Mercurial > hg > nginx-site
annotate xml/en/docs/http/ngx_http_auth_jwt_module.xml @ 2764:bc9c5d11b67c
Updated OpenSSL version used for win32 builds.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 31 Aug 2021 17:11:05 +0100 |
parents | efb3d27dfa23 |
children | 9dd8c203a54a |
rev | line source |
---|---|
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
2 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
3 <!-- |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
4 Copyright (C) Nginx, Inc. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
5 --> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
6 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
8 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 <module name="Module ngx_http_auth_jwt_module" |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
10 link="/en/docs/http/ngx_http_auth_jwt_module.html" |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
11 lang="en" |
2694
1f2bd0d9a06c
Documented variables support for auth_jwt_key_request.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2424
diff
changeset
|
12 rev="11"> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
13 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 <section id="summary"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
16 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3) |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
18 implements client authorization by validating the provided |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
19 <link url="https://tools.ietf.org/html/rfc7519">JSON Web Token</link> (JWT) |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
20 using the specified keys. |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
21 JWT claims can be encoded in a |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
22 <link url="https://tools.ietf.org/html/rfc7515">JSON Web Signature</link> (JWS) |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
23 or |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
24 <link url="https://tools.ietf.org/html/rfc7516">JSON Web Encryption</link> (JWE) |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
25 (1.19.7) structure. |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
26 The module can be used for |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
27 <link url="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect</link> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
28 authentication. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
29 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
30 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
31 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
32 The module may be combined with |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
33 other access modules, such as |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
34 <link doc="ngx_http_access_module.xml">ngx_http_access_module</link>, |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
35 <link doc="ngx_http_auth_basic_module.xml">ngx_http_auth_basic_module</link>, |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
36 and |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
37 <link doc="ngx_http_auth_request_module.xml">ngx_http_auth_request_module</link>, |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
38 via the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
39 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
40 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
41 <para> |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
42 <note> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
43 This module is available as part of our |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
44 <commercial_version>commercial subscription</commercial_version>. |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
45 </note> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
46 </para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
47 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
48 </section> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
49 |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
50 |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
51 <section id="algorithms" name="Supported Algorithms"> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
52 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
53 <para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
54 The module supports the following JSON Web |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
55 <link url="https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms">Algorithms</link>. |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
56 </para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
57 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
58 <para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
59 JWS algorithms: |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
60 <list type="bullet"> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
61 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
62 <listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
63 HS256, HS384, HS512 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
64 </listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
65 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
66 <listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
67 RS256, RS384, RS512 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
68 </listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
69 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
70 <listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
71 ES256, ES384, ES512 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
72 </listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
73 |
2304
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
74 <listitem> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
75 EdDSA (Ed25519 and Ed448 signatures) (1.15.7) |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
76 </listitem> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
77 |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
78 </list> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
79 |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
80 <note> |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
81 Prior to version 1.13.7, |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
82 only HS256, RS256, ES256 algorithms were supported. |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
83 </note> |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
84 </para> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
85 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
86 <para> |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
87 JWE content encryption algorithms (1.19.7): |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
88 <list type="bullet"> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
89 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
90 <listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
91 A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
92 </listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
93 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
94 <listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
95 A128GCM, A192GCM, A256GCM |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
96 </listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
97 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
98 </list> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
99 </para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
100 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
101 <para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
102 JWE key management algorithms (1.19.9): |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
103 <list type="bullet"> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
104 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
105 <listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
106 A128KW, A192KW, A256KW |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
107 </listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
108 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
109 <listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
110 A128GCMKW, A192GCMKW, A256GCMKW |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
111 </listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
112 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
113 <listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
114 dir—direct use of a shared symmetric key as the content encryption key |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
115 </listitem> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
116 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
117 </list> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
118 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
119 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
120 </section> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
121 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
122 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
123 <section id="example" name="Example Configuration"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
124 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
125 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
126 <example> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
127 location / { |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
128 auth_jwt "closed site"; |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
129 auth_jwt_key_file conf/keys.json; |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
130 } |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
131 </example> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
132 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
133 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
134 </section> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
135 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
136 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
137 <section id="directives" name="Directives"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
138 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
139 <directive name="auth_jwt"> |
1831
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
140 <syntax> |
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
141 <value>string</value> |
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
142 [<literal>token=</literal><value>$variable</value>] | |
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
143 <literal>off</literal></syntax> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
144 <default>off</default> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
145 <context>http</context> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
146 <context>server</context> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
147 <context>location</context> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
148 <context>limit_except</context> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
149 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
150 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
151 Enables validation of JSON Web Token. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
152 The specified <value>string</value> is used as a <literal>realm</literal>. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
153 Parameter value can contain variables. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
154 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
155 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
156 <para> |
1831
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
157 The optional <literal>token</literal> parameter specifies a variable |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
158 that contains JSON Web Token. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
159 By default, JWT is passed in the <header>Authorization</header> header |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
160 as a |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
161 <link url="https://tools.ietf.org/html/rfc6750">Bearer Token</link>. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
162 JWT may be also passed as a cookie or a part of a query string: |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
163 <example> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
164 auth_jwt "closed site" token=$cookie_auth_token; |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
165 </example> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
166 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
167 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
168 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
169 The special value <literal>off</literal> cancels the effect |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
170 of the <literal>auth_jwt</literal> directive |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
171 inherited from the previous configuration level. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
172 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
173 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
174 </directive> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
175 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
176 |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
177 <directive name="auth_jwt_claim_set"> |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
178 <syntax><value>$variable</value> <value>name</value> ...</syntax> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
179 <default/> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
180 <context>http</context> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
181 <appeared-in>1.11.10</appeared-in> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
182 |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
183 <para> |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
184 Sets the <value>variable</value> to a JWT claim parameter |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
185 identified by key names. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
186 Name matching starts from the top level of the JSON tree. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
187 For arrays, the variable keeps a list of array elements separated by commas. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
188 <example> |
2424
dd3ac7eefeed
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2408
diff
changeset
|
189 auth_jwt_claim_set $email info e-mail; |
dd3ac7eefeed
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2408
diff
changeset
|
190 auth_jwt_claim_set $job info "job title"; |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
191 </example> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
192 <note> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
193 Prior to version 1.13.7, only one key name could be specified, |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
194 and the result was undefined for arrays. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
195 </note> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
196 </para> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
197 |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
198 <para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
199 <note> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
200 Variable values for tokens encrypted with JWE |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
201 are available only after decryption which occurs during the |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
202 <link doc="../dev/development_guide.xml" id="http_phases">Access</link> phase. |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
203 </note> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
204 </para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
205 |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
206 </directive> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
207 |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
208 |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
209 <directive name="auth_jwt_header_set"> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
210 <syntax><value>$variable</value> <value>name</value> ...</syntax> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
211 <default/> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
212 <context>http</context> |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
213 <appeared-in>1.11.10</appeared-in> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
214 |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
215 <para> |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
216 Sets the <value>variable</value> to a JOSE header parameter |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
217 identified by key names. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
218 Name matching starts from the top level of the JSON tree. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
219 For arrays, the variable keeps a list of array elements separated by commas. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
220 <note> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
221 Prior to version 1.13.7, only one key name could be specified, |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
222 and the result was undefined for arrays. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
223 </note> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
224 </para> |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
225 |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
226 </directive> |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
227 |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
228 |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
229 <directive name="auth_jwt_key_file"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
230 <syntax><value>file</value></syntax> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
231 <default/> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
232 <context>http</context> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
233 <context>server</context> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
234 <context>location</context> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
235 <context>limit_except</context> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
236 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
237 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
238 Specifies a <value>file</value> in |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
239 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
240 format for validating JWT signature. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
241 Parameter value can contain variables. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
242 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
243 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
244 </directive> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
245 |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
246 |
2304
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
247 <directive name="auth_jwt_key_request"> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
248 <syntax><value>uri</value></syntax> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
249 <default/> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
250 <context>http</context> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
251 <context>server</context> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
252 <context>location</context> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
253 <context>limit_except</context> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
254 <appeared-in>1.15.6</appeared-in> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
255 |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
256 <para> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
257 Allows retrieving a |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
258 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
259 file from a subrequest for validating JWT signature and |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
260 sets the URI where the subrequest will be sent to. |
2694
1f2bd0d9a06c
Documented variables support for auth_jwt_key_request.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2424
diff
changeset
|
261 Parameter value can contain variables. |
2304
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
262 To avoid validation overhead, |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
263 it is recommended to cache the key file: |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
264 <example> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
265 proxy_cache_path /data/nginx/cache levels=1 keys_zone=foo:10m; |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
266 |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
267 server { |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
268 ... |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
269 |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
270 location / { |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
271 auth_jwt "closed site"; |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
272 auth_jwt_key_request /jwks_uri; |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
273 } |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
274 |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
275 location = /jwks_uri { |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
276 internal; |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
277 proxy_cache foo; |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
278 proxy_pass http://idp.example.com/keys; |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
279 } |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
280 } |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
281 </example> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
282 </para> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
283 |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
284 </directive> |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
285 |
f4b9660316c5
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2143
diff
changeset
|
286 |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
287 <directive name="auth_jwt_leeway"> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
288 <syntax><value>time</value></syntax> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
289 <default>0s</default> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
290 <context>http</context> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
291 <context>server</context> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
292 <context>location</context> |
2143
231cad90a823
Corrected appeared-in version for the auth_jwt_leeway directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2142
diff
changeset
|
293 <appeared-in>1.13.10</appeared-in> |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
294 |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
295 <para> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
296 Sets the maximum allowable leeway to compensate |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
297 clock skew when verifying the |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
298 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.4">exp</link> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
299 and |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
300 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.5">nbf</link> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
301 JWT claims. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
302 </para> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
303 |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
304 </directive> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
305 |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
306 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
307 <directive name="auth_jwt_type"> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
308 <syntax><value>signed</value> | <value>encrypted</value></syntax> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
309 <default>signed</default> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
310 <context>http</context> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
311 <context>server</context> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
312 <context>location</context> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
313 <context>limit_except</context> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
314 <appeared-in>1.19.7</appeared-in> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
315 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
316 <para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
317 Specifies which type of JSON Web Token to expect: |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
318 JWS (<literal>signed</literal>) or |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
319 JWE (<literal>encrypted</literal>). |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
320 </para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
321 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
322 </directive> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
323 |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
324 </section> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
325 |
1831
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
326 |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
327 <section id="variables" name="Embedded Variables"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
328 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
329 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
330 The <literal>ngx_http_auth_jwt_module</literal> module |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
331 supports embedded variables: |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
332 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
333 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
334 <para> |
1831
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
335 <list type="tag" compact="yes"> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
336 <tag-name id="var_jwt_header_"><var>$jwt_header_</var><value>name</value></tag-name> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
337 <tag-desc> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
338 returns the value of a specified |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
339 <link url="https://tools.ietf.org/html/rfc7515#section-4">JOSE header</link> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
340 </tag-desc> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
341 |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
342 <tag-name id="var_jwt_claim_"><var>$jwt_claim_</var><value>name</value></tag-name> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
343 <tag-desc> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
344 returns the value of a specified |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
345 <link url="https://tools.ietf.org/html/rfc7519#section-4">JWT claim</link> |
2408
183c16ce60d0
Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2304
diff
changeset
|
346 |
183c16ce60d0
Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2304
diff
changeset
|
347 <para> |
183c16ce60d0
Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2304
diff
changeset
|
348 For nested claims and claims including a dot (“.”), |
183c16ce60d0
Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2304
diff
changeset
|
349 the value of the variable cannot be evaluated; |
183c16ce60d0
Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2304
diff
changeset
|
350 the <link id="auth_jwt_claim_set"/> directive should be used instead. |
183c16ce60d0
Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2304
diff
changeset
|
351 </para> |
2713
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
352 |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
353 <para> |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
354 Variable values for tokens encrypted with JWE |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
355 are available only after decryption which occurs during the |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
356 <link doc="../dev/development_guide.xml" id="http_phases">Access</link> phase. |
efb3d27dfa23
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
2694
diff
changeset
|
357 </para> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
358 </tag-desc> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
359 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
360 </list> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
361 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
362 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
363 </section> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
364 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
365 </module> |