Light

ubergarm / openresty-nginx-jwt Goto Github PK

View Code? Open in Web Editor NEW

90.0 3.0 30.0 13 KB

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

License: Apache License 2.0

Lua 91.01% Dockerfile 8.99%

reverse-proxy jwt-bearer nginx-jwt authorization openresty-module luarocks

openresty-nginx-jwt's Introduction

openresty-nginx-jwt

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

An easy way to setup JWT Bearer Token authorization for any API endpoint, reverse proxy service, or location block without having to touch your server-side code.

Run

This example uses the secret, token, and claims from jwt.io:

Server:

docker run --rm \
           -it \
           -e JWT_SECRET=secret \
           -v `pwd`/nginx.conf:/nginx.conf \
           -v `pwd`/bearer.lua:/bearer.lua \
           -p 8080:8080 \
           ubergarm/openresty-nginx-jwt

Client:

# apt-get install httpie || brew install httpie
http --print HBhb localhost:8080/secure/ "Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
# token as url argument
http --print HBhb localhost:8080/secure/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
# token as cookie
http --print HBhb localhost:8080/secure/ "Cookie:token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"

Configure

Edit nginx.conf to setup your custom location blocks.

Edit bearer.lua or create new lua scripts to meet your specific needs for each location block.

Restart a container and volume mount in all of the required configuration.

Build

To update or build a custom image edit the Dockerfile and:

docker build -t ubergarm/openresty-nginx-jwt .

Note

I originally tried to get auth0/nginx-jwt working, but even the newer forks are not as straight forward as simply using lua-resty-jwt rock directly.

If you're looking for something beyond just JWT auth, check out kong for all your API middleware plugin needs!

Also Caddy might be faster for a simple project.

References

openresty-nginx-jwt's People

Contributors

Stargazers

Watchers

openresty-nginx-jwt's Issues

SkyLothar is abandonware

Wanted to point you to a fork of it that is currently maintained: https://github.com/cdbattags/lua-resty-jwt

manifest for ubergarm/openresty-nginx-jwt:latest not found

This just started recently for me. Any ideas what may be causing this?

Best practice to validate multiple JWT

Hi

What is the best practice to validate multiple JWT?

I've a lot of users and each user have a personal JWT; each user can access to one o more 'location'/'route'.
Should I create, for example, a dedicated bearer.lua for each user?

Thank you,
Valentino

JWT_SECRET doesn't work in other cases

I see this repo works completely fine when I used JWT_SECRET="secret" & authenticate using CURL command/ in the Web URL by the token which is in Read.me file.

But, then there is a scenario, I have JWT token ready with me & I validated it on jwt.io using JWKS JSON key. I tried to copy JWKS key & hardcode as of now in place of JWT_SECRET just to make sure everything works fine. But then when I hit the url with ?token=<JWT_TOKEN>, it's showing me Decode Secret is not a valid cert/public key & I am not able to validate this.

Is there any way, I can use JWT_SECRET in my own & validate with the JWT_TOKEN to be sure this repo works with custom secrets & all.

Please let me know how can I generate random secret key against a token or something else. My main goal is to validate against the JWT token I have currently.

Alpine Version

hi there

the TODO in your README.md is fixed by using openresty/openresty:alpine-fat instead of the base alpine version (see explanation)

I ran into the exact same problem yesterday. I had to customize your work further, resulting in a different project. I think my changes wouldn't fit your project's intentions as they tackle a few more problems I ran into during development.
But, I could of course create some PRs, if you want to?

Anyhow.... TLDR: use openresty/openresty:alpine-fat instead of "openresty/openresty:alpine"

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.