Comments (3)
lcrilly
commented on May 28, 2024
Thanks. This is already under consideration. Can you share details of your use case and why this is important?
from nginx-openid-connect.
jmiddleton
commented on May 28, 2024
I was thinking in a way to check that the token is still valid i.e. it hasn't been revoked by the idp in case of an identity theft or any other reason where the idp blocks the token. Anyway, this might not be critical if we have short-live tokens.
Having said that, I did some more research and the introspection endpoint seems more relevant in OAuth 2.0 where we have an access token and the only way to retrieve the status of the token is using this endpoint.
from nginx-openid-connect.
lcrilly
commented on May 28, 2024
A solution for OAuth 2.0 token introspection is documented here:
https://www.nginx.com/blog/validating-oauth-2-0-access-tokens-nginx/
It is possible to combine this with OpenID Connect by using auth_jwt and auth_request in the same location.
from nginx-openid-connect.
Related Issues (20)
- _codexch uses default Client ID / Secret HOT 8
- How to change redirect_base variable on Nginx side without affecting authorization flow? HOT 4
- Setting a state variable HOT 6
- Return 401 instead of redirecting to authorize endpoint HOT 2
- Add certificate‑bound access tokens support to this OIDC Reference Implementation
- Questions about [NginxPlus + nginx-openid-connect] proxy use on the intranet HOT 3
- Capture access token from IdP HOT 2
- access token and new endpoints (/login, /userinfo, /v2/logout)
- Configuration script: user info and end session endpoint HOT 1
- Docs: access token and new endpoints (/login, /userinfo, /v2/logout)
- Error in configure script when supplying secret HOT 1
- Allow extra args to be provided to the OIDC auth endpoint
- Add access token support
- Add OIDC end session endpoint and custom query params
- Add OIDC landing page for NGINX to redirect after successful OIDC login
- Add OIDC userinfo endpoint for User-Agent to obtain claims about End-User
- Enhance custom query params for OIDC authZ endpoint
- update documentation - Azure AD IdP HOT 2
- Loop 302 after expire access token HOT 5
- Issue with special character handling in redirect URI after authentication
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-openid-connect.