Module ngx_http_auth_jwt_module
| Example Configuration Directives auth_jwt auth_jwt_key_file Embedded Variables |
The ngx_http_auth_jwt_module module (1.11.3)
implements client authorization by validating the provided
JSON Web Token (JWT)
using the specified keys.
JWT claims must be encoded in a
JSON Web Signature (JWS)
structure.
The module can be used for
OpenID Connect
authentication.
The module may be combined with other access modules, such as ngx_http_access_module, ngx_http_auth_basic_module, and ngx_http_auth_request_module, via the satisfy directive.
This module is available as part of our commercial subscription.
Example Configuration
location / {
auth_jwt "closed site";
auth_jwt_key_file conf/keys.json;
}
Directives
| Syntax: |
auth_jwt
|
|---|---|
| Default: |
auth_jwt off; |
| Context: |
http, server, location |
Enables validation of JSON Web Token.
The specified string is used as a realm.
Parameter value can contain variables.
The optional token parameter specifies a variable
that contains JSON Web Token.
By default, JWT is passed in the “Authorization” header
as a
Bearer Token.
JWT may be also passed as a cookie or a part of a query string:
auth_jwt "closed site" token=$cookie_auth_token;
The special value off cancels the effect
of the auth_jwt directive
inherited from the previous configuration level.
| Syntax: |
auth_jwt_key_file |
|---|---|
| Default: | — |
| Context: |
http, server, location |
Specifies a file in
JSON Web Key Set
format for validating JWT signature.
Parameter value can contain variables.
Embedded Variables
The ngx_http_auth_jwt_module module
supports embedded variables.
Variables that return JWT claims:
$jwt_claim_aud- audience
$jwt_claim_email$jwt_claim_exp- expiration time
$jwt_claim_iat- issued at
$jwt_claim_iss- issuer
$jwt_claim_jti- JWT ID
$jwt_claim_nbf- not-before
$jwt_claim_sub- subject
Variables that return parameters of JOSE header:
$jwt_header_alg- algorithm
$jwt_header_cty- content type
$jwt_header_enc- encryption algorithm
$jwt_header_kid- key ID
$jwt_header_typ- type