Mercurial > hg > nginx-site

comparison xml/en/docs/http/ngx_http_auth_jwt_module.xml @ 2304:f4b9660316c5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated docs for the upcoming NGINX Plus release.
author Ruslan Ermilov <ru@nginx.com>
date Mon, 10 Dec 2018 12:35:00 +0300
parents 231cad90a823
children 183c16ce60d0
comparison
equal deleted inserted replaced
2303:8da870c88c75 2304:f4b9660316c5
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
8 8
9 <module name="Module ngx_http_auth_jwt_module" 9 <module name="Module ngx_http_auth_jwt_module"
10 link="/en/docs/http/ngx_http_auth_jwt_module.html" 10 link="/en/docs/http/ngx_http_auth_jwt_module.html"
11 lang="en" 11 lang="en"
12 rev="7"> 12 rev="8">
13 13
14 <section id="summary"> 14 <section id="summary">
15 15
16 <para> 16 <para>
17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3) 17 The <literal>ngx_http_auth_jwt_module</literal> module (1.11.3)
36 via the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. 36 via the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive.
37 </para> 37 </para>
38 38
39 <para> 39 <para>
40 The module supports the following cryptographic 40 The module supports the following cryptographic
41 <link url="https://tools.ietf.org/html/rfc7518#section-3.1">algorithms</link>: 41 <link url="https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms">algorithms</link>:
42 42
43 <list type="bullet"> 43 <list type="bullet">
44 44
45 <listitem> 45 <listitem>
46 HS256, HS384, HS512 46 HS256, HS384, HS512
50 RS256, RS384, RS512 50 RS256, RS384, RS512
51 </listitem> 51 </listitem>
52 52
53 <listitem> 53 <listitem>
54 ES256, ES384, ES512 54 ES256, ES384, ES512
55 </listitem>
56
57 <listitem>
58 EdDSA (Ed25519 and Ed448 signatures) (1.15.7)
55 </listitem> 59 </listitem>
56 60
57 </list> 61 </list>
58 62
59 Prior to version 1.13.7, 63 Prior to version 1.13.7,
188 </para> 192 </para>
189 193
190 </directive> 194 </directive>
191 195
192 196
197 <directive name="auth_jwt_key_request">
198 <syntax><value>uri</value></syntax>
199 <default/>
200 <context>http</context>
201 <context>server</context>
202 <context>location</context>
203 <context>limit_except</context>
204 <appeared-in>1.15.6</appeared-in>
205
206 <para>
207 Allows retrieving a
208 <link url="https://tools.ietf.org/html/rfc7517#section-5">JSON Web Key Set</link>
209 file from a subrequest for validating JWT signature and
210 sets the URI where the subrequest will be sent to.
211 To avoid validation overhead,
212 it is recommended to cache the key file:
213 <example>
214 proxy_cache_path /data/nginx/cache levels=1 keys_zone=foo:10m;
215
216 server {
217 ...
218
219 location / {
220 auth_jwt "closed site";
221 auth_jwt_key_request /jwks_uri;
222 }
223
224 location = /jwks_uri {
225 internal;
226 proxy_cache foo;
227 proxy_pass http://idp.example.com/keys;
228 }
229 }
230 </example>
231 </para>
232
233 </directive>
234
235
193 <directive name="auth_jwt_leeway"> 236 <directive name="auth_jwt_leeway">
194 <syntax><value>time</value></syntax> 237 <syntax><value>time</value></syntax>
195 <default>0s</default> 238 <default>0s</default>
196 <context>http</context> 239 <context>http</context>
197 <context>server</context> 240 <context>server</context>