Code Monkey home page Code Monkey logo

ngx_http_auth_jwt_module's Introduction

ngx_http_auth_jwt_module

nginx c module to protect resources using jwt.

This modules is heavenly inspired by the nginx original http_auth_jwt_module. Unfortunately this module is only available in the commercial subscription. This is a replacement that can be used by compiling it with the open source nginx.

Dependencies

This module depends on openssl, libjwt and jansson C libraries.

Compile

In order to compile, dowload source code for nginx and this repo. From the nginx folder, issue the following command.

./configure --with-http_ssl_module --add-module=../ngx_http_auth_jwt_module

Usage

There are few directives that can be used in the configuration file in order to activate this module.

auth_jwt

The usage of this directive is identical of the one on the original nginx PLUS http_auth_jwt_module:

Syntax: auth_jwt string [token=$variable] | off ;
Default: auth_jwt off;
Context: http, server, location

the optional token parameter takes a variable that contains the JSON Web Token. If not present the module expects the JSON Web Token to be passsed in the Authorization header as Bearer Token. Since token can be assigned to a variable, the JWT can be passed as a cookie or a query string. Example of usage:

auth_jwt "Reserved site" token=$cookie_myjwtcookie

The reserved value off disable the jwt protection.

auth_jwt_key_file

This directive is used to specify the file hosing the key. This must be a certificate in case JWT is encrypted using an asymmetric key encryption (RS256 for example) or the shared secret in case JWT is encrypted using a symmetric algorithm (HS256 for example).

Syntax: auth_jwt_key_file file;
Default: -
Context: http, server, location

auth_jwt_alg

This directive is used to specify which algorithm the server expects to receive in the JWT. As suggested by Auth0 letting the creator ot the JWT to choose the encryption algorithm can leed to critical vulnerabilities. The specification of the algorithm is mandatory, and NONE is not accepted as a valid one.

Syntax: auth_jwt_alg HS256 | HS384 | HS512 | RS256 | RS384 | RS512 | ES256 | ES384 | ES512
Default: -
Context: http, server, location

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.