The ngx_http_auth_jwt_module
module (1.11.3) implements client authorization by validating the provided JSON Web Token (JWT) using the specified keys. JWT claims must be encoded in a JSON Web Signature (JWS) structure. The module can be used for OpenID Connect authentication.
The module may be combined with other access modules, such as ngx_http_access_module, ngx_http_auth_basic_module, and ngx_http_auth_request_module, via the satisfy directive.
This module is available as part of our commercial subscription.
location / { auth_jwt "closed site"; auth_jwt_key_file conf/keys.json; }
Syntax: | auth_jwt
|
---|---|
Default: | auth_jwt off; |
Context: | http , server , location |
Enables validation of JSON Web Token. The specified string
is used as a realm
. Parameter value can contain variables.
The optional token
parameter specifies a variable that contains JSON Web Token. By default, JWT is passed in the “Authorization” header as a Bearer Token. JWT may be also passed as a cookie or a part of a query string:
auth_jwt "closed site" token=$cookie_auth_token;
The special value off
cancels the effect of the auth_jwt
directive inherited from the previous configuration level.
Syntax: | auth_jwt_header_set |
---|---|
Default: | — |
Context: | http |
This directive appeared in version 1.11.10.
Sets the variable
to the given JOSE header parameter name
.
Syntax: | auth_jwt_claim_set |
---|---|
Default: | — |
Context: | http |
This directive appeared in version 1.11.10.
Sets the variable
to the given JWT claim parameter name
.
Syntax: | auth_jwt_key_file |
---|---|
Default: | — |
Context: | http , server , location |
Specifies a file
in JSON Web Key Set format for validating JWT signature. Parameter value can contain variables.
The ngx_http_auth_jwt_module
module supports embedded variables:
$jwt_header_
name
$jwt_claim_
name
© 2002-2017 Igor Sysoev
© 2011-2017 Nginx, Inc.
Licensed under the BSD License.
https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html