Open mariosdimitradis opened 8 months ago
In the past I've tried very hard to get this working, but it appears to be a limitation of NGINX.
Here is a workaround, if you're willing to use njs.
Define a JS function to extract the desired field from the JWT, like in the nginx njs example.
Then you can use this ngx-http-auth-jwt-module
to validate the JWT, and use the JS to extract the variable in a usable form. For example, this applies authorization based on the sub
claim:
js_path "/etc/nginx/njs/";
js_import main from /etc/nginx/your.js;
js_set $jwt_payload_sub main.jwt_payload_sub;
map $jwt_payload_sub $authorized_user {
default 0;
include /etc/nginx/auth/users;
}
server {
listen 8173;
auth_jwt_use_keyfile on;
auth_jwt_algorithm RS256;
auth_jwt_keyfile_path "/etc/nginx/auth/pub_key.pem";
auth_jwt_location COOKIE=__Secure-auth;
auth_jwt_validate_sub on;
location / {
auth_jwt_enabled on;
if ($authorized_user = 0) {
return 403;
}
proxy_pass ...
}
I imagine the performance is terrible compared to native code, but it seems to work well enough for my present purposes.
I raised a PR to make this work in-module, and extended the tests to cover: https://github.com/TeslaGov/ngx-http-auth-jwt-module/pull/113
First of all, thank you for this module. I currently facing some issues and need some help to make it work for me.
The JWT-Token looks like this: Header:
Payload:
The Nginx vHost configurations looks like this:
This is working fine without any issues. When I try to access $http_jwt_custgroup in if-statement or return it is not working.
Example:
The above httpjwt* variables works also can be also added to the header with add_header. I also tried to set a new variable with
set $myVar $http_jwt_custgroup;
, but also not working.Are any limitations? The Example from the README.md file is also not working for me.