Closed remnin closed 2 years ago
@remnin ,
Sorry for not responding sooner. I understand that you're trying to put together a regex to decide which key to use. In the end the auth_jwt_key must be a value like this:
auth_jwt_key "-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aPPpS7ufs0bGbW9+OFQ RvJwb58fhi2BuHMd7Ys6m8D1jHW/AhDYrYVZtUnA60lxwSJ/ZKreYOQMlNyZfdqA rhYyyUkedDn8e0WsDvH+ocY0cMcxCCN5jItCwhIbIkTO6WEGrDgWTY57UfWDqbMZ 4lMn42f77OKFoxsOA6CVvpsvrprBPIRPa25H2bJHODHEtDr/H519Y681/eCyeQE/ 1ibKL2cMN49O7nRAAaUNoFcO89Uc+GKofcad1TTwtTIwmSMbCLVkzGeExBCrBTQo wO6AxLijfWV/JnVxNMUiobiKGc/PP6T5PI70Uv67Y4FzzWTuhqmREb3/BlcbPwtM oQIDAQAB -----END PUBLIC KEY-----";
Did you ever figure out an answer to this? Just to let you know, we just incorporated a new PR yesterday that adds support to specify a path to a file for the public key.
Hey @fitzyjoe , I'm trying to use the hex key version, but with a dynamic key.
auth_jwt_key "123DEF" ----> works
location ~ /filefolder/(?
As then testing my JWT's validity(signature + exp), can be used for direct file access control in nginx.
Using a variable won't work. auth_jwt_key
option is set at nginx configuration stage. A nginx variable is evaluated at runtime.
To make this work, auth_jwt_key
needs to be a complex value so that it can be evaluated at runtime .
AFAIK, fastest way is to convert auth_jwt_key
to use ngx_http_set_complex_value_slot
in ngx_http_auth_jwt_commands
and use something like following in the handler function
ngx_str_t res;
if (ngx_http_complex_value(r, &cv, &res) != NGX_OK) {
return NGX_ERROR;
}
where r = request cv = complex value pointer stored in config res = evaluated string
Also, auth_jwt_key
type will be changed to ngx_http_complex_value_t
pointer.
Great, thank you!
hi @atomsnc and @remnin can you help me understand what you did here? I have the same problem but did't understand your solution. can you elaborate on that? I am somehow new to the nginx though
Hello @farzadam ,
You can read up more on complex values here. (http://nginx.org/en/docs/dev/development_guide.html#http_complex_values)
I'm trying to combine two parts to make the JWT key: set $key "${firstPart}SecoundPart"; auth_jwt_key $key;
Not too sure if its the module that needs to interpolation the ${variable}, or the module is not able to use the referanse to $key. Or perhaps I completely missed something else.
Scenario:: I need ${firstPart} to actually be the regex'ed out part/folder(in binHex) of the url, and combine it with a secret key to use nginx to verify if client with JWT can access files in a folder. As then backend can generate JWT (with expiration of 1day) for that folder, thus giving front-end access to all needed files, without having to check complex user->group->project->file auth every time.
Thanks for making a great module!