Mercurial > hg > nginx-site
annotate xml/en/docs/http/ngx_http_auth_jwt_module.xml @ 2142:ca7568f67dee
Sorted directives alphabetically.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 10 Apr 2018 18:39:34 +0300 |
parents | f6e578b1b02d |
children | 231cad90a823 |
rev | line source |
---|---|
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
2 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
3 <!-- |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
4 Copyright (C) Nginx, Inc. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
5 --> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
6 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
8 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 <module name="Module ngx_http_auth_jwt_module" |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
10 link="/en/docs/http/ngx_http_auth_jwt_module.html" |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
11 lang="en" |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
12 rev="6"> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
13 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 <section id="summary"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
16 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3) |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
18 implements client authorization by validating the provided |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
19 <link url="https://tools.ietf.org/html/rfc7519">JSON Web Token</link> (JWT) |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
20 using the specified keys. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
21 JWT claims must be encoded in a |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
22 <link url="https://tools.ietf.org/html/rfc7515">JSON Web Signature</link> (JWS) |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
23 structure. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
24 The module can be used for |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
25 <link url="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect</link> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
26 authentication. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
27 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
28 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
29 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
30 The module may be combined with |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
31 other access modules, such as |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
32 <link doc="ngx_http_access_module.xml">ngx_http_access_module</link>, |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
33 <link doc="ngx_http_auth_basic_module.xml">ngx_http_auth_basic_module</link>, |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
34 and |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
35 <link doc="ngx_http_auth_request_module.xml">ngx_http_auth_request_module</link>, |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
36 via the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
37 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
38 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
39 <para> |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
40 The module supports the following cryptographic |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
41 <link url="https://tools.ietf.org/html/rfc7518#section-3.1">algorithms</link>: |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
42 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
43 <list type="bullet"> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
44 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
45 <listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
46 HS256, HS384, HS512 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
47 </listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
48 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
49 <listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
50 RS256, RS384, RS512 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
51 </listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
52 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
53 <listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
54 ES256, ES384, ES512 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
55 </listitem> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
56 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
57 </list> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
58 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
59 Prior to version 1.13.7, |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
60 only HS256, RS256, ES256 algorithms were supported. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
61 </para> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
62 |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
63 <para> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
64 <note> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
65 This module is available as part of our |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
66 <commercial_version>commercial subscription</commercial_version>. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
67 </note> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
68 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
69 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
70 </section> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
71 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
72 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
73 <section id="example" name="Example Configuration"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
74 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
75 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
76 <example> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
77 location / { |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
78 auth_jwt "closed site"; |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
79 auth_jwt_key_file conf/keys.json; |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
80 } |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
81 </example> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
82 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
83 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
84 </section> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
85 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
86 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
87 <section id="directives" name="Directives"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
88 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
89 <directive name="auth_jwt"> |
1831
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
90 <syntax> |
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
91 <value>string</value> |
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
92 [<literal>token=</literal><value>$variable</value>] | |
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
93 <literal>off</literal></syntax> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
94 <default>off</default> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
95 <context>http</context> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
96 <context>server</context> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
97 <context>location</context> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
98 <context>limit_except</context> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
99 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
100 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
101 Enables validation of JSON Web Token. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
102 The specified <value>string</value> is used as a <literal>realm</literal>. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
103 Parameter value can contain variables. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
104 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
105 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
106 <para> |
1831
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
107 The optional <literal>token</literal> parameter specifies a variable |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
108 that contains JSON Web Token. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
109 By default, JWT is passed in the <header>Authorization</header> header |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
110 as a |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
111 <link url="https://tools.ietf.org/html/rfc6750">Bearer Token</link>. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
112 JWT may be also passed as a cookie or a part of a query string: |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
113 <example> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
114 auth_jwt "closed site" token=$cookie_auth_token; |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
115 </example> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
116 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
117 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
118 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
119 The special value <literal>off</literal> cancels the effect |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
120 of the <literal>auth_jwt</literal> directive |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
121 inherited from the previous configuration level. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
122 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
123 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
124 </directive> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
125 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
126 |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
127 <directive name="auth_jwt_claim_set"> |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
128 <syntax><value>$variable</value> <value>name</value> ...</syntax> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
129 <default/> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
130 <context>http</context> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
131 <appeared-in>1.11.10</appeared-in> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
132 |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
133 <para> |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
134 Sets the <value>variable</value> to a JWT claim parameter |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
135 identified by key names. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
136 Name matching starts from the top level of the JSON tree. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
137 For arrays, the variable keeps a list of array elements separated by commas. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
138 <example> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
139 location / { |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
140 auth_jwt "closed site"; |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
141 auth_jwt_key_file conf/keys.json; |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
142 auth_jwt_claim_set $email info e-mail; |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
143 auth_jwt_claim_set $job info "job title"; |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
144 } |
2082
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
145 </example> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
146 <note> |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
147 Prior to version 1.13.7, only one key name could be specified, |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
148 and the result was undefined for arrays. |
fee7627f6a5a
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1925
diff
changeset
|
149 </note> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
150 </para> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
151 |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
152 </directive> |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
153 |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
154 |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
155 <directive name="auth_jwt_header_set"> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
156 <syntax><value>$variable</value> <value>name</value> ...</syntax> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
157 <default/> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
158 <context>http</context> |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
159 <appeared-in>1.11.10</appeared-in> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
160 |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
161 <para> |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
162 Sets the <value>variable</value> to a JOSE header parameter |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
163 identified by key names. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
164 Name matching starts from the top level of the JSON tree. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
165 For arrays, the variable keeps a list of array elements separated by commas. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
166 <note> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
167 Prior to version 1.13.7, only one key name could be specified, |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
168 and the result was undefined for arrays. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
169 </note> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
170 </para> |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
171 |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
172 </directive> |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
173 |
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
174 |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
175 <directive name="auth_jwt_key_file"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
176 <syntax><value>file</value></syntax> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
177 <default/> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
178 <context>http</context> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
179 <context>server</context> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
180 <context>location</context> |
2139
f6e578b1b02d
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
2086
diff
changeset
|
181 <context>limit_except</context> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
182 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
183 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
184 Specifies a <value>file</value> in |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
185 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
186 format for validating JWT signature. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
187 Parameter value can contain variables. |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
188 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
189 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
190 </directive> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
191 |
2142
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
192 |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
193 <directive name="auth_jwt_leeway"> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
194 <syntax><value>time</value></syntax> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
195 <default>0s</default> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
196 <context>http</context> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
197 <context>server</context> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
198 <context>location</context> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
199 <appeared-in>1.13.11</appeared-in> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
200 |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
201 <para> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
202 Sets the maximum allowable leeway to compensate |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
203 clock skew when verifying the |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
204 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.4">exp</link> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
205 and |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
206 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.5">nbf</link> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
207 JWT claims. |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
208 </para> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
209 |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
210 </directive> |
ca7568f67dee
Sorted directives alphabetically.
Ruslan Ermilov <ru@nginx.com>
parents:
2139
diff
changeset
|
211 |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
212 </section> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
213 |
1831
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
214 |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
215 <section id="variables" name="Embedded Variables"> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
216 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
217 <para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
218 The <literal>ngx_http_auth_jwt_module</literal> module |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
219 supports embedded variables: |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
220 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
221 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
222 <para> |
1831
b5e416ace4bf
Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1763
diff
changeset
|
223 <list type="tag" compact="yes"> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
224 <tag-name id="var_jwt_header_"><var>$jwt_header_</var><value>name</value></tag-name> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
225 <tag-desc> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
226 returns the value of a specified |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
227 <link url="https://tools.ietf.org/html/rfc7515#section-4">JOSE header</link> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
228 </tag-desc> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
229 |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
230 <tag-name id="var_jwt_claim_"><var>$jwt_claim_</var><value>name</value></tag-name> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
231 <tag-desc> |
1925
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
232 returns the value of a specified |
a58b35cc0823
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
1831
diff
changeset
|
233 <link url="https://tools.ietf.org/html/rfc7519#section-4">JWT claim</link> |
1763
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
234 </tag-desc> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
235 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
236 </list> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
237 </para> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
238 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
239 </section> |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
240 |
a7974b8d2a23
Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
241 </module> |