
 		store.UpdateIssuer("authenticate.example.com")
-		store.UpdateJWTClaimHeaders([]string{"email", "groups", "user"})
+		store.UpdateJWTClaimHeaders(config.NewJWTClaimHeaders("email", "groups", "user"))
 		store.UpdateRoutePolicies(policies)
 		store.UpdateSigningKey(privateJWK)
 		r := rego.New(
diff --git a/authorize/evaluator/store.go b/authorize/evaluator/store.go
index d18f0b8a6..8992449e8 100644
--- a/authorize/evaluator/store.go
+++ b/authorize/evaluator/store.go
@@ -102,7 +102,7 @@ func (s *Store) UpdateGoogleCloudServerlessAuthenticationServiceAccount(serviceA
 }
 
 // UpdateJWTClaimHeaders updates the jwt claim headers in the store.
-func (s *Store) UpdateJWTClaimHeaders(jwtClaimHeaders []string) {
+func (s *Store) UpdateJWTClaimHeaders(jwtClaimHeaders map[string]string) {
 	s.write("/jwt_claim_headers", jwtClaimHeaders)
 }
 
diff --git a/config/constants.go b/config/constants.go
index 201c4106a..05c30e244 100644
--- a/config/constants.go
+++ b/config/constants.go
@@ -38,5 +38,6 @@ var (
 		DecodePolicyHookFunc(),
 		// parse base-64 encoded POLICY that is bound to environment variable
 		DecodePolicyBase64Hook(),
+		decodeJWTClaimHeadersHookFunc(),
 	))
 )
diff --git a/config/custom.go b/config/custom.go
index 42ae33685..ce87c0218 100644
--- a/config/custom.go
+++ b/config/custom.go
@@ -9,14 +9,103 @@ import (
 	"reflect"
 	"strconv"
 	"strings"
+	"unicode"
 
 	envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	"github.com/mitchellh/mapstructure"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 	"gopkg.in/yaml.v2"
+
+	"github.com/pomerium/pomerium/internal/httputil"
 )
 
+// JWTClaimHeaders are headers to add to a request based on IDP claims.
+type JWTClaimHeaders map[string]string
+
+// NewJWTClaimHeaders creates a JWTClaimHeaders map from a slice of claims.
+func NewJWTClaimHeaders(claims ...string) JWTClaimHeaders {
+	hdrs := make(JWTClaimHeaders)
+	for _, claim := range claims {
+		k := httputil.PomeriumJWTHeaderName(claim)
+		hdrs[k] = claim
+	}
+	return hdrs
+}
+
+// UnmarshalJSON unmarshals JSON data into the JWTClaimHeaders.
+func (hdrs *JWTClaimHeaders) UnmarshalJSON(data []byte) error {
+	var m map[string]interface{}
+	if json.Unmarshal(data, &m) == nil {
+		*hdrs = make(map[string]string)
+		for k, v := range m {
+			str := fmt.Sprint(v)
+			(*hdrs)[k] = str
+		}
+		return nil
+	}
+
+	var a []interface{}
+	if json.Unmarshal(data, &a) == nil {
+		var vs []string
+		for _, v := range a {
+			vs = append(vs, fmt.Sprint(v))
+		}
+		*hdrs = NewJWTClaimHeaders(vs...)
+		return nil
+	}
+
+	var s string
+	if json.Unmarshal(data, &s) == nil {
+		*hdrs = NewJWTClaimHeaders(strings.FieldsFunc(s, func(r rune) bool {
+			return r == ',' || unicode.IsSpace(r)
+		})...)
+		return nil
+	}
+
+	return fmt.Errorf("JWTClaimHeaders must be an object or an array of values, got: %s", data)
+}
+
+// UnmarshalYAML uses UnmarshalJSON to unmarshal YAML data into the JWTClaimHeaders.
+func (hdrs *JWTClaimHeaders) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var i interface{}
+	err := unmarshal(&i)
+	if err != nil {
+		return err
+	}
+
+	m, err := serializable(i)
+	if err != nil {
+		return err
+	}
+
+	bs, err := json.Marshal(m)
+	if err != nil {
+		return err
+	}
+
+	return hdrs.UnmarshalJSON(bs)
+}
+
+func decodeJWTClaimHeadersHookFunc() mapstructure.DecodeHookFunc {
+	return func(f, t reflect.Type, data interface{}) (interface{}, error) {
+		if t != reflect.TypeOf(JWTClaimHeaders{}) {
+			return data, nil
+		}
+
+		bs, err := json.Marshal(data)
+		if err != nil {
+			return nil, err
+		}
+		var hdrs JWTClaimHeaders
+		err = json.Unmarshal(bs, &hdrs)
+		if err != nil {
+			return nil, err
+		}
+		return hdrs, nil
+	}
+}
+
 // A StringSlice is a slice of strings.
 type StringSlice []string
 
@@ -108,6 +197,7 @@ type WeightedURL struct {
 	LbWeight uint32
 }
 
+// Validate validates the WeightedURL.
 func (u *WeightedURL) Validate() error {
 	if u.URL.Hostname() == "" {
 		return errHostnameMustBeSpecified
@@ -145,6 +235,7 @@ func (u *WeightedURL) String() string {
 	return fmt.Sprintf("{url=%s, weight=%d}", str, u.LbWeight)
 }
 
+// WeightedURLs is a slice of WeightedURL.
 type WeightedURLs []WeightedURL
 
 // ParseWeightedUrls parses
@@ -220,6 +311,7 @@ func (urls WeightedURLs) Flatten() ([]string, []uint32, error) {
 	return str, wghts, nil
 }
 
+// DecodePolicyBase64Hook creates a mapstructure DecodeHookFunc.
 func DecodePolicyBase64Hook() mapstructure.DecodeHookFunc {
 	return func(f, t reflect.Type, data interface{}) (interface{}, error) {
 		if t != reflect.TypeOf([]Policy{}) {
@@ -249,6 +341,7 @@ func DecodePolicyBase64Hook() mapstructure.DecodeHookFunc {
 	}
 }
 
+// DecodePolicyHookFunc creates a mapstructure DecodeHookFunc.
 func DecodePolicyHookFunc() mapstructure.DecodeHookFunc {
 	return func(f, t reflect.Type, data interface{}) (interface{}, error) {
 		if t != reflect.TypeOf(Policy{}) {
diff --git a/config/custom_test.go b/config/custom_test.go
index 5313098c8..645514f1d 100644
--- a/config/custom_test.go
+++ b/config/custom_test.go
@@ -6,11 +6,99 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/mitchellh/mapstructure"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gopkg.in/yaml.v2"
 )
 
+func TestJWTClaimHeaders_UnmarshalJSON(t *testing.T) {
+	t.Run("object", func(t *testing.T) {
+		var hdrs JWTClaimHeaders
+		err := json.Unmarshal([]byte(`{"x":"y"}`), &hdrs)
+		assert.NoError(t, err)
+		assert.Equal(t, JWTClaimHeaders{"x": "y"}, hdrs)
+	})
+	t.Run("array", func(t *testing.T) {
+		var hdrs JWTClaimHeaders
+		err := json.Unmarshal([]byte(`["x", "y"]`), &hdrs)
+		assert.NoError(t, err)
+		assert.Equal(t, JWTClaimHeaders{"x-pomerium-claim-x": "x", "x-pomerium-claim-y": "y"}, hdrs)
+	})
+	t.Run("string", func(t *testing.T) {
+		var hdrs JWTClaimHeaders
+		err := json.Unmarshal([]byte(`"x, y"`), &hdrs)
+		assert.NoError(t, err)
+		assert.Equal(t, JWTClaimHeaders{"x-pomerium-claim-x": "x", "x-pomerium-claim-y": "y"}, hdrs)
+	})
+}
+
+func TestJWTClaimHeaders_UnmarshalYAML(t *testing.T) {
+	t.Run("object", func(t *testing.T) {
+		var hdrs JWTClaimHeaders
+		err := yaml.Unmarshal([]byte(`
+x: "y"
+`), &hdrs)
+		assert.NoError(t, err)
+		assert.Equal(t, JWTClaimHeaders{"x": "y"}, hdrs)
+	})
+	t.Run("array", func(t *testing.T) {
+		var hdrs JWTClaimHeaders
+		err := yaml.Unmarshal([]byte(`
+- x
+- "y"
+`), &hdrs)
+		assert.NoError(t, err)
+		assert.Equal(t, JWTClaimHeaders{"x-pomerium-claim-x": "x", "x-pomerium-claim-y": "y"}, hdrs)
+	})
+	t.Run("string", func(t *testing.T) {
+		var hdrs JWTClaimHeaders
+		err := yaml.Unmarshal([]byte(`"x, y"`), &hdrs)
+		assert.NoError(t, err)
+		assert.Equal(t, JWTClaimHeaders{"x-pomerium-claim-x": "x", "x-pomerium-claim-y": "y"}, hdrs)
+	})
+}
+
+func TestDecodeJWTClaimHeadersHookFunc(t *testing.T) {
+	var withClaims struct {
+		Claims JWTClaimHeaders `mapstructure:"claims"`
+	}
+	decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
+		DecodeHook: decodeJWTClaimHeadersHookFunc(),
+		Result:     &withClaims,
+	})
+	require.NoError(t, err)
+
+	t.Run("object", func(t *testing.T) {
+		err := decoder.Decode(struct {
+			Claims map[string]string `mapstructure:"claims"`
+		}{
+			Claims: map[string]string{"a": "b", "c": "d"},
+		})
+		assert.NoError(t, err)
+		assert.Equal(t, JWTClaimHeaders{
+			"a": "b",
+			"c": "d",
+		}, withClaims.Claims)
+	})
+
+	withClaims.Claims = nil
+
+	t.Run("array", func(t *testing.T) {
+		err := decoder.Decode(struct {
+			Claims []string `mapstructure:"claims"`
+		}{
+			Claims: []string{"a", "b", "c"},
+		})
+		assert.NoError(t, err)
+		assert.Equal(t, JWTClaimHeaders{
+			"x-pomerium-claim-a": "a",
+			"x-pomerium-claim-b": "b",
+			"x-pomerium-claim-c": "c",
+		}, withClaims.Claims)
+	})
+}
+
 func TestStringSlice_UnmarshalJSON(t *testing.T) {
 	t.Run("string", func(t *testing.T) {
 		var slc StringSlice
@@ -40,6 +128,7 @@ func TestStringSlice_UnmarshalYAML(t *testing.T) {
 		assert.Equal(t, NewStringSlice("a", "b", "c"), slc)
 	})
 }
+
 func TestSerializable(t *testing.T) {
 	data, err := base64.StdEncoding.DecodeString("aGVhbHRoX2NoZWNrOgogIHRpbWVvdXQ6IDVzCiAgaW50ZXJ2YWw6IDYwcwogIGhlYWx0aHlUaHJlc2hvbGQ6IDEKICB1bmhlYWx0aHlUaHJlc2hvbGQ6IDIKICBodHRwX2hlYWx0aF9jaGVjazogCiAgICBob3N0OiAiaHR0cDovL2xvY2FsaG9zdDo4MDgwIgogICAgcGF0aDogIi8iCg==")
 	require.NoError(t, err, "decode")
diff --git a/config/options.go b/config/options.go
index 1e88f816f..b7531894c 100644
--- a/config/options.go
+++ b/config/options.go
@@ -177,7 +177,7 @@ type Options struct {
 	Headers    map[string]string `yaml:",omitempty"`
 
 	// List of JWT claims to insert as x-pomerium-claim-* headers on proxied requests
-	JWTClaimsHeaders []string `mapstructure:"jwt_claims_headers" yaml:"jwt_claims_headers,omitempty"`
+	JWTClaimsHeaders JWTClaimHeaders `mapstructure:"jwt_claims_headers" yaml:"jwt_claims_headers,omitempty"`
 
 	// RefreshCooldown limits the rate a user can refresh her session
 	RefreshCooldown time.Duration `mapstructure:"refresh_cooldown" yaml:"refresh_cooldown,omitempty"`
diff --git a/docs/reference/readme.md b/docs/reference/readme.md
index 33315b92b..9cb9a8a23 100644
--- a/docs/reference/readme.md
+++ b/docs/reference/readme.md
@@ -832,6 +832,15 @@ Any claim in the pomerium session JWT can be placed into a corresponding header
 
 `X-Pomerium-Claim-{Name}` where `{Name}` is the name of the claim requested.
 
+This option also supports a nested object to customize the header name. For example:
+
+```yaml
+jwt_claims_headers:
+  X-Email: email
+```
+
+Will add an `X-Email` header with a value of the `email` claim.
+
 Use this option if you previously relied on `x-pomerium-authenticated-user-{email|user-id|groups}`.
 
 
diff --git a/docs/reference/settings.yaml b/docs/reference/settings.yaml
index e0c1f8c83..478d6256f 100644
--- a/docs/reference/settings.yaml
+++ b/docs/reference/settings.yaml
@@ -938,6 +938,15 @@ settings:
 
           `X-Pomerium-Claim-{Name}` where `{Name}` is the name of the claim requested.
 
+          This option also supports a nested object to customize the header name. For example:
+
+          ```yaml
+          jwt_claims_headers:
+            X-Email: email
+          ```
+
+          Will add an `X-Email` header with a value of the `email` claim.
+
           Use this option if you previously relied on `x-pomerium-authenticated-user-{email|user-id|groups}`.
         shortdoc: |
           The JWT Claim Headers setting allows you to pass specific user session data down to downstream applications as HTTP request headers.
diff --git a/pkg/grpc/config/config.pb.go b/pkg/grpc/config/config.pb.go
index f882a3731..c76c4ac27 100644
--- a/pkg/grpc/config/config.pb.go
+++ b/pkg/grpc/config/config.pb.go
@@ -649,65 +649,66 @@ type Settings struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Debug                                             *bool                   `protobuf:"varint,2,opt,name=debug,proto3,oneof" json:"debug,omitempty"`
-	LogLevel                                          *string                 `protobuf:"bytes,3,opt,name=log_level,json=logLevel,proto3,oneof" json:"log_level,omitempty"`
-	ProxyLogLevel                                     *string                 `protobuf:"bytes,4,opt,name=proxy_log_level,json=proxyLogLevel,proto3,oneof" json:"proxy_log_level,omitempty"`
-	SharedSecret                                      *string                 `protobuf:"bytes,5,opt,name=shared_secret,json=sharedSecret,proto3,oneof" json:"shared_secret,omitempty"`
-	Services                                          *string                 `protobuf:"bytes,6,opt,name=services,proto3,oneof" json:"services,omitempty"`
-	Address                                           *string                 `protobuf:"bytes,7,opt,name=address,proto3,oneof" json:"address,omitempty"`
-	InsecureServer                                    *bool                   `protobuf:"varint,8,opt,name=insecure_server,json=insecureServer,proto3,oneof" json:"insecure_server,omitempty"`
-	DnsLookupFamily                                   *string                 `protobuf:"bytes,60,opt,name=dns_lookup_family,json=dnsLookupFamily,proto3,oneof" json:"dns_lookup_family,omitempty"`
-	Certificates                                      []*Settings_Certificate `protobuf:"bytes,9,rep,name=certificates,proto3" json:"certificates,omitempty"`
-	HttpRedirectAddr                                  *string                 `protobuf:"bytes,10,opt,name=http_redirect_addr,json=httpRedirectAddr,proto3,oneof" json:"http_redirect_addr,omitempty"`
-	TimeoutRead                                       *durationpb.Duration    `protobuf:"bytes,11,opt,name=timeout_read,json=timeoutRead,proto3,oneof" json:"timeout_read,omitempty"`
-	TimeoutWrite                                      *durationpb.Duration    `protobuf:"bytes,12,opt,name=timeout_write,json=timeoutWrite,proto3,oneof" json:"timeout_write,omitempty"`
-	TimeoutIdle                                       *durationpb.Duration    `protobuf:"bytes,13,opt,name=timeout_idle,json=timeoutIdle,proto3,oneof" json:"timeout_idle,omitempty"`
-	AuthenticateServiceUrl                            *string                 `protobuf:"bytes,14,opt,name=authenticate_service_url,json=authenticateServiceUrl,proto3,oneof" json:"authenticate_service_url,omitempty"`
-	AuthenticateCallbackPath                          *string                 `protobuf:"bytes,15,opt,name=authenticate_callback_path,json=authenticateCallbackPath,proto3,oneof" json:"authenticate_callback_path,omitempty"`
-	CookieName                                        *string                 `protobuf:"bytes,16,opt,name=cookie_name,json=cookieName,proto3,oneof" json:"cookie_name,omitempty"`
-	CookieSecret                                      *string                 `protobuf:"bytes,17,opt,name=cookie_secret,json=cookieSecret,proto3,oneof" json:"cookie_secret,omitempty"`
-	CookieDomain                                      *string                 `protobuf:"bytes,18,opt,name=cookie_domain,json=cookieDomain,proto3,oneof" json:"cookie_domain,omitempty"`
-	CookieSecure                                      *bool                   `protobuf:"varint,19,opt,name=cookie_secure,json=cookieSecure,proto3,oneof" json:"cookie_secure,omitempty"`
-	CookieHttpOnly                                    *bool                   `protobuf:"varint,20,opt,name=cookie_http_only,json=cookieHttpOnly,proto3,oneof" json:"cookie_http_only,omitempty"`
-	CookieExpire                                      *durationpb.Duration    `protobuf:"bytes,21,opt,name=cookie_expire,json=cookieExpire,proto3,oneof" json:"cookie_expire,omitempty"`
-	IdpClientId                                       *string                 `protobuf:"bytes,22,opt,name=idp_client_id,json=idpClientId,proto3,oneof" json:"idp_client_id,omitempty"`
-	IdpClientSecret                                   *string                 `protobuf:"bytes,23,opt,name=idp_client_secret,json=idpClientSecret,proto3,oneof" json:"idp_client_secret,omitempty"`
-	IdpProvider                                       *string                 `protobuf:"bytes,24,opt,name=idp_provider,json=idpProvider,proto3,oneof" json:"idp_provider,omitempty"`
-	IdpProviderUrl                                    *string                 `protobuf:"bytes,25,opt,name=idp_provider_url,json=idpProviderUrl,proto3,oneof" json:"idp_provider_url,omitempty"`
-	Scopes                                            []string                `protobuf:"bytes,26,rep,name=scopes,proto3" json:"scopes,omitempty"`
-	IdpServiceAccount                                 *string                 `protobuf:"bytes,27,opt,name=idp_service_account,json=idpServiceAccount,proto3,oneof" json:"idp_service_account,omitempty"`
-	IdpRefreshDirectoryTimeout                        *durationpb.Duration    `protobuf:"bytes,28,opt,name=idp_refresh_directory_timeout,json=idpRefreshDirectoryTimeout,proto3,oneof" json:"idp_refresh_directory_timeout,omitempty"`
-	IdpRefreshDirectoryInterval                       *durationpb.Duration    `protobuf:"bytes,29,opt,name=idp_refresh_directory_interval,json=idpRefreshDirectoryInterval,proto3,oneof" json:"idp_refresh_directory_interval,omitempty"`
-	RequestParams                                     map[string]string       `protobuf:"bytes,30,rep,name=request_params,json=requestParams,proto3" json:"request_params,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	AuthorizeServiceUrl                               *string                 `protobuf:"bytes,32,opt,name=authorize_service_url,json=authorizeServiceUrl,proto3,oneof" json:"authorize_service_url,omitempty"`
-	OverrideCertificateName                           *string                 `protobuf:"bytes,33,opt,name=override_certificate_name,json=overrideCertificateName,proto3,oneof" json:"override_certificate_name,omitempty"`
-	CertificateAuthority                              *string                 `protobuf:"bytes,34,opt,name=certificate_authority,json=certificateAuthority,proto3,oneof" json:"certificate_authority,omitempty"`
-	CertificateAuthorityFile                          *string                 `protobuf:"bytes,35,opt,name=certificate_authority_file,json=certificateAuthorityFile,proto3,oneof" json:"certificate_authority_file,omitempty"`
-	SigningKey                                        *string                 `protobuf:"bytes,36,opt,name=signing_key,json=signingKey,proto3,oneof" json:"signing_key,omitempty"`
-	SigningKeyAlgorithm                               *string                 `protobuf:"bytes,62,opt,name=signing_key_algorithm,json=signingKeyAlgorithm,proto3,oneof" json:"signing_key_algorithm,omitempty"`
-	JwtClaimsHeaders                                  []string                `protobuf:"bytes,37,rep,name=jwt_claims_headers,json=jwtClaimsHeaders,proto3" json:"jwt_claims_headers,omitempty"`
-	RefreshCooldown                                   *durationpb.Duration    `protobuf:"bytes,38,opt,name=refresh_cooldown,json=refreshCooldown,proto3,oneof" json:"refresh_cooldown,omitempty"`
-	DefaultUpstreamTimeout                            *durationpb.Duration    `protobuf:"bytes,39,opt,name=default_upstream_timeout,json=defaultUpstreamTimeout,proto3,oneof" json:"default_upstream_timeout,omitempty"`
-	MetricsAddress                                    *string                 `protobuf:"bytes,40,opt,name=metrics_address,json=metricsAddress,proto3,oneof" json:"metrics_address,omitempty"`
-	TracingProvider                                   *string                 `protobuf:"bytes,41,opt,name=tracing_provider,json=tracingProvider,proto3,oneof" json:"tracing_provider,omitempty"`
-	TracingSampleRate                                 *float64                `protobuf:"fixed64,42,opt,name=tracing_sample_rate,json=tracingSampleRate,proto3,oneof" json:"tracing_sample_rate,omitempty"`
-	TracingJaegerCollectorEndpoint                    *string                 `protobuf:"bytes,43,opt,name=tracing_jaeger_collector_endpoint,json=tracingJaegerCollectorEndpoint,proto3,oneof" json:"tracing_jaeger_collector_endpoint,omitempty"`
-	TracingJaegerAgentEndpoint                        *string                 `protobuf:"bytes,44,opt,name=tracing_jaeger_agent_endpoint,json=tracingJaegerAgentEndpoint,proto3,oneof" json:"tracing_jaeger_agent_endpoint,omitempty"`
-	TracingZipkinEndpoint                             *string                 `protobuf:"bytes,45,opt,name=tracing_zipkin_endpoint,json=tracingZipkinEndpoint,proto3,oneof" json:"tracing_zipkin_endpoint,omitempty"`
-	GrpcAddress                                       *string                 `protobuf:"bytes,46,opt,name=grpc_address,json=grpcAddress,proto3,oneof" json:"grpc_address,omitempty"`
-	GrpcInsecure                                      *bool                   `protobuf:"varint,47,opt,name=grpc_insecure,json=grpcInsecure,proto3,oneof" json:"grpc_insecure,omitempty"`
-	GrpcServerMaxConnectionAge                        *durationpb.Duration    `protobuf:"bytes,48,opt,name=grpc_server_max_connection_age,json=grpcServerMaxConnectionAge,proto3" json:"grpc_server_max_connection_age,omitempty"`
-	GrpcServerMaxConnectionAgeGrace                   *durationpb.Duration    `protobuf:"bytes,49,opt,name=grpc_server_max_connection_age_grace,json=grpcServerMaxConnectionAgeGrace,proto3" json:"grpc_server_max_connection_age_grace,omitempty"`
-	ForwardAuthUrl                                    *string                 `protobuf:"bytes,50,opt,name=forward_auth_url,json=forwardAuthUrl,proto3,oneof" json:"forward_auth_url,omitempty"`
-	DatabrokerServiceUrl                              *string                 `protobuf:"bytes,52,opt,name=databroker_service_url,json=databrokerServiceUrl,proto3,oneof" json:"databroker_service_url,omitempty"`
-	ClientCa                                          *string                 `protobuf:"bytes,53,opt,name=client_ca,json=clientCa,proto3,oneof" json:"client_ca,omitempty"`
-	ClientCaFile                                      *string                 `protobuf:"bytes,54,opt,name=client_ca_file,json=clientCaFile,proto3,oneof" json:"client_ca_file,omitempty"`
-	GoogleCloudServerlessAuthenticationServiceAccount *string                 `protobuf:"bytes,55,opt,name=google_cloud_serverless_authentication_service_account,json=googleCloudServerlessAuthenticationServiceAccount,proto3,oneof" json:"google_cloud_serverless_authentication_service_account,omitempty"`
-	Autocert                                          *bool                   `protobuf:"varint,56,opt,name=autocert,proto3,oneof" json:"autocert,omitempty"`
-	AutocertUseStaging                                *bool                   `protobuf:"varint,57,opt,name=autocert_use_staging,json=autocertUseStaging,proto3,oneof" json:"autocert_use_staging,omitempty"`
-	AutocertMustStaple                                *bool                   `protobuf:"varint,58,opt,name=autocert_must_staple,json=autocertMustStaple,proto3,oneof" json:"autocert_must_staple,omitempty"`
-	AutocertDir                                       *string                 `protobuf:"bytes,59,opt,name=autocert_dir,json=autocertDir,proto3,oneof" json:"autocert_dir,omitempty"`
-	SkipXffAppend                                     *bool                   `protobuf:"varint,61,opt,name=skip_xff_append,json=skipXffAppend,proto3,oneof" json:"skip_xff_append,omitempty"`
+	Debug                       *bool                   `protobuf:"varint,2,opt,name=debug,proto3,oneof" json:"debug,omitempty"`
+	LogLevel                    *string                 `protobuf:"bytes,3,opt,name=log_level,json=logLevel,proto3,oneof" json:"log_level,omitempty"`
+	ProxyLogLevel               *string                 `protobuf:"bytes,4,opt,name=proxy_log_level,json=proxyLogLevel,proto3,oneof" json:"proxy_log_level,omitempty"`
+	SharedSecret                *string                 `protobuf:"bytes,5,opt,name=shared_secret,json=sharedSecret,proto3,oneof" json:"shared_secret,omitempty"`
+	Services                    *string                 `protobuf:"bytes,6,opt,name=services,proto3,oneof" json:"services,omitempty"`
+	Address                     *string                 `protobuf:"bytes,7,opt,name=address,proto3,oneof" json:"address,omitempty"`
+	InsecureServer              *bool                   `protobuf:"varint,8,opt,name=insecure_server,json=insecureServer,proto3,oneof" json:"insecure_server,omitempty"`
+	DnsLookupFamily             *string                 `protobuf:"bytes,60,opt,name=dns_lookup_family,json=dnsLookupFamily,proto3,oneof" json:"dns_lookup_family,omitempty"`
+	Certificates                []*Settings_Certificate `protobuf:"bytes,9,rep,name=certificates,proto3" json:"certificates,omitempty"`
+	HttpRedirectAddr            *string                 `protobuf:"bytes,10,opt,name=http_redirect_addr,json=httpRedirectAddr,proto3,oneof" json:"http_redirect_addr,omitempty"`
+	TimeoutRead                 *durationpb.Duration    `protobuf:"bytes,11,opt,name=timeout_read,json=timeoutRead,proto3,oneof" json:"timeout_read,omitempty"`
+	TimeoutWrite                *durationpb.Duration    `protobuf:"bytes,12,opt,name=timeout_write,json=timeoutWrite,proto3,oneof" json:"timeout_write,omitempty"`
+	TimeoutIdle                 *durationpb.Duration    `protobuf:"bytes,13,opt,name=timeout_idle,json=timeoutIdle,proto3,oneof" json:"timeout_idle,omitempty"`
+	AuthenticateServiceUrl      *string                 `protobuf:"bytes,14,opt,name=authenticate_service_url,json=authenticateServiceUrl,proto3,oneof" json:"authenticate_service_url,omitempty"`
+	AuthenticateCallbackPath    *string                 `protobuf:"bytes,15,opt,name=authenticate_callback_path,json=authenticateCallbackPath,proto3,oneof" json:"authenticate_callback_path,omitempty"`
+	CookieName                  *string                 `protobuf:"bytes,16,opt,name=cookie_name,json=cookieName,proto3,oneof" json:"cookie_name,omitempty"`
+	CookieSecret                *string                 `protobuf:"bytes,17,opt,name=cookie_secret,json=cookieSecret,proto3,oneof" json:"cookie_secret,omitempty"`
+	CookieDomain                *string                 `protobuf:"bytes,18,opt,name=cookie_domain,json=cookieDomain,proto3,oneof" json:"cookie_domain,omitempty"`
+	CookieSecure                *bool                   `protobuf:"varint,19,opt,name=cookie_secure,json=cookieSecure,proto3,oneof" json:"cookie_secure,omitempty"`
+	CookieHttpOnly              *bool                   `protobuf:"varint,20,opt,name=cookie_http_only,json=cookieHttpOnly,proto3,oneof" json:"cookie_http_only,omitempty"`
+	CookieExpire                *durationpb.Duration    `protobuf:"bytes,21,opt,name=cookie_expire,json=cookieExpire,proto3,oneof" json:"cookie_expire,omitempty"`
+	IdpClientId                 *string                 `protobuf:"bytes,22,opt,name=idp_client_id,json=idpClientId,proto3,oneof" json:"idp_client_id,omitempty"`
+	IdpClientSecret             *string                 `protobuf:"bytes,23,opt,name=idp_client_secret,json=idpClientSecret,proto3,oneof" json:"idp_client_secret,omitempty"`
+	IdpProvider                 *string                 `protobuf:"bytes,24,opt,name=idp_provider,json=idpProvider,proto3,oneof" json:"idp_provider,omitempty"`
+	IdpProviderUrl              *string                 `protobuf:"bytes,25,opt,name=idp_provider_url,json=idpProviderUrl,proto3,oneof" json:"idp_provider_url,omitempty"`
+	Scopes                      []string                `protobuf:"bytes,26,rep,name=scopes,proto3" json:"scopes,omitempty"`
+	IdpServiceAccount           *string                 `protobuf:"bytes,27,opt,name=idp_service_account,json=idpServiceAccount,proto3,oneof" json:"idp_service_account,omitempty"`
+	IdpRefreshDirectoryTimeout  *durationpb.Duration    `protobuf:"bytes,28,opt,name=idp_refresh_directory_timeout,json=idpRefreshDirectoryTimeout,proto3,oneof" json:"idp_refresh_directory_timeout,omitempty"`
+	IdpRefreshDirectoryInterval *durationpb.Duration    `protobuf:"bytes,29,opt,name=idp_refresh_directory_interval,json=idpRefreshDirectoryInterval,proto3,oneof" json:"idp_refresh_directory_interval,omitempty"`
+	RequestParams               map[string]string       `protobuf:"bytes,30,rep,name=request_params,json=requestParams,proto3" json:"request_params,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	AuthorizeServiceUrl         *string                 `protobuf:"bytes,32,opt,name=authorize_service_url,json=authorizeServiceUrl,proto3,oneof" json:"authorize_service_url,omitempty"`
+	OverrideCertificateName     *string                 `protobuf:"bytes,33,opt,name=override_certificate_name,json=overrideCertificateName,proto3,oneof" json:"override_certificate_name,omitempty"`
+	CertificateAuthority        *string                 `protobuf:"bytes,34,opt,name=certificate_authority,json=certificateAuthority,proto3,oneof" json:"certificate_authority,omitempty"`
+	CertificateAuthorityFile    *string                 `protobuf:"bytes,35,opt,name=certificate_authority_file,json=certificateAuthorityFile,proto3,oneof" json:"certificate_authority_file,omitempty"`
+	SigningKey                  *string                 `protobuf:"bytes,36,opt,name=signing_key,json=signingKey,proto3,oneof" json:"signing_key,omitempty"`
+	SigningKeyAlgorithm         *string                 `protobuf:"bytes,62,opt,name=signing_key_algorithm,json=signingKeyAlgorithm,proto3,oneof" json:"signing_key_algorithm,omitempty"`
+	// repeated string jwt_claims_headers = 37;
+	JwtClaimsHeaders                                  map[string]string    `protobuf:"bytes,63,rep,name=jwt_claims_headers,json=jwtClaimsHeaders,proto3" json:"jwt_claims_headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	RefreshCooldown                                   *durationpb.Duration `protobuf:"bytes,38,opt,name=refresh_cooldown,json=refreshCooldown,proto3,oneof" json:"refresh_cooldown,omitempty"`
+	DefaultUpstreamTimeout                            *durationpb.Duration `protobuf:"bytes,39,opt,name=default_upstream_timeout,json=defaultUpstreamTimeout,proto3,oneof" json:"default_upstream_timeout,omitempty"`
+	MetricsAddress                                    *string              `protobuf:"bytes,40,opt,name=metrics_address,json=metricsAddress,proto3,oneof" json:"metrics_address,omitempty"`
+	TracingProvider                                   *string              `protobuf:"bytes,41,opt,name=tracing_provider,json=tracingProvider,proto3,oneof" json:"tracing_provider,omitempty"`
+	TracingSampleRate                                 *float64             `protobuf:"fixed64,42,opt,name=tracing_sample_rate,json=tracingSampleRate,proto3,oneof" json:"tracing_sample_rate,omitempty"`
+	TracingJaegerCollectorEndpoint                    *string              `protobuf:"bytes,43,opt,name=tracing_jaeger_collector_endpoint,json=tracingJaegerCollectorEndpoint,proto3,oneof" json:"tracing_jaeger_collector_endpoint,omitempty"`
+	TracingJaegerAgentEndpoint                        *string              `protobuf:"bytes,44,opt,name=tracing_jaeger_agent_endpoint,json=tracingJaegerAgentEndpoint,proto3,oneof" json:"tracing_jaeger_agent_endpoint,omitempty"`
+	TracingZipkinEndpoint                             *string              `protobuf:"bytes,45,opt,name=tracing_zipkin_endpoint,json=tracingZipkinEndpoint,proto3,oneof" json:"tracing_zipkin_endpoint,omitempty"`
+	GrpcAddress                                       *string              `protobuf:"bytes,46,opt,name=grpc_address,json=grpcAddress,proto3,oneof" json:"grpc_address,omitempty"`
+	GrpcInsecure                                      *bool                `protobuf:"varint,47,opt,name=grpc_insecure,json=grpcInsecure,proto3,oneof" json:"grpc_insecure,omitempty"`
+	GrpcServerMaxConnectionAge                        *durationpb.Duration `protobuf:"bytes,48,opt,name=grpc_server_max_connection_age,json=grpcServerMaxConnectionAge,proto3" json:"grpc_server_max_connection_age,omitempty"`
+	GrpcServerMaxConnectionAgeGrace                   *durationpb.Duration `protobuf:"bytes,49,opt,name=grpc_server_max_connection_age_grace,json=grpcServerMaxConnectionAgeGrace,proto3" json:"grpc_server_max_connection_age_grace,omitempty"`
+	ForwardAuthUrl                                    *string              `protobuf:"bytes,50,opt,name=forward_auth_url,json=forwardAuthUrl,proto3,oneof" json:"forward_auth_url,omitempty"`
+	DatabrokerServiceUrl                              *string              `protobuf:"bytes,52,opt,name=databroker_service_url,json=databrokerServiceUrl,proto3,oneof" json:"databroker_service_url,omitempty"`
+	ClientCa                                          *string              `protobuf:"bytes,53,opt,name=client_ca,json=clientCa,proto3,oneof" json:"client_ca,omitempty"`
+	ClientCaFile                                      *string              `protobuf:"bytes,54,opt,name=client_ca_file,json=clientCaFile,proto3,oneof" json:"client_ca_file,omitempty"`
+	GoogleCloudServerlessAuthenticationServiceAccount *string              `protobuf:"bytes,55,opt,name=google_cloud_serverless_authentication_service_account,json=googleCloudServerlessAuthenticationServiceAccount,proto3,oneof" json:"google_cloud_serverless_authentication_service_account,omitempty"`
+	Autocert                                          *bool                `protobuf:"varint,56,opt,name=autocert,proto3,oneof" json:"autocert,omitempty"`
+	AutocertUseStaging                                *bool                `protobuf:"varint,57,opt,name=autocert_use_staging,json=autocertUseStaging,proto3,oneof" json:"autocert_use_staging,omitempty"`
+	AutocertMustStaple                                *bool                `protobuf:"varint,58,opt,name=autocert_must_staple,json=autocertMustStaple,proto3,oneof" json:"autocert_must_staple,omitempty"`
+	AutocertDir                                       *string              `protobuf:"bytes,59,opt,name=autocert_dir,json=autocertDir,proto3,oneof" json:"autocert_dir,omitempty"`
+	SkipXffAppend                                     *bool                `protobuf:"varint,61,opt,name=skip_xff_append,json=skipXffAppend,proto3,oneof" json:"skip_xff_append,omitempty"`
 }
 
 func (x *Settings) Reset() {
@@ -994,7 +995,7 @@ func (x *Settings) GetSigningKeyAlgorithm() string {
 	return ""
 }
 
-func (x *Settings) GetJwtClaimsHeaders() []string {
+func (x *Settings) GetJwtClaimsHeaders() map[string]string {
 	if x != nil {
 		return x.JwtClaimsHeaders
 	}
@@ -1425,7 +1426,7 @@ var file_config_proto_rawDesc = []byte{
 	0x30, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
 	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
 	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe5, 0x24, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
+	0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdb, 0x25, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e,
 	0x67, 0x73, 0x12, 0x19, 0x0a, 0x05, 0x64, 0x65, 0x62, 0x75, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28,
 	0x08, 0x48, 0x00, 0x52, 0x05, 0x64, 0x65, 0x62, 0x75, 0x67, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a,
 	0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
@@ -1546,184 +1547,191 @@ var file_config_proto_rawDesc = []byte{
 	0x12, 0x37, 0x0a, 0x15, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
 	0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x09, 0x48,
 	0x20, 0x52, 0x13, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67,
-	0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x88, 0x01, 0x01, 0x12, 0x2c, 0x0a, 0x12, 0x6a, 0x77, 0x74,
+	0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x88, 0x01, 0x01, 0x12, 0x5d, 0x0a, 0x12, 0x6a, 0x77, 0x74,
 	0x5f, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18,
-	0x25, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x6a, 0x77, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73,
-	0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x72, 0x65, 0x66, 0x72, 0x65,
-	0x73, 0x68, 0x5f, 0x63, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, 0x18, 0x26, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x21, 0x52, 0x0f,
-	0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, 0x88,
-	0x01, 0x01, 0x12, 0x58, 0x0a, 0x18, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x75, 0x70,
-	0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x27,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48,
-	0x22, 0x52, 0x16, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65,
-	0x61, 0x6d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x88, 0x01, 0x01, 0x12, 0x2c, 0x0a, 0x0f,
-	0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18,
-	0x28, 0x20, 0x01, 0x28, 0x09, 0x48, 0x23, 0x52, 0x0e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73,
-	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x12, 0x2e, 0x0a, 0x10, 0x74, 0x72,
-	0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x29,
-	0x20, 0x01, 0x28, 0x09, 0x48, 0x24, 0x52, 0x0f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x50,
-	0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x13, 0x74, 0x72,
-	0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x72, 0x61, 0x74,
-	0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x01, 0x48, 0x25, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69,
-	0x6e, 0x67, 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x52, 0x61, 0x74, 0x65, 0x88, 0x01, 0x01, 0x12,
-	0x4e, 0x0a, 0x21, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67, 0x65,
-	0x72, 0x5f, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x65, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x18, 0x2b, 0x20, 0x01, 0x28, 0x09, 0x48, 0x26, 0x52, 0x1e, 0x74, 0x72,
-	0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x43, 0x6f, 0x6c, 0x6c, 0x65,
-	0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12,
-	0x46, 0x0a, 0x1d, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67, 0x65,
-	0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
-	0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x48, 0x27, 0x52, 0x1a, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e,
-	0x67, 0x4a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x45, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x3b, 0x0a, 0x17, 0x74, 0x72, 0x61, 0x63, 0x69,
-	0x6e, 0x67, 0x5f, 0x7a, 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69,
-	0x6e, 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x48, 0x28, 0x52, 0x15, 0x74, 0x72, 0x61, 0x63,
-	0x69, 0x6e, 0x67, 0x5a, 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
-	0x74, 0x88, 0x01, 0x01, 0x12, 0x26, 0x0a, 0x0c, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x61, 0x64, 0x64,
-	0x72, 0x65, 0x73, 0x73, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x09, 0x48, 0x29, 0x52, 0x0b, 0x67, 0x72,
-	0x70, 0x63, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x12, 0x28, 0x0a, 0x0d,
-	0x67, 0x72, 0x70, 0x63, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x2f, 0x20,
-	0x01, 0x28, 0x08, 0x48, 0x2a, 0x52, 0x0c, 0x67, 0x72, 0x70, 0x63, 0x49, 0x6e, 0x73, 0x65, 0x63,
-	0x75, 0x72, 0x65, 0x88, 0x01, 0x01, 0x12, 0x5d, 0x0a, 0x1e, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73,
+	0x3f, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d,
+	0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73,
+	0x2e, 0x4a, 0x77, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72,
+	0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x6a, 0x77, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d,
+	0x73, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x72, 0x65, 0x66, 0x72,
+	0x65, 0x73, 0x68, 0x5f, 0x63, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, 0x18, 0x26, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x21, 0x52,
+	0x0f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e,
+	0x88, 0x01, 0x01, 0x12, 0x58, 0x0a, 0x18, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x75,
+	0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18,
+	0x27, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x48, 0x22, 0x52, 0x16, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x55, 0x70, 0x73, 0x74, 0x72,
+	0x65, 0x61, 0x6d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x88, 0x01, 0x01, 0x12, 0x2c, 0x0a,
+	0x0f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+	0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x48, 0x23, 0x52, 0x0e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63,
+	0x73, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x12, 0x2e, 0x0a, 0x10, 0x74,
+	0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18,
+	0x29, 0x20, 0x01, 0x28, 0x09, 0x48, 0x24, 0x52, 0x0f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x13, 0x74,
+	0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x72, 0x61,
+	0x74, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x01, 0x48, 0x25, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63,
+	0x69, 0x6e, 0x67, 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x52, 0x61, 0x74, 0x65, 0x88, 0x01, 0x01,
+	0x12, 0x4e, 0x0a, 0x21, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67,
+	0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x65, 0x6e, 0x64,
+	0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x2b, 0x20, 0x01, 0x28, 0x09, 0x48, 0x26, 0x52, 0x1e, 0x74,
+	0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x43, 0x6f, 0x6c, 0x6c,
+	0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01,
+	0x12, 0x46, 0x0a, 0x1d, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67,
+	0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
+	0x74, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x48, 0x27, 0x52, 0x1a, 0x74, 0x72, 0x61, 0x63, 0x69,
+	0x6e, 0x67, 0x4a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x45, 0x6e, 0x64,
+	0x70, 0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x3b, 0x0a, 0x17, 0x74, 0x72, 0x61, 0x63,
+	0x69, 0x6e, 0x67, 0x5f, 0x7a, 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f,
+	0x69, 0x6e, 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x48, 0x28, 0x52, 0x15, 0x74, 0x72, 0x61,
+	0x63, 0x69, 0x6e, 0x67, 0x5a, 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69,
+	0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x26, 0x0a, 0x0c, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x61, 0x64,
+	0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x09, 0x48, 0x29, 0x52, 0x0b, 0x67,
+	0x72, 0x70, 0x63, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x12, 0x28, 0x0a,
+	0x0d, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x2f,
+	0x20, 0x01, 0x28, 0x08, 0x48, 0x2a, 0x52, 0x0c, 0x67, 0x72, 0x70, 0x63, 0x49, 0x6e, 0x73, 0x65,
+	0x63, 0x75, 0x72, 0x65, 0x88, 0x01, 0x01, 0x12, 0x5d, 0x0a, 0x1e, 0x67, 0x72, 0x70, 0x63, 0x5f,
+	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x30, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1a, 0x67, 0x72, 0x70, 0x63,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x69, 0x6f, 0x6e, 0x41, 0x67, 0x65, 0x12, 0x68, 0x0a, 0x24, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73,
 	0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
-	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x30, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1a, 0x67, 0x72, 0x70, 0x63, 0x53,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69,
-	0x6f, 0x6e, 0x41, 0x67, 0x65, 0x12, 0x68, 0x0a, 0x24, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x67, 0x65, 0x5f, 0x67, 0x72, 0x61, 0x63, 0x65, 0x18, 0x31, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1f,
-	0x67, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x67, 0x65, 0x47, 0x72, 0x61, 0x63, 0x65, 0x12,
-	0x2d, 0x0a, 0x10, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f,
-	0x75, 0x72, 0x6c, 0x18, 0x32, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2b, 0x52, 0x0e, 0x66, 0x6f, 0x72,
-	0x77, 0x61, 0x72, 0x64, 0x41, 0x75, 0x74, 0x68, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12, 0x39,
-	0x0a, 0x16, 0x64, 0x61, 0x74, 0x61, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x34, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2c,
-	0x52, 0x14, 0x64, 0x61, 0x74, 0x61, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a, 0x09, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2d, 0x52, 0x08,
-	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x88, 0x01, 0x01, 0x12, 0x29, 0x0a, 0x0e, 0x63,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x36, 0x20,
-	0x01, 0x28, 0x09, 0x48, 0x2e, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x46,
-	0x69, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x76, 0x0a, 0x36, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x5f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73,
-	0x73, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74,
-	0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2f, 0x52, 0x31, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x43, 0x6c, 0x6f, 0x75, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73, 0x41,
-	0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72,
-	0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x1f,
-	0x0a, 0x08, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28, 0x08,
-	0x48, 0x30, 0x52, 0x08, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x88, 0x01, 0x01, 0x12,
-	0x35, 0x0a, 0x14, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x75, 0x73, 0x65, 0x5f,
-	0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x18, 0x39, 0x20, 0x01, 0x28, 0x08, 0x48, 0x31, 0x52,
-	0x12, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x55, 0x73, 0x65, 0x53, 0x74, 0x61, 0x67,
-	0x69, 0x6e, 0x67, 0x88, 0x01, 0x01, 0x12, 0x35, 0x0a, 0x14, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65,
-	0x72, 0x74, 0x5f, 0x6d, 0x75, 0x73, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x18, 0x3a,
-	0x20, 0x01, 0x28, 0x08, 0x48, 0x32, 0x52, 0x12, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74,
-	0x4d, 0x75, 0x73, 0x74, 0x53, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x26, 0x0a,
-	0x0c, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x3b, 0x20,
-	0x01, 0x28, 0x09, 0x48, 0x33, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x44,
-	0x69, 0x72, 0x88, 0x01, 0x01, 0x12, 0x2b, 0x0a, 0x0f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x78, 0x66,
-	0x66, 0x5f, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x08, 0x48, 0x34,
-	0x52, 0x0d, 0x73, 0x6b, 0x69, 0x70, 0x58, 0x66, 0x66, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x88,
-	0x01, 0x01, 0x1a, 0x81, 0x01, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x12,
-	0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x65,
-	0x72, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09,
-	0x63, 0x65, 0x72, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6b, 0x65, 0x79,
-	0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x6b, 0x65,
-	0x79, 0x42, 0x79, 0x74, 0x65, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
-	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
-	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x64, 0x65, 0x62,
-	0x75, 0x67, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c,
-	0x42, 0x12, 0x0a, 0x10, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, 0x6c,
-	0x65, 0x76, 0x65, 0x6c, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x5f,
-	0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42,
-	0x12, 0x0a, 0x10, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x65, 0x72,
-	0x76, 0x65, 0x72, 0x42, 0x14, 0x0a, 0x12, 0x5f, 0x64, 0x6e, 0x73, 0x5f, 0x6c, 0x6f, 0x6f, 0x6b,
-	0x75, 0x70, 0x5f, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x42, 0x15, 0x0a, 0x13, 0x5f, 0x68, 0x74,
-	0x74, 0x70, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x64, 0x64, 0x72,
-	0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x72, 0x65, 0x61,
-	0x64, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x77, 0x72,
-	0x69, 0x74, 0x65, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f,
-	0x69, 0x64, 0x6c, 0x65, 0x42, 0x1b, 0x0a, 0x19, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72,
-	0x6c, 0x42, 0x1d, 0x0a, 0x1b, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x5f, 0x63, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x5f, 0x70, 0x61, 0x74, 0x68,
-	0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
-	0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x73, 0x65, 0x63, 0x72,
-	0x65, 0x74, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x64, 0x6f,
-	0x6d, 0x61, 0x69, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f,
-	0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69,
-	0x65, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x42, 0x10, 0x0a, 0x0e, 0x5f,
-	0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x42, 0x10, 0x0a,
-	0x0e, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x42,
-	0x14, 0x0a, 0x12, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73,
-	0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x70, 0x72,
-	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x70,
-	0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x16, 0x0a, 0x14, 0x5f,
-	0x69, 0x64, 0x70, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f,
-	0x75, 0x6e, 0x74, 0x42, 0x20, 0x0a, 0x1e, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x72, 0x65, 0x66, 0x72,
-	0x65, 0x73, 0x68, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x74, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x42, 0x21, 0x0a, 0x1f, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x72, 0x65,
-	0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x42, 0x18, 0x0a, 0x16, 0x5f, 0x61, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75,
-	0x72, 0x6c, 0x42, 0x1c, 0x0a, 0x1a, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f,
-	0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
-	0x42, 0x18, 0x0a, 0x16, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x42, 0x1d, 0x0a, 0x1b, 0x5f, 0x63,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x73, 0x69,
-	0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x42, 0x18, 0x0a, 0x16, 0x5f, 0x73, 0x69,
-	0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69,
-	0x74, 0x68, 0x6d, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f,
-	0x63, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, 0x42, 0x1b, 0x0a, 0x19, 0x5f, 0x64, 0x65, 0x66,
-	0x61, 0x75, 0x6c, 0x74, 0x5f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63,
-	0x73, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x74, 0x72,
-	0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x42, 0x16,
-	0x0a, 0x14, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x61, 0x6d, 0x70, 0x6c,
-	0x65, 0x5f, 0x72, 0x61, 0x74, 0x65, 0x42, 0x24, 0x0a, 0x22, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69,
-	0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63,
-	0x74, 0x6f, 0x72, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x42, 0x20, 0x0a, 0x1e,
+	0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x67, 0x65, 0x5f, 0x67, 0x72, 0x61, 0x63, 0x65, 0x18, 0x31,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x1f, 0x67, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4d, 0x61, 0x78, 0x43, 0x6f,
+	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x67, 0x65, 0x47, 0x72, 0x61, 0x63, 0x65,
+	0x12, 0x2d, 0x0a, 0x10, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68,
+	0x5f, 0x75, 0x72, 0x6c, 0x18, 0x32, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2b, 0x52, 0x0e, 0x66, 0x6f,
+	0x72, 0x77, 0x61, 0x72, 0x64, 0x41, 0x75, 0x74, 0x68, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12,
+	0x39, 0x0a, 0x16, 0x64, 0x61, 0x74, 0x61, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x5f, 0x73, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x34, 0x20, 0x01, 0x28, 0x09, 0x48,
+	0x2c, 0x52, 0x14, 0x64, 0x61, 0x74, 0x61, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a, 0x09, 0x63, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2d, 0x52,
+	0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x88, 0x01, 0x01, 0x12, 0x29, 0x0a, 0x0e,
+	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x36,
+	0x20, 0x01, 0x28, 0x09, 0x48, 0x2e, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61,
+	0x46, 0x69, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x76, 0x0a, 0x36, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x5f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65,
+	0x73, 0x73, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e,
+	0x74, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2f, 0x52, 0x31, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73,
+	0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65,
+	0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12,
+	0x1f, 0x0a, 0x08, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28,
+	0x08, 0x48, 0x30, 0x52, 0x08, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x88, 0x01, 0x01,
+	0x12, 0x35, 0x0a, 0x14, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x75, 0x73, 0x65,
+	0x5f, 0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x18, 0x39, 0x20, 0x01, 0x28, 0x08, 0x48, 0x31,
+	0x52, 0x12, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x55, 0x73, 0x65, 0x53, 0x74, 0x61,
+	0x67, 0x69, 0x6e, 0x67, 0x88, 0x01, 0x01, 0x12, 0x35, 0x0a, 0x14, 0x61, 0x75, 0x74, 0x6f, 0x63,
+	0x65, 0x72, 0x74, 0x5f, 0x6d, 0x75, 0x73, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x18,
+	0x3a, 0x20, 0x01, 0x28, 0x08, 0x48, 0x32, 0x52, 0x12, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72,
+	0x74, 0x4d, 0x75, 0x73, 0x74, 0x53, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x26,
+	0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x3b,
+	0x20, 0x01, 0x28, 0x09, 0x48, 0x33, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74,
+	0x44, 0x69, 0x72, 0x88, 0x01, 0x01, 0x12, 0x2b, 0x0a, 0x0f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x78,
+	0x66, 0x66, 0x5f, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x08, 0x48,
+	0x34, 0x52, 0x0d, 0x73, 0x6b, 0x69, 0x70, 0x58, 0x66, 0x66, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64,
+	0x88, 0x01, 0x01, 0x1a, 0x81, 0x01, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6c, 0x65,
+	0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63,
+	0x65, 0x72, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x09, 0x63, 0x65, 0x72, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6b, 0x65,
+	0x79, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x6b,
+	0x65, 0x79, 0x42, 0x79, 0x74, 0x65, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
+	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
+	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x4a, 0x77, 0x74,
+	0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74,
+	0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x08,
+	0x0a, 0x06, 0x5f, 0x64, 0x65, 0x62, 0x75, 0x67, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x6c, 0x6f, 0x67,
+	0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79,
+	0x5f, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x73,
+	0x68, 0x61, 0x72, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x0b, 0x0a, 0x09,
+	0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x61, 0x64,
+	0x64, 0x72, 0x65, 0x73, 0x73, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75,
+	0x72, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x14, 0x0a, 0x12, 0x5f, 0x64, 0x6e,
+	0x73, 0x5f, 0x6c, 0x6f, 0x6f, 0x6b, 0x75, 0x70, 0x5f, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x42,
+	0x15, 0x0a, 0x13, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63,
+	0x74, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x5f, 0x72, 0x65, 0x61, 0x64, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+	0x6f, 0x75, 0x74, 0x5f, 0x77, 0x72, 0x69, 0x74, 0x65, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x69,
+	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x69, 0x64, 0x6c, 0x65, 0x42, 0x1b, 0x0a, 0x19, 0x5f, 0x61,
+	0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76,
+	0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x1d, 0x0a, 0x1b, 0x5f, 0x61, 0x75, 0x74, 0x68,
+	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63,
+	0x6b, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69,
+	0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69,
+	0x65, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f,
+	0x6b, 0x69, 0x65, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63,
+	0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x13, 0x0a, 0x11,
+	0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6f, 0x6e, 0x6c,
+	0x79, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x65, 0x78, 0x70,
+	0x69, 0x72, 0x65, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x63, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x5f, 0x69, 0x64, 0x42, 0x14, 0x0a, 0x12, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x63, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x0f, 0x0a, 0x0d, 0x5f,
+	0x69, 0x64, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x42, 0x13, 0x0a, 0x11,
+	0x5f, 0x69, 0x64, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x75, 0x72,
+	0x6c, 0x42, 0x16, 0x0a, 0x14, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x20, 0x0a, 0x1e, 0x5f, 0x69, 0x64,
+	0x70, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74,
+	0x6f, 0x72, 0x79, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x42, 0x21, 0x0a, 0x1f, 0x5f,
+	0x69, 0x64, 0x70, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x64, 0x69, 0x72, 0x65,
+	0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x42, 0x18,
+	0x0a, 0x16, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x5f, 0x73, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x1c, 0x0a, 0x1a, 0x5f, 0x6f, 0x76, 0x65,
+	0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x18, 0x0a, 0x16, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
+	0x42, 0x1d, 0x0a, 0x1b, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x42,
+	0x0e, 0x0a, 0x0c, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x42,
+	0x18, 0x0a, 0x16, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f,
+	0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x72, 0x65,
+	0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x63, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, 0x42, 0x1b,
+	0x0a, 0x19, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x75, 0x70, 0x73, 0x74, 0x72,
+	0x65, 0x61, 0x6d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x42, 0x12, 0x0a, 0x10, 0x5f,
+	0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42,
+	0x13, 0x0a, 0x11, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x70, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x42, 0x16, 0x0a, 0x14, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67,
+	0x5f, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x72, 0x61, 0x74, 0x65, 0x42, 0x24, 0x0a, 0x22,
 	0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x5f,
-	0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x42, 0x1a,
-	0x0a, 0x18, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x7a, 0x69, 0x70, 0x6b, 0x69,
-	0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x67,
-	0x72, 0x70, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f,
-	0x67, 0x72, 0x70, 0x63, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x13, 0x0a,
-	0x11, 0x5f, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x75,
-	0x72, 0x6c, 0x42, 0x19, 0x0a, 0x17, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x62, 0x72, 0x6f, 0x6b, 0x65,
-	0x72, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x0c, 0x0a,
-	0x0a, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x42, 0x11, 0x0a, 0x0f, 0x5f,
-	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x42, 0x39,
-	0x0a, 0x37, 0x5f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x5f,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65,
-	0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x61, 0x75,
-	0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x42, 0x17, 0x0a, 0x15, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63,
-	0x65, 0x72, 0x74, 0x5f, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x42,
-	0x17, 0x0a, 0x15, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x6d, 0x75, 0x73,
-	0x74, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x61, 0x75, 0x74,
-	0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x73, 0x6b,
-	0x69, 0x70, 0x5f, 0x78, 0x66, 0x66, 0x5f, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x42, 0x2e, 0x5a,
-	0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65,
-	0x72, 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6b,
-	0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x62, 0x06, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x63, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69,
+	0x6e, 0x74, 0x42, 0x20, 0x0a, 0x1e, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a,
+	0x61, 0x65, 0x67, 0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70,
+	0x6f, 0x69, 0x6e, 0x74, 0x42, 0x1a, 0x0a, 0x18, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67,
+	0x5f, 0x7a, 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
+	0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63,
+	0x75, 0x72, 0x65, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x5f,
+	0x61, 0x75, 0x74, 0x68, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x19, 0x0a, 0x17, 0x5f, 0x64, 0x61, 0x74,
+	0x61, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f,
+	0x75, 0x72, 0x6c, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63,
+	0x61, 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x5f,
+	0x66, 0x69, 0x6c, 0x65, 0x42, 0x39, 0x0a, 0x37, 0x5f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5f,
+	0x63, 0x6c, 0x6f, 0x75, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73,
+	0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
+	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x42,
+	0x0b, 0x0a, 0x09, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x42, 0x17, 0x0a, 0x15,
+	0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x74,
+	0x61, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x17, 0x0a, 0x15, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65,
+	0x72, 0x74, 0x5f, 0x6d, 0x75, 0x73, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x42, 0x0f,
+	0x0a, 0x0d, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x42,
+	0x12, 0x0a, 0x10, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x78, 0x66, 0x66, 0x5f, 0x61, 0x70, 0x70,
+	0x65, 0x6e, 0x64, 0x42, 0x2e, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f,
+	0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72,
+	0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -1738,7 +1746,7 @@ func file_config_proto_rawDescGZIP() []byte {
 	return file_config_proto_rawDescData
 }
 
-var file_config_proto_msgTypes = make([]protoimpl.MessageInfo, 10)
+var file_config_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
 var file_config_proto_goTypes = []interface{}{
 	(*Config)(nil),               // 0: pomerium.config.Config
 	(*RouteRedirect)(nil),        // 1: pomerium.config.RouteRedirect
@@ -1750,39 +1758,41 @@ var file_config_proto_goTypes = []interface{}{
 	nil,                          // 7: pomerium.config.Policy.AllowedIdpClaimsEntry
 	(*Settings_Certificate)(nil), // 8: pomerium.config.Settings.Certificate
 	nil,                          // 9: pomerium.config.Settings.RequestParamsEntry
-	(*durationpb.Duration)(nil),  // 10: google.protobuf.Duration
-	(*v3.Cluster)(nil),           // 11: envoy.config.cluster.v3.Cluster
-	(*structpb.ListValue)(nil),   // 12: google.protobuf.ListValue
+	nil,                          // 10: pomerium.config.Settings.JwtClaimsHeadersEntry
+	(*durationpb.Duration)(nil),  // 11: google.protobuf.Duration
+	(*v3.Cluster)(nil),           // 12: envoy.config.cluster.v3.Cluster
+	(*structpb.ListValue)(nil),   // 13: google.protobuf.ListValue
 }
 var file_config_proto_depIdxs = []int32{
 	2,  // 0: pomerium.config.Config.routes:type_name -> pomerium.config.Route
 	4,  // 1: pomerium.config.Config.settings:type_name -> pomerium.config.Settings
 	1,  // 2: pomerium.config.Route.redirect:type_name -> pomerium.config.RouteRedirect
 	5,  // 3: pomerium.config.Route.allowed_idp_claims:type_name -> pomerium.config.Route.AllowedIdpClaimsEntry
-	10, // 4: pomerium.config.Route.timeout:type_name -> google.protobuf.Duration
+	11, // 4: pomerium.config.Route.timeout:type_name -> google.protobuf.Duration
 	6,  // 5: pomerium.config.Route.set_request_headers:type_name -> pomerium.config.Route.SetRequestHeadersEntry
-	11, // 6: pomerium.config.Route.envoy_opts:type_name -> envoy.config.cluster.v3.Cluster
+	12, // 6: pomerium.config.Route.envoy_opts:type_name -> envoy.config.cluster.v3.Cluster
 	3,  // 7: pomerium.config.Route.policies:type_name -> pomerium.config.Policy
 	7,  // 8: pomerium.config.Policy.allowed_idp_claims:type_name -> pomerium.config.Policy.AllowedIdpClaimsEntry
 	8,  // 9: pomerium.config.Settings.certificates:type_name -> pomerium.config.Settings.Certificate
-	10, // 10: pomerium.config.Settings.timeout_read:type_name -> google.protobuf.Duration
-	10, // 11: pomerium.config.Settings.timeout_write:type_name -> google.protobuf.Duration
-	10, // 12: pomerium.config.Settings.timeout_idle:type_name -> google.protobuf.Duration
-	10, // 13: pomerium.config.Settings.cookie_expire:type_name -> google.protobuf.Duration
-	10, // 14: pomerium.config.Settings.idp_refresh_directory_timeout:type_name -> google.protobuf.Duration
-	10, // 15: pomerium.config.Settings.idp_refresh_directory_interval:type_name -> google.protobuf.Duration
+	11, // 10: pomerium.config.Settings.timeout_read:type_name -> google.protobuf.Duration
+	11, // 11: pomerium.config.Settings.timeout_write:type_name -> google.protobuf.Duration
+	11, // 12: pomerium.config.Settings.timeout_idle:type_name -> google.protobuf.Duration
+	11, // 13: pomerium.config.Settings.cookie_expire:type_name -> google.protobuf.Duration
+	11, // 14: pomerium.config.Settings.idp_refresh_directory_timeout:type_name -> google.protobuf.Duration
+	11, // 15: pomerium.config.Settings.idp_refresh_directory_interval:type_name -> google.protobuf.Duration
 	9,  // 16: pomerium.config.Settings.request_params:type_name -> pomerium.config.Settings.RequestParamsEntry
-	10, // 17: pomerium.config.Settings.refresh_cooldown:type_name -> google.protobuf.Duration
-	10, // 18: pomerium.config.Settings.default_upstream_timeout:type_name -> google.protobuf.Duration
-	10, // 19: pomerium.config.Settings.grpc_server_max_connection_age:type_name -> google.protobuf.Duration
-	10, // 20: pomerium.config.Settings.grpc_server_max_connection_age_grace:type_name -> google.protobuf.Duration
-	12, // 21: pomerium.config.Route.AllowedIdpClaimsEntry.value:type_name -> google.protobuf.ListValue
-	12, // 22: pomerium.config.Policy.AllowedIdpClaimsEntry.value:type_name -> google.protobuf.ListValue
-	23, // [23:23] is the sub-list for method output_type
-	23, // [23:23] is the sub-list for method input_type
-	23, // [23:23] is the sub-list for extension type_name
-	23, // [23:23] is the sub-list for extension extendee
-	0,  // [0:23] is the sub-list for field type_name
+	10, // 17: pomerium.config.Settings.jwt_claims_headers:type_name -> pomerium.config.Settings.JwtClaimsHeadersEntry
+	11, // 18: pomerium.config.Settings.refresh_cooldown:type_name -> google.protobuf.Duration
+	11, // 19: pomerium.config.Settings.default_upstream_timeout:type_name -> google.protobuf.Duration
+	11, // 20: pomerium.config.Settings.grpc_server_max_connection_age:type_name -> google.protobuf.Duration
+	11, // 21: pomerium.config.Settings.grpc_server_max_connection_age_grace:type_name -> google.protobuf.Duration
+	13, // 22: pomerium.config.Route.AllowedIdpClaimsEntry.value:type_name -> google.protobuf.ListValue
+	13, // 23: pomerium.config.Policy.AllowedIdpClaimsEntry.value:type_name -> google.protobuf.ListValue
+	24, // [24:24] is the sub-list for method output_type
+	24, // [24:24] is the sub-list for method input_type
+	24, // [24:24] is the sub-list for extension type_name
+	24, // [24:24] is the sub-list for extension extendee
+	0,  // [0:24] is the sub-list for field type_name
 }
 
 func init() { file_config_proto_init() }
@@ -1872,7 +1882,7 @@ func file_config_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_config_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   10,
+			NumMessages:   11,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/pkg/grpc/config/config.proto b/pkg/grpc/config/config.proto
index 5d5be45d5..090ed3ece 100644
--- a/pkg/grpc/config/config.proto
+++ b/pkg/grpc/config/config.proto
@@ -140,7 +140,8 @@ message Settings {
   optional string certificate_authority_file = 35;
   optional string signing_key = 36;
   optional string signing_key_algorithm = 62;
-  repeated string jwt_claims_headers = 37;
+  // repeated string jwt_claims_headers = 37;
+  map<string, string> jwt_claims_headers = 63;
   optional google.protobuf.Duration refresh_cooldown = 38;
   optional google.protobuf.Duration default_upstream_timeout = 39;
   optional string metrics_address = 40;
diff --git a/proxy/state.go b/proxy/state.go
index 0a2e54bbe..dca116d4f 100644
--- a/proxy/state.go
+++ b/proxy/state.go
@@ -34,7 +34,7 @@ type proxyState struct {
 	refreshCooldown time.Duration
 	sessionStore    sessions.SessionStore
 	sessionLoaders  []sessions.SessionLoader
-	jwtClaimHeaders []string
+	jwtClaimHeaders config.JWTClaimHeaders
 }
 
 func newProxyStateFromConfig(cfg *config.Config) (*proxyState, error) {