Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_auth_jwt_module.xml @ 2831:4add6ae1296f
Updated links to datatracker.ietf.org.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 26 Jan 2022 16:26:47 +0300 |
parents | 9dd8c203a54a |
children | b64410025027 |
comparison
equal
deleted
inserted
replaced
2830:419b081fd2fa | 2831:4add6ae1296f |
---|---|
14 <section id="summary"> | 14 <section id="summary"> |
15 | 15 |
16 <para> | 16 <para> |
17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3) | 17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3) |
18 implements client authorization by validating the provided | 18 implements client authorization by validating the provided |
19 <link url="https://tools.ietf.org/html/rfc7519">JSON Web Token</link> (JWT) | 19 <link url="https://datatracker.ietf.org/doc/html/rfc7519">JSON Web Token</link> (JWT) |
20 using the specified keys. | 20 using the specified keys. |
21 The module supports | 21 The module supports |
22 <link url="https://tools.ietf.org/html/rfc7515">JSON Web Signature</link> (JWS), | 22 <link url="https://datatracker.ietf.org/doc/html/rfc7515">JSON Web Signature</link> (JWS), |
23 <link url="https://tools.ietf.org/html/rfc7516">JSON Web Encryption</link> (JWE) | 23 <link url="https://datatracker.ietf.org/doc/html/rfc7516">JSON Web Encryption</link> (JWE) |
24 (1.19.7), and Nested JWT (1.21.0). | 24 (1.19.7), and Nested JWT (1.21.0). |
25 The module can be used for | 25 The module can be used for |
26 <link url="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect</link> | 26 <link url="http://openid.net/specs/openid-connect-core-1_0.html">OpenID Connect</link> |
27 authentication. | 27 authentication. |
28 </para> | 28 </para> |
159 <para> | 159 <para> |
160 The optional <literal>token</literal> parameter specifies a variable | 160 The optional <literal>token</literal> parameter specifies a variable |
161 that contains JSON Web Token. | 161 that contains JSON Web Token. |
162 By default, JWT is passed in the <header>Authorization</header> header | 162 By default, JWT is passed in the <header>Authorization</header> header |
163 as a | 163 as a |
164 <link url="https://tools.ietf.org/html/rfc6750">Bearer Token</link>. | 164 <link url="https://datatracker.ietf.org/doc/html/rfc6750">Bearer Token</link>. |
165 JWT may be also passed as a cookie or a part of a query string: | 165 JWT may be also passed as a cookie or a part of a query string: |
166 <example> | 166 <example> |
167 auth_jwt "closed site" token=$cookie_auth_token; | 167 auth_jwt "closed site" token=$cookie_auth_token; |
168 </example> | 168 </example> |
169 </para> | 169 </para> |
237 <context>location</context> | 237 <context>location</context> |
238 <context>limit_except</context> | 238 <context>limit_except</context> |
239 | 239 |
240 <para> | 240 <para> |
241 Specifies a <value>file</value> in | 241 Specifies a <value>file</value> in |
242 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link> | 242 <link url="https://datatracker.ietf.org/doc/html/rfc7517#section-5">JSON Web Key Set</link> |
243 format for validating JWT signature. | 243 format for validating JWT signature. |
244 Parameter value can contain variables. | 244 Parameter value can contain variables. |
245 </para> | 245 </para> |
246 | 246 |
247 <para> | 247 <para> |
268 <context>limit_except</context> | 268 <context>limit_except</context> |
269 <appeared-in>1.15.6</appeared-in> | 269 <appeared-in>1.15.6</appeared-in> |
270 | 270 |
271 <para> | 271 <para> |
272 Allows retrieving a | 272 Allows retrieving a |
273 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link> | 273 <link url="https://datatracker.ietf.org/doc/html/rfc7517#section-5">JSON Web Key Set</link> |
274 file from a subrequest for validating JWT signature and | 274 file from a subrequest for validating JWT signature and |
275 sets the URI where the subrequest will be sent to. | 275 sets the URI where the subrequest will be sent to. |
276 Parameter value can contain variables. | 276 Parameter value can contain variables. |
277 To avoid validation overhead, | 277 To avoid validation overhead, |
278 it is recommended to cache the key file: | 278 it is recommended to cache the key file: |
317 <appeared-in>1.13.10</appeared-in> | 317 <appeared-in>1.13.10</appeared-in> |
318 | 318 |
319 <para> | 319 <para> |
320 Sets the maximum allowable leeway to compensate | 320 Sets the maximum allowable leeway to compensate |
321 clock skew when verifying the | 321 clock skew when verifying the |
322 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.4">exp</link> | 322 <link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4">exp</link> |
323 and | 323 and |
324 <link url="https://tools.ietf.org/html/rfc7519#section-4.1.5">nbf</link> | 324 <link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5">nbf</link> |
325 JWT claims. | 325 JWT claims. |
326 </para> | 326 </para> |
327 | 327 |
328 </directive> | 328 </directive> |
329 | 329 |
389 <para> | 389 <para> |
390 <list type="tag" compact="yes"> | 390 <list type="tag" compact="yes"> |
391 <tag-name id="var_jwt_header_"><var>$jwt_header_</var><value>name</value></tag-name> | 391 <tag-name id="var_jwt_header_"><var>$jwt_header_</var><value>name</value></tag-name> |
392 <tag-desc> | 392 <tag-desc> |
393 returns the value of a specified | 393 returns the value of a specified |
394 <link url="https://tools.ietf.org/html/rfc7515#section-4">JOSE header</link> | 394 <link url="https://datatracker.ietf.org/doc/html/rfc7515#section-4">JOSE header</link> |
395 </tag-desc> | 395 </tag-desc> |
396 | 396 |
397 <tag-name id="var_jwt_claim_"><var>$jwt_claim_</var><value>name</value></tag-name> | 397 <tag-name id="var_jwt_claim_"><var>$jwt_claim_</var><value>name</value></tag-name> |
398 <tag-desc> | 398 <tag-desc> |
399 returns the value of a specified | 399 returns the value of a specified |
400 <link url="https://tools.ietf.org/html/rfc7519#section-4">JWT claim</link> | 400 <link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4">JWT claim</link> |
401 | 401 |
402 <para> | 402 <para> |
403 For nested claims and claims including a dot (“.”), | 403 For nested claims and claims including a dot (“.”), |
404 the value of the variable cannot be evaluated; | 404 the value of the variable cannot be evaluated; |
405 the <link id="auth_jwt_claim_set"/> directive should be used instead. | 405 the <link id="auth_jwt_claim_set"/> directive should be used instead. |