Mercurial > hg > nginx-site

annotate xml/en/docs/http/ngx_http_auth_jwt_module.xml @ 2142:ca7568f67dee

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Sorted directives alphabetically.
author Ruslan Ermilov <ru@nginx.com>
date Tue, 10 Apr 2018 18:39:34 +0300
parents f6e578b1b02d
children 231cad90a823
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
2
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
3 <!--
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
4 Copyright (C) Nginx, Inc.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
5 -->
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
6
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
8
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
9 <module name="Module ngx_http_auth_jwt_module"
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
10 link="/en/docs/http/ngx_http_auth_jwt_module.html"
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
11 lang="en"
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
12 rev="6">
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
13
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14 <section id="summary">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
16 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
18 implements client authorization by validating the provided
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
19 <link url="https://tools.ietf.org/html/rfc7519">JSON Web Token</link> (JWT)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
20 using the specified keys.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
21 JWT claims must be encoded in a
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
22 <link url="https://tools.ietf.org/html/rfc7515">JSON Web Signature</link> (JWS)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
23 structure.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
24 The module can be used for
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
25 <link url="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect</link>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
26 authentication.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
27 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
28
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
29 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
30 The module may be combined with
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
31 other access modules, such as
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
32 <link doc="ngx_http_access_module.xml">ngx_http_access_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
33 <link doc="ngx_http_auth_basic_module.xml">ngx_http_auth_basic_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
34 and
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
35 <link doc="ngx_http_auth_request_module.xml">ngx_http_auth_request_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
36 via the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
37 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
38
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
39 <para>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
40 The module supports the following cryptographic
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
41 <link url="https://tools.ietf.org/html/rfc7518#section-3.1">algorithms</link>:
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
42
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
43 <list type="bullet">
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
44
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
45 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
46 HS256, HS384, HS512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
47 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
48
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
49 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
50 RS256, RS384, RS512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
51 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
52
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
53 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
54 ES256, ES384, ES512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
55 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
56
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
57 </list>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
58
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
59 Prior to version 1.13.7,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
60 only HS256, RS256, ES256 algorithms were supported.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
61 </para>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
62
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
63 <para>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
64 <note>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
65 This module is available as part of our
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
66 <commercial_version>commercial subscription</commercial_version>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
67 </note>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
68 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
69
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
70 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
71
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
72
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
73 <section id="example" name="Example Configuration">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
74
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
75 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
76 <example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
77 location / {
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
78 auth_jwt "closed site";
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
79 auth_jwt_key_file conf/keys.json;
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
80 }
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
81 </example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
82 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
83
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
84 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
85
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
86
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
87 <section id="directives" name="Directives">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
88
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
89 <directive name="auth_jwt">
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
90 <syntax>
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
91 <value>string</value>
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
92 [<literal>token=</literal><value>$variable</value>] |
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
93 <literal>off</literal></syntax>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
94 <default>off</default>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
95 <context>http</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
96 <context>server</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
97 <context>location</context>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
98 <context>limit_except</context>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
99
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
100 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
101 Enables validation of JSON Web Token.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
102 The specified <value>string</value> is used as a <literal>realm</literal>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
103 Parameter value can contain variables.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
104 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
105
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
106 <para>
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
107 The optional <literal>token</literal> parameter specifies a variable
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
108 that contains JSON Web Token.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
109 By default, JWT is passed in the <header>Authorization</header> header
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
110 as a
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
111 <link url="https://tools.ietf.org/html/rfc6750">Bearer Token</link>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
112 JWT may be also passed as a cookie or a part of a query string:
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
113 <example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
114 auth_jwt "closed site" token=$cookie_auth_token;
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
115 </example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
116 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
117
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
118 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
119 The special value <literal>off</literal> cancels the effect
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
120 of the <literal>auth_jwt</literal> directive
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
121 inherited from the previous configuration level.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
122 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
123
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
124 </directive>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
125
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
126
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
127 <directive name="auth_jwt_claim_set">
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
128 <syntax><value>$variable</value> <value>name</value> ...</syntax>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
129 <default/>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
130 <context>http</context>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
131 <appeared-in>1.11.10</appeared-in>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
132
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
133 <para>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
134 Sets the <value>variable</value> to a JWT claim parameter
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
135 identified by key names.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
136 Name matching starts from the top level of the JSON tree.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
137 For arrays, the variable keeps a list of array elements separated by commas.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
138 <example>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
139 location / {
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
140 auth_jwt "closed site";
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
141 auth_jwt_key_file conf/keys.json;
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
142 auth_jwt_claim_set $email info e-mail;
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
143 auth_jwt_claim_set $job info "job title";
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
144 }
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
145 </example>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
146 <note>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
147 Prior to version 1.13.7, only one key name could be specified,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
148 and the result was undefined for arrays.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
149 </note>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
150 </para>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
151
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
152 </directive>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
153
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
154
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
155 <directive name="auth_jwt_header_set">
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
156 <syntax><value>$variable</value> <value>name</value> ...</syntax>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
157 <default/>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
158 <context>http</context>
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
159 <appeared-in>1.11.10</appeared-in>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
160
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
161 <para>
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
162 Sets the <value>variable</value> to a JOSE header parameter
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
163 identified by key names.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
164 Name matching starts from the top level of the JSON tree.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
165 For arrays, the variable keeps a list of array elements separated by commas.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
166 <note>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
167 Prior to version 1.13.7, only one key name could be specified,
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
168 and the result was undefined for arrays.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
169 </note>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
170 </para>
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
171
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
172 </directive>
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
173
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
174
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
175 <directive name="auth_jwt_key_file">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
176 <syntax><value>file</value></syntax>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
177 <default/>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
178 <context>http</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
179 <context>server</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
180 <context>location</context>
2139
f6e578b1b02d Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 2086
diff changeset
181 <context>limit_except</context>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
182
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
183 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
184 Specifies a <value>file</value> in
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
185 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
186 format for validating JWT signature.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
187 Parameter value can contain variables.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
188 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
189
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
190 </directive>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
191
2142
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
192
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
193 <directive name="auth_jwt_leeway">
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
194 <syntax><value>time</value></syntax>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
195 <default>0s</default>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
196 <context>http</context>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
197 <context>server</context>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
198 <context>location</context>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
199 <appeared-in>1.13.11</appeared-in>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
200
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
201 <para>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
202 Sets the maximum allowable leeway to compensate
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
203 clock skew when verifying the
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
204 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.4">exp</link>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
205 and
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
206 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.5">nbf</link>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
207 JWT claims.
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
208 </para>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
209
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
210 </directive>
ca7568f67dee Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents: 2139
diff changeset
211
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
212 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
213
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
214
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
215 <section id="variables" name="Embedded Variables">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
216
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
217 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
218 The <literal>ngx_http_auth_jwt_module</literal> module
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
219 supports embedded variables:
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
220 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
221
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
222 <para>
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
223 <list type="tag" compact="yes">
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
224 <tag-name id="var_jwt_header_"><var>$jwt_header_</var><value>name</value></tag-name>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
225 <tag-desc>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
226 returns the value of a specified
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
227 <link url="https://tools.ietf.org/html/rfc7515#section-4">JOSE header</link>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
228 </tag-desc>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
229
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
230 <tag-name id="var_jwt_claim_"><var>$jwt_claim_</var><value>name</value></tag-name>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
231 <tag-desc>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
232 returns the value of a specified
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
233 <link url="https://tools.ietf.org/html/rfc7519#section-4">JWT claim</link>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
234 </tag-desc>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
235
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
236 </list>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
237 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
238
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
239 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
240
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
241 </module>