Mercurial > hg > nginx-site

annotate xml/en/docs/http/ngx_http_auth_jwt_module.xml @ 2713:efb3d27dfa23

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated docs for the upcoming NGINX Plus release.
author Yaroslav Zhuravlev <yar@nginx.com>
date Mon, 26 Apr 2021 12:52:35 +0100
parents 1f2bd0d9a06c
children 9dd8c203a54a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
2
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
3 <!--
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
4 Copyright (C) Nginx, Inc.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
5 -->
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
6
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
8
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
9 <module name="Module ngx_http_auth_jwt_module"
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
10 link="/en/docs/http/ngx_http_auth_jwt_module.html"
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
11 lang="en"
2694
1f2bd0d9a06c Documented variables support for auth_jwt_key_request.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2424
diff changeset
12 rev="11">
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
13
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14 <section id="summary">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
16 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
18 implements client authorization by validating the provided
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
19 <link url="https://tools.ietf.org/html/rfc7519">JSON Web Token</link> (JWT)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
20 using the specified keys.
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
21 JWT claims can be encoded in a
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
22 <link url="https://tools.ietf.org/html/rfc7515">JSON Web Signature</link> (JWS)
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
23 or
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
24 <link url="https://tools.ietf.org/html/rfc7516">JSON Web Encryption</link> (JWE)
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
25 (1.19.7) structure.
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
26 The module can be used for
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
27 <link url="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect</link>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
28 authentication.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
29 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
30
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
31 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
32 The module may be combined with
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
33 other access modules, such as
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
34 <link doc="ngx_http_access_module.xml">ngx_http_access_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
35 <link doc="ngx_http_auth_basic_module.xml">ngx_http_auth_basic_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
36 and
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
37 <link doc="ngx_http_auth_request_module.xml">ngx_http_auth_request_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
38 via the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
39 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
40
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
41 <para>
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
42 <note>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
43 This module is available as part of our
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
44 <commercial_version>commercial subscription</commercial_version>.
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
45 </note>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
46 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
47
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
48 </section>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
49
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
50
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
51 <section id="algorithms" name="Supported Algorithms">
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
52
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
53 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
54 The module supports the following JSON Web
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
55 <link url="https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms">Algorithms</link>.
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
56 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
57
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
58 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
59 JWS algorithms:
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
60 <list type="bullet">
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
61
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
62 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
63 HS256, HS384, HS512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
64 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
65
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
66 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
67 RS256, RS384, RS512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
68 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
69
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
70 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
71 ES256, ES384, ES512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
72 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
73
2304
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
74 <listitem>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
75 EdDSA (Ed25519 and Ed448 signatures) (1.15.7)
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
76 </listitem>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
77
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
78 </list>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
79
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
80 <note>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
81 Prior to version 1.13.7,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
82 only HS256, RS256, ES256 algorithms were supported.
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
83 </note>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
84 </para>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
85
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
86 <para>
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
87 JWE content encryption algorithms (1.19.7):
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
88 <list type="bullet">
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
89
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
90 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
91 A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
92 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
93
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
94 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
95 A128GCM, A192GCM, A256GCM
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
96 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
97
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
98 </list>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
99 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
100
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
101 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
102 JWE key management algorithms (1.19.9):
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
103 <list type="bullet">
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
104
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
105 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
106 A128KW, A192KW, A256KW
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
107 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
108
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
109 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
110 A128GCMKW, A192GCMKW, A256GCMKW
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
111 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
112
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
113 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
114 dir&mdash;direct use of a shared symmetric key as the content encryption key
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
115 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
116
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
117 </list>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
118 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
119
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
120 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
121
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
122
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
123 <section id="example" name="Example Configuration">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
124
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
125 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
126 <example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
127 location / {
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
128 auth_jwt "closed site";
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
129 auth_jwt_key_file conf/keys.json;
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
130 }
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
131 </example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
132 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
133
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
134 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
135
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
136
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
137 <section id="directives" name="Directives">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
138
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
139 <directive name="auth_jwt">
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
140 <syntax>
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
141 <value>string</value>
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
142 [<literal>token=</literal><value>$variable</value>] |
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
143 <literal>off</literal></syntax>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
144 <default>off</default>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
145 <context>http</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
146 <context>server</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
147 <context>location</context>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
148 <context>limit_except</context>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
149
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
150 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
151 Enables validation of JSON Web Token.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
152 The specified <value>string</value> is used as a <literal>realm</literal>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
153 Parameter value can contain variables.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
154 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
155
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
156 <para>
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
157 The optional <literal>token</literal> parameter specifies a variable
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
158 that contains JSON Web Token.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
159 By default, JWT is passed in the <header>Authorization</header> header
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
160 as a
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
161 <link url="https://tools.ietf.org/html/rfc6750">Bearer Token</link>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
162 JWT may be also passed as a cookie or a part of a query string:
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
163 <example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
164 auth_jwt "closed site" token=$cookie_auth_token;
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
165 </example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
166 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
167
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
168 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
169 The special value <literal>off</literal> cancels the effect
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
170 of the <literal>auth_jwt</literal> directive
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
171 inherited from the previous configuration level.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
172 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
173
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
174 </directive>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
175
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
176
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
177 <directive name="auth_jwt_claim_set">
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
178 <syntax><value>$variable</value> <value>name</value> ...</syntax>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
179 <default/>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
180 <context>http</context>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
181 <appeared-in>1.11.10</appeared-in>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
182
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
183 <para>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
184 Sets the <value>variable</value> to a JWT claim parameter
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
185 identified by key names.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
186 Name matching starts from the top level of the JSON tree.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
187 For arrays, the variable keeps a list of array elements separated by commas.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
188 <example>
2424
dd3ac7eefeed Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2408
diff changeset
189 auth_jwt_claim_set $email info e-mail;
dd3ac7eefeed Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2408
diff changeset
190 auth_jwt_claim_set $job info "job title";
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
191 </example>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
192 <note>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
193 Prior to version 1.13.7, only one key name could be specified,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
194 and the result was undefined for arrays.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
195 </note>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
196 </para>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
197
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
198 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
199 <note>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
200 Variable values for tokens encrypted with JWE
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
201 are available only after decryption which occurs during the
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
202 <link doc="../dev/development_guide.xml" id="http_phases">Access</link> phase.
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
203 </note>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
204 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
205
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
206 </directive>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
207
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
208
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
209 <directive name="auth_jwt_header_set">
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
210 <syntax><value>$variable</value> <value>name</value> ...</syntax>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
211 <default/>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
212 <context>http</context>
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
213 <appeared-in>1.11.10</appeared-in>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
214
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
215 <para>
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
216 Sets the <value>variable</value> to a JOSE header parameter
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
217 identified by key names.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
218 Name matching starts from the top level of the JSON tree.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
219 For arrays, the variable keeps a list of array elements separated by commas.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
220 <note>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
221 Prior to version 1.13.7, only one key name could be specified,
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
222 and the result was undefined for arrays.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
223 </note>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
224 </para>
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
225
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
226 </directive>
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
227
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
228
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
229 <directive name="auth_jwt_key_file">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
230 <syntax><value>file</value></syntax>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
231 <default/>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
232 <context>http</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
233 <context>server</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
234 <context>location</context>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
235 <context>limit_except</context>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
236
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
237 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
238 Specifies a <value>file</value> in
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
239 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
240 format for validating JWT signature.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
241 Parameter value can contain variables.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
242 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
243
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
244 </directive>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
245
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
246
2304
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
247 <directive name="auth_jwt_key_request">
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
248 <syntax><value>uri</value></syntax>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
249 <default/>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
250 <context>http</context>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
251 <context>server</context>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
252 <context>location</context>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
253 <context>limit_except</context>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
254 <appeared-in>1.15.6</appeared-in>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
255
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
256 <para>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
257 Allows retrieving a
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
258 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
259 file from a subrequest for validating JWT signature and
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
260 sets the URI where the subrequest will be sent to.
2694
1f2bd0d9a06c Documented variables support for auth_jwt_key_request.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2424
diff changeset
261 Parameter value can contain variables.
2304
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
262 To avoid validation overhead,
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
263 it is recommended to cache the key file:
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
264 <example>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
265 proxy_cache_path /data/nginx/cache levels=1 keys_zone=foo:10m;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
266
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
267 server {
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
268 ...
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
269
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
270 location / {
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
271 auth_jwt "closed site";
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
272 auth_jwt_key_request /jwks_uri;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
273 }
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
274
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
275 location = /jwks_uri {
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
276 internal;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
277 proxy_cache foo;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
278 proxy_pass http://idp.example.com/keys;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
279 }
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
280 }
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
281 </example>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
282 </para>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
283
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
284 </directive>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
285
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
286
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
287 <directive name="auth_jwt_leeway">
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
288 <syntax><value>time</value></syntax>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
289 <default>0s</default>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
290 <context>http</context>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
291 <context>server</context>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
292 <context>location</context>
2143
231cad90a823 Corrected appeared-in version for the auth_jwt_leeway directive.
Sergey Kandaurov <pluknet@nginx.com>
parents: 2142
diff changeset
293 <appeared-in>1.13.10</appeared-in>
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
294
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
295 <para>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
296 Sets the maximum allowable leeway to compensate
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
297 clock skew when verifying the
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
298 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.4">exp</link>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
299 and
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
300 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.5">nbf</link>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
301 JWT claims.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
302 </para>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
303
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
304 </directive>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
305
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
306
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
307 <directive name="auth_jwt_type">
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
308 <syntax><value>signed</value> | <value>encrypted</value></syntax>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
309 <default>signed</default>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
310 <context>http</context>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
311 <context>server</context>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
312 <context>location</context>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
313 <context>limit_except</context>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
314 <appeared-in>1.19.7</appeared-in>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
315
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
316 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
317 Specifies which type of JSON Web Token to expect:
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
318 JWS (<literal>signed</literal>) or
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
319 JWE (<literal>encrypted</literal>).
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
320 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
321
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
322 </directive>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
323
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
324 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
325
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
326
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
327 <section id="variables" name="Embedded Variables">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
328
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
329 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
330 The <literal>ngx_http_auth_jwt_module</literal> module
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
331 supports embedded variables:
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
332 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
333
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
334 <para>
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
335 <list type="tag" compact="yes">
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
336 <tag-name id="var_jwt_header_"><var>$jwt_header_</var><value>name</value></tag-name>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
337 <tag-desc>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
338 returns the value of a specified
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
339 <link url="https://tools.ietf.org/html/rfc7515#section-4">JOSE header</link>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
340 </tag-desc>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
341
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
342 <tag-name id="var_jwt_claim_"><var>$jwt_claim_</var><value>name</value></tag-name>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
343 <tag-desc>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
344 returns the value of a specified
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
345 <link url="https://tools.ietf.org/html/rfc7519#section-4">JWT claim</link>
2408
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
346
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
347 <para>
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
348 For nested claims and claims including a dot (“.”),
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
349 the value of the variable cannot be evaluated;
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
350 the <link id="auth_jwt_claim_set"/> directive should be used instead.
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
351 </para>
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
352
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
353 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
354 Variable values for tokens encrypted with JWE
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
355 are available only after decryption which occurs during the
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
356 <link doc="../dev/development_guide.xml" id="http_phases">Access</link> phase.
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
357 </para>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
358 </tag-desc>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
359
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
360 </list>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
361 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
362
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
363 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
364
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
365 </module>