Skip to content
/ openresty-nginx-jwt Public
forked from ubergarm/openresty-nginx-jwt

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

License

Apache-2.0 license
1 star 30 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hguerra/openresty-nginx-jwt

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

bearer.lua

bearer.lua

 
 

nginx.conf

nginx.conf

 
 

Repository files navigation

openresty-nginx-jwt

License

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

An easy way to setup JWT Bearer Token authorization for any API endpoint, reverse proxy service, or location block without having to touch your server-side code.

Run

This example uses the secret, token, and claims from jwt.io:

Server:

docker run --rm \
           -it \
           -e JWT_SECRET=secret \
           -e JWT_ISS=domain.com \
           -v `pwd`/nginx.conf:/nginx.conf \
           -v `pwd`/bearer.lua:/bearer.lua \
           -p 8080:8080 \
           heitorcarneiro/openresty-nginx-jwt:1.21.4.1-6-alpine-fat

Generate JWT for testing:

http://jwtbuilder.jamiekurtz.com/

Example:

{
    "iss": "domain.com",
    "iat": 1681770906,
    "exp": 1681777666,
    "aud": "www.example.com",
    "sub": "heitor@example.com",
    "name": "heitor",
    "email": "heitor@example.com",
    "r": [
        "viewer",
        "accessapproval.approver"
    ]
}

Client:

curl -i -X GET http://localhost:8080/request -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkb21haW4uY29tIiwiaWF0IjoxNjgxNzcwOTA2LCJleHAiOjE2ODE3Nzc2NjYsImF1ZCI6Ind3dy5leGFtcGxlLmNvbSIsInN1YiI6ImhlaXRvckBleGFtcGxlLmNvbSIsIm5hbWUiOiJoZWl0b3IiLCJlbWFpbCI6ImhlaXRvckBleGFtcGxlLmNvbSIsInIiOlsidmlld2VyIiwiYWNjZXNzYXBwcm92YWwuYXBwcm92ZXIiXX0.r73ZjmC1fBsVDfRve1A9-84E4LhqhOIiL5fszzpD10c'

curl -i -X GET http://localhost:8080/request?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkb21haW4uY29tIiwiaWF0IjoxNjgxNzcwOTA2LCJleHAiOjE2ODE3Nzc2NjYsImF1ZCI6Ind3dy5leGFtcGxlLmNvbSIsInN1YiI6ImhlaXRvckBleGFtcGxlLmNvbSIsIm5hbWUiOiJoZWl0b3IiLCJlbWFpbCI6ImhlaXRvckBleGFtcGxlLmNvbSIsInIiOlsidmlld2VyIiwiYWNjZXNzYXBwcm92YWwuYXBwcm92ZXIiXX0.r73ZjmC1fBsVDfRve1A9-84E4LhqhOIiL5fszzpD10c

Configure

Edit nginx.conf to setup your custom location blocks.

Edit bearer.lua or create new lua scripts to meet your specific needs for each location block.

Restart a container and volume mount in all of the required configuration.

Build

To update or build a custom image edit the Dockerfile and:

docker build -t heitorcarneiro/openresty-nginx-jwt:1.21.4.1-6-alpine-fat .

Note

I originally tried to get auth0/nginx-jwt working, but even the newer forks are not as straight forward as simply using lua-resty-jwt rock directly.

If you're looking for something beyond just JWT auth, check out kong for all your API middleware plugin needs!

Also Caddy might be faster for a simple project.

References

About

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

Topics

docker nginx jwt openresty lua-resty-jwt

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Lua 59.3%
  • Makefile 34.6%
  • Dockerfile 6.1%