Mercurial > hg > nginx-site

annotate xml/en/docs/http/ngx_http_auth_jwt_module.xml @ 2768:9dd8c203a54a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated docs for the upcoming NGINX Plus release.
author Yaroslav Zhuravlev <yar@nginx.com>
date Wed, 22 Sep 2021 13:47:23 +0300
parents efb3d27dfa23
children 4add6ae1296f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
2
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
3 <!--
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
4 Copyright (C) Nginx, Inc.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
5 -->
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
6
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
8
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
9 <module name="Module ngx_http_auth_jwt_module"
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
10 link="/en/docs/http/ngx_http_auth_jwt_module.html"
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
11 lang="en"
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
12 rev="12">
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
13
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14 <section id="summary">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
16 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
18 implements client authorization by validating the provided
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
19 <link url="https://tools.ietf.org/html/rfc7519">JSON Web Token</link> (JWT)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
20 using the specified keys.
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
21 The module supports
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
22 <link url="https://tools.ietf.org/html/rfc7515">JSON Web Signature</link> (JWS),
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
23 <link url="https://tools.ietf.org/html/rfc7516">JSON Web Encryption</link> (JWE)
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
24 (1.19.7), and Nested JWT (1.21.0).
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
25 The module can be used for
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
26 <link url="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect</link>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
27 authentication.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
28 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
29
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
30 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
31 The module may be combined with
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
32 other access modules, such as
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
33 <link doc="ngx_http_access_module.xml">ngx_http_access_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
34 <link doc="ngx_http_auth_basic_module.xml">ngx_http_auth_basic_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
35 and
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
36 <link doc="ngx_http_auth_request_module.xml">ngx_http_auth_request_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
37 via the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
38 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
39
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
40 <para>
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
41 <note>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
42 This module is available as part of our
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
43 <commercial_version>commercial subscription</commercial_version>.
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
44 </note>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
45 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
46
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
47 </section>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
48
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
49
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
50 <section id="algorithms" name="Supported Algorithms">
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
51
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
52 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
53 The module supports the following JSON Web
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
54 <link url="https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms">Algorithms</link>.
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
55 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
56
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
57 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
58 JWS algorithms:
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
59 <list type="bullet">
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
60
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
61 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
62 HS256, HS384, HS512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
63 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
64
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
65 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
66 RS256, RS384, RS512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
67 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
68
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
69 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
70 ES256, ES384, ES512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
71 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
72
2304
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
73 <listitem>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
74 EdDSA (Ed25519 and Ed448 signatures) (1.15.7)
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
75 </listitem>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
76
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
77 </list>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
78
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
79 <note>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
80 Prior to version 1.13.7,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
81 only HS256, RS256, ES256 algorithms were supported.
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
82 </note>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
83 </para>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
84
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
85 <para>
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
86 JWE content encryption algorithms (1.19.7):
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
87 <list type="bullet">
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
88
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
89 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
90 A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
91 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
92
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
93 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
94 A128GCM, A192GCM, A256GCM
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
95 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
96
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
97 </list>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
98 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
99
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
100 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
101 JWE key management algorithms (1.19.9):
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
102 <list type="bullet">
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
103
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
104 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
105 A128KW, A192KW, A256KW
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
106 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
107
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
108 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
109 A128GCMKW, A192GCMKW, A256GCMKW
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
110 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
111
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
112 <listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
113 dir&mdash;direct use of a shared symmetric key as the content encryption key
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
114 </listitem>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
115
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
116 <listitem>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
117 RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512 (1.21.0)
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
118 </listitem>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
119
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
120 </list>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
121 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
122
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
123 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
124
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
125
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
126 <section id="example" name="Example Configuration">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
127
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
128 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
129 <example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
130 location / {
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
131 auth_jwt "closed site";
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
132 auth_jwt_key_file conf/keys.json;
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
133 }
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
134 </example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
135 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
136
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
137 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
138
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
139
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
140 <section id="directives" name="Directives">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
141
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
142 <directive name="auth_jwt">
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
143 <syntax>
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
144 <value>string</value>
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
145 [<literal>token=</literal><value>$variable</value>] |
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
146 <literal>off</literal></syntax>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
147 <default>off</default>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
148 <context>http</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
149 <context>server</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
150 <context>location</context>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
151 <context>limit_except</context>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
152
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
153 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
154 Enables validation of JSON Web Token.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
155 The specified <value>string</value> is used as a <literal>realm</literal>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
156 Parameter value can contain variables.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
157 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
158
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
159 <para>
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
160 The optional <literal>token</literal> parameter specifies a variable
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
161 that contains JSON Web Token.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
162 By default, JWT is passed in the <header>Authorization</header> header
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
163 as a
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
164 <link url="https://tools.ietf.org/html/rfc6750">Bearer Token</link>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
165 JWT may be also passed as a cookie or a part of a query string:
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
166 <example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
167 auth_jwt "closed site" token=$cookie_auth_token;
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
168 </example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
169 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
170
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
171 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
172 The special value <literal>off</literal> cancels the effect
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
173 of the <literal>auth_jwt</literal> directive
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
174 inherited from the previous configuration level.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
175 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
176
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
177 </directive>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
178
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
179
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
180 <directive name="auth_jwt_claim_set">
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
181 <syntax><value>$variable</value> <value>name</value> ...</syntax>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
182 <default/>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
183 <context>http</context>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
184 <appeared-in>1.11.10</appeared-in>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
185
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
186 <para>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
187 Sets the <value>variable</value> to a JWT claim parameter
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
188 identified by key names.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
189 Name matching starts from the top level of the JSON tree.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
190 For arrays, the variable keeps a list of array elements separated by commas.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
191 <example>
2424
dd3ac7eefeed Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2408
diff changeset
192 auth_jwt_claim_set $email info e-mail;
dd3ac7eefeed Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2408
diff changeset
193 auth_jwt_claim_set $job info "job title";
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
194 </example>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
195 <note>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
196 Prior to version 1.13.7, only one key name could be specified,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
197 and the result was undefined for arrays.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
198 </note>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
199 </para>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
200
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
201 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
202 <note>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
203 Variable values for tokens encrypted with JWE
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
204 are available only after decryption which occurs during the
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
205 <link doc="../dev/development_guide.xml" id="http_phases">Access</link> phase.
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
206 </note>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
207 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
208
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
209 </directive>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
210
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
211
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
212 <directive name="auth_jwt_header_set">
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
213 <syntax><value>$variable</value> <value>name</value> ...</syntax>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
214 <default/>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
215 <context>http</context>
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
216 <appeared-in>1.11.10</appeared-in>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
217
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
218 <para>
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
219 Sets the <value>variable</value> to a JOSE header parameter
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
220 identified by key names.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
221 Name matching starts from the top level of the JSON tree.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
222 For arrays, the variable keeps a list of array elements separated by commas.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
223 <note>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
224 Prior to version 1.13.7, only one key name could be specified,
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
225 and the result was undefined for arrays.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
226 </note>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
227 </para>
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
228
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
229 </directive>
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
230
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
231
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
232 <directive name="auth_jwt_key_file">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
233 <syntax><value>file</value></syntax>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
234 <default/>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
235 <context>http</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
236 <context>server</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
237 <context>location</context>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
238 <context>limit_except</context>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
239
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
240 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
241 Specifies a <value>file</value> in
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
242 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
243 format for validating JWT signature.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
244 Parameter value can contain variables.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
245 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
246
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
247 <para>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
248 Several <literal>auth_jwt_key_file</literal> directives
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
249 can be specified on the same level (1.21.1):
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
250 <example>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
251 auth_jwt_key_file conf/keys.json;
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
252 auth_jwt_key_file conf/key.jwk;
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
253 </example>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
254 If at least one of the specified keys cannot be loaded or processed,
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
255 nginx will return the
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
256 <http-status code="500" text="Internal Server Error"/> error.
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
257 </para>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
258
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
259 </directive>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
260
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
261
2304
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
262 <directive name="auth_jwt_key_request">
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
263 <syntax><value>uri</value></syntax>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
264 <default/>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
265 <context>http</context>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
266 <context>server</context>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
267 <context>location</context>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
268 <context>limit_except</context>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
269 <appeared-in>1.15.6</appeared-in>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
270
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
271 <para>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
272 Allows retrieving a
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
273 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
274 file from a subrequest for validating JWT signature and
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
275 sets the URI where the subrequest will be sent to.
2694
1f2bd0d9a06c Documented variables support for auth_jwt_key_request.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2424
diff changeset
276 Parameter value can contain variables.
2304
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
277 To avoid validation overhead,
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
278 it is recommended to cache the key file:
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
279 <example>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
280 proxy_cache_path /data/nginx/cache levels=1 keys_zone=foo:10m;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
281
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
282 server {
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
283 ...
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
284
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
285 location / {
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
286 auth_jwt "closed site";
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
287 auth_jwt_key_request /jwks_uri;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
288 }
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
289
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
290 location = /jwks_uri {
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
291 internal;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
292 proxy_cache foo;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
293 proxy_pass http://idp.example.com/keys;
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
294 }
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
295 }
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
296 </example>
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
297 Several <literal>auth_jwt_key_request</literal> directives
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
298 can be specified on the same level (1.21.1):
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
299 <example>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
300 auth_jwt_key_request /jwks_uri;
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
301 auth_jwt_key_request /jwks2_uri;
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
302 </example>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
303 If at least one of the specified keys cannot be loaded or processed,
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
304 nginx will return the
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
305 <http-status code="500" text="Internal Server Error"/> error.
2304
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
306 </para>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
307
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
308 </directive>
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
309
f4b9660316c5 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2143
diff changeset
310
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
311 <directive name="auth_jwt_leeway">
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
312 <syntax><value>time</value></syntax>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
313 <default>0s</default>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
314 <context>http</context>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
315 <context>server</context>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
316 <context>location</context>
2143
231cad90a823 Corrected appeared-in version for the auth_jwt_leeway directive.
Sergey Kandaurov <pluknet@nginx.com>
parents: 2142
diff changeset
317 <appeared-in>1.13.10</appeared-in>
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
318
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
319 <para>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
320 Sets the maximum allowable leeway to compensate
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
321 clock skew when verifying the
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
322 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.4">exp</link>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
323 and
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
324 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.5">nbf</link>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
325 JWT claims.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
326 </para>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
327
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
328 </directive>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
329
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
330
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
331 <directive name="auth_jwt_type">
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
332 <syntax><value>signed</value> |
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
333 <value>encrypted</value> |
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
334 <value>nested</value></syntax>
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
335 <default>signed</default>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
336 <context>http</context>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
337 <context>server</context>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
338 <context>location</context>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
339 <context>limit_except</context>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
340 <appeared-in>1.19.7</appeared-in>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
341
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
342 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
343 Specifies which type of JSON Web Token to expect:
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
344 JWS (<literal>signed</literal>),
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
345 JWE (<literal>encrypted</literal>),
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
346 or signed and then encrypted
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
347 Nested JWT (<literal>nested</literal>) (1.21.0).
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
348 </para>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
349
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
350 </directive>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
351
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
352
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
353 <directive name="auth_jwt_require">
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
354 <syntax><value>value</value> ...</syntax>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
355 <default/>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
356 <context>http</context>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
357 <context>server</context>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
358 <context>location</context>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
359 <context>limit_except</context>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
360 <appeared-in>1.21.2</appeared-in>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
361
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
362 <para>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
363 Defines additional conditions for JWT validation.
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
364 The value can contain text, variables, and their combination.
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
365 The authentication will succeed only
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
366 if all the values are not empty and are not equal to “0”.
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
367 <example>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
368 map $jwt_claim_iss $valid_jwt_iss {
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
369 "good" 1;
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
370 }
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
371 ...
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
372
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
373 auth_jwt_require $valid_jwt_iss;
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
374 </example>
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
375 </para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
376
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
377 </directive>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
378
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
379 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
380
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
381
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
382 <section id="variables" name="Embedded Variables">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
383
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
384 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
385 The <literal>ngx_http_auth_jwt_module</literal> module
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
386 supports embedded variables:
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
387 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
388
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
389 <para>
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
390 <list type="tag" compact="yes">
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
391 <tag-name id="var_jwt_header_"><var>$jwt_header_</var><value>name</value></tag-name>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
392 <tag-desc>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
393 returns the value of a specified
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
394 <link url="https://tools.ietf.org/html/rfc7515#section-4">JOSE header</link>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
395 </tag-desc>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
396
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
397 <tag-name id="var_jwt_claim_"><var>$jwt_claim_</var><value>name</value></tag-name>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
398 <tag-desc>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
399 returns the value of a specified
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
400 <link url="https://tools.ietf.org/html/rfc7519#section-4">JWT claim</link>
2408
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
401
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
402 <para>
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
403 For nested claims and claims including a dot (“.”),
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
404 the value of the variable cannot be evaluated;
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
405 the <link id="auth_jwt_claim_set"/> directive should be used instead.
183c16ce60d0 Added info about nested claims and claims with a dot to $jwt_claim_name.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2304
diff changeset
406 </para>
2713
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
407
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
408 <para>
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
409 Variable values for tokens encrypted with JWE
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
410 are available only after decryption which occurs during the
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
411 <link doc="../dev/development_guide.xml" id="http_phases">Access</link> phase.
efb3d27dfa23 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2694
diff changeset
412 </para>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
413 </tag-desc>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
414
2768
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
415 <tag-name id="var_jwt_payload"><var>$jwt_payload</var></tag-name>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
416 <tag-desc>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
417 returns the decrypted top-level payload
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
418 of <literal>nested</literal>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
419 or <literal>encrypted</literal> tokens (1.21.2).
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
420 For nested tokens returns the enclosed JWS token.
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
421 For encrypted tokens returns JSON with claims.
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
422 </tag-desc>
9dd8c203a54a Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 2713
diff changeset
423
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
424 </list>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
425 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
426
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
427 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
428
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
429 </module>