istio
diff --git a/‎security/v1/request_authentication.pb.go
Lines changed: 4 additions & 2 deletions b/‎security/v1/request_authentication.pb.go
Lines changed: 4 additions & 2 deletions
diff --git a/‎security/v1/request_authentication.proto
Lines changed: 4 additions & 2 deletions b/‎security/v1/request_authentication.proto
Lines changed: 4 additions & 2 deletions
diff --git a/‎security/v1beta1/request_authentication.pb.go
Lines changed: 4 additions & 2 deletions b/‎security/v1beta1/request_authentication.pb.go
Lines changed: 4 additions & 2 deletions
diff --git a/‎security/v1beta1/request_authentication.pb.html
Lines changed: 4 additions & 2 deletions b/‎security/v1beta1/request_authentication.pb.html
Lines changed: 4 additions & 2 deletions
diff --git a/‎security/v1beta1/request_authentication.proto
Lines changed: 4 additions & 2 deletions b/‎security/v1beta1/request_authentication.proto
Lines changed: 4 additions & 2 deletions
@@ -295,8 +295,10 @@ option go_package="istio.io/api/security/v1";
 // is now supported. A prefix '@' is used to denote a match against internal metadata instead of the headers in the request.
 // Currently this feature is only supported for the following metadata:
 //
-// - `request.auth.claims.{claim-name}[.{sub-claim}]*` which are extracted from validated JWT tokens. The claim name
-// currently does not support the `.` character. Examples: `request.auth.claims.sub` and `request.auth.claims.name.givenName`.
+// - `request.auth.claims.{claim-name}[.{nested-claim}]*` which are extracted from validated JWT tokens.
+// Use the `.` or `[]` as a separator for nested claim names.
+// Examples: `request.auth.claims.sub`, `request.auth.claims.name.givenName` and `request.auth.claims[foo.com/name]`.
+// For more information, see [JWT claim based routing](https://istio.io/latest/docs/tasks/security/authentication/jwt-route/).
 //
 // The use of matches against JWT claim metadata is only supported in Gateways. The following example shows:
 //
 
@@ -293,8 +293,10 @@ option go_package="istio.io/api/security/v1beta1";
 // is now supported. A prefix '@' is used to denote a match against internal metadata instead of the headers in the request.
 // Currently this feature is only supported for the following metadata:
 //
-// - `request.auth.claims.{claim-name}[.{sub-claim}]*` which are extracted from validated JWT tokens. The claim name
-// currently does not support the `.` character. Examples: `request.auth.claims.sub` and `request.auth.claims.name.givenName`.
+// - `request.auth.claims.{claim-name}[.{nested-claim}]*` which are extracted from validated JWT tokens.
+// Use the `.` or `[]` as a separator for nested claim names.
+// Examples: `request.auth.claims.sub`, `request.auth.claims.name.givenName` and `request.auth.claims[foo.com/name]`.
+// For more information, see [JWT claim based routing](https://istio.io/latest/docs/tasks/security/authentication/jwt-route/).
 //
 // The use of matches against JWT claim metadata is only supported in Gateways. The following example shows:
 //