Mercurial > hg > nginx-site

annotate xml/en/docs/http/ngx_http_auth_jwt_module.xml @ 2082:fee7627f6a5a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated docs for the upcoming NGINX Plus release.
author Ruslan Ermilov <ru@nginx.com>
date Mon, 11 Dec 2017 12:13:09 +0300
parents a58b35cc0823
children bdfbdf74fb3d
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
2
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
3 <!--
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
4 Copyright (C) Nginx, Inc.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
5 -->
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
6
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
8
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
9 <module name="Module ngx_http_auth_jwt_module"
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
10 link="/en/docs/http/ngx_http_auth_jwt_module.html"
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
11 lang="en"
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
12 rev="4">
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
13
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14 <section id="summary">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
16 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
18 implements client authorization by validating the provided
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
19 <link url="https://tools.ietf.org/html/rfc7519">JSON Web Token</link> (JWT)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
20 using the specified keys.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
21 JWT claims must be encoded in a
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
22 <link url="https://tools.ietf.org/html/rfc7515">JSON Web Signature</link> (JWS)
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
23 structure.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
24 The module can be used for
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
25 <link url="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect</link>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
26 authentication.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
27 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
28
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
29 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
30 The module may be combined with
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
31 other access modules, such as
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
32 <link doc="ngx_http_access_module.xml">ngx_http_access_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
33 <link doc="ngx_http_auth_basic_module.xml">ngx_http_auth_basic_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
34 and
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
35 <link doc="ngx_http_auth_request_module.xml">ngx_http_auth_request_module</link>,
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
36 via the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
37 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
38
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
39 <para>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
40 The module supports the following cryptographic
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
41 <link url="https://tools.ietf.org/html/rfc7518#section-3.1">algorithms</link>:
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
42
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
43 <list type="bullet">
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
44
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
45 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
46 HS256, HS384, HS512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
47 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
48
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
49 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
50 RS256, RS384, RS512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
51 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
52
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
53 <listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
54 ES256, ES384, ES512
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
55 </listitem>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
56
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
57 </list>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
58
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
59 Prior to version 1.13.7,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
60 only HS256, RS256, ES256 algorithms were supported.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
61 </para>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
62
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
63 <para>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
64 <note>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
65 This module is available as part of our
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
66 <commercial_version>commercial subscription</commercial_version>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
67 </note>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
68 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
69
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
70 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
71
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
72
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
73 <section id="example" name="Example Configuration">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
74
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
75 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
76 <example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
77 location / {
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
78 auth_jwt "closed site";
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
79 auth_jwt_key_file conf/keys.json;
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
80 }
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
81 </example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
82 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
83
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
84 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
85
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
86
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
87 <section id="directives" name="Directives">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
88
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
89 <directive name="auth_jwt">
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
90 <syntax>
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
91 <value>string</value>
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
92 [<literal>token=</literal><value>$variable</value>] |
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
93 <literal>off</literal></syntax>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
94 <default>off</default>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
95 <context>http</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
96 <context>server</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
97 <context>location</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
98
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
99 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
100 Enables validation of JSON Web Token.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
101 The specified <value>string</value> is used as a <literal>realm</literal>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
102 Parameter value can contain variables.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
103 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
104
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
105 <para>
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
106 The optional <literal>token</literal> parameter specifies a variable
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
107 that contains JSON Web Token.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
108 By default, JWT is passed in the <header>Authorization</header> header
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
109 as a
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
110 <link url="https://tools.ietf.org/html/rfc6750">Bearer Token</link>.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
111 JWT may be also passed as a cookie or a part of a query string:
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
112 <example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
113 auth_jwt "closed site" token=$cookie_auth_token;
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
114 </example>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
115 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
116
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
117 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
118 The special value <literal>off</literal> cancels the effect
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
119 of the <literal>auth_jwt</literal> directive
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
120 inherited from the previous configuration level.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
121 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
122
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
123 </directive>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
124
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
125
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
126 <directive name="auth_jwt_header_set">
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
127 <syntax><value>$variable</value> <value>name</value> ...</syntax>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
128 <default/>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
129 <context>http</context>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
130 <appeared-in>1.11.10</appeared-in>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
131
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
132 <para>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
133 Sets the <value>variable</value> to a JOSE header parameter
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
134 identified by key names.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
135 Name matching starts from the top level of the JSON tree.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
136 For arrays, the variable keeps a list of array elements separated by commas.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
137 <note>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
138 Prior to version 1.13.7, only one key name could be specified,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
139 and the result was undefined for arrays.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
140 </note>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
141 </para>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
142
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
143 </directive>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
144
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
145
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
146 <directive name="auth_jwt_claim_set">
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
147 <syntax><value>$variable</value> <value>name</value> ...</syntax>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
148 <default/>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
149 <context>http</context>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
150 <appeared-in>1.11.10</appeared-in>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
151
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
152 <para>
2082
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
153 Sets the <value>variable</value> to a JWT claim parameter
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
154 identified by key names.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
155 Name matching starts from the top level of the JSON tree.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
156 For arrays, the variable keeps a list of array elements separated by commas.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
157 <example>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
158 location / {
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
159 auth_jwt "closed site";
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
160 auth_jwt_key_file conf/keys.json;
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
161 auth_jwt_claim_set $email info e-mail;
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
162 auth_jwt_claim_set $job info "job title";
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
163 }
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
164 </example>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
165 <note>
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
166 Prior to version 1.13.7, only one key name could be specified,
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
167 and the result was undefined for arrays.
fee7627f6a5a Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1925
diff changeset
168 </note>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
169 </para>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
170
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
171 </directive>
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
172
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
173
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
174 <directive name="auth_jwt_key_file">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
175 <syntax><value>file</value></syntax>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
176 <default/>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
177 <context>http</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
178 <context>server</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
179 <context>location</context>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
180
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
181 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
182 Specifies a <value>file</value> in
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
183 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
184 format for validating JWT signature.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
185 Parameter value can contain variables.
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
186 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
187
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
188 </directive>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
189
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
190 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
191
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
192
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
193 <section id="variables" name="Embedded Variables">
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
194
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
195 <para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
196 The <literal>ngx_http_auth_jwt_module</literal> module
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
197 supports embedded variables:
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
198 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
199
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
200 <para>
1831
b5e416ace4bf Corrected style and variables description in auth_jwt.
Yaroslav Zhuravlev <yar@nginx.com>
parents: 1763
diff changeset
201 <list type="tag" compact="yes">
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
202 <tag-name id="var_jwt_header_"><var>$jwt_header_</var><value>name</value></tag-name>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
203 <tag-desc>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
204 returns the value of a specified
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
205 <link url="https://tools.ietf.org/html/rfc7515#section-4">JOSE header</link>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
206 </tag-desc>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
207
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
208 <tag-name id="var_jwt_claim_"><var>$jwt_claim_</var><value>name</value></tag-name>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
209 <tag-desc>
1925
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
210 returns the value of a specified
a58b35cc0823 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents: 1831
diff changeset
211 <link url="https://tools.ietf.org/html/rfc7519#section-4">JWT claim</link>
1763
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
212 </tag-desc>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
213
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
214 </list>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
215 </para>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
216
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
217 </section>
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
218
a7974b8d2a23 Updated docs for the upcoming NGINX Plus release.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
219 </module>