Passing variable to auth_jwt_key does not work

[remnin]

I'm trying to combine two parts to make the JWT key: set $key "${firstPart}SecoundPart"; auth_jwt_key $key;

Not too sure if its the module that needs to interpolation the ${variable}, or the module is not able to use the referanse to $key. Or perhaps I completely missed something else.

Scenario:: I need ${firstPart} to actually be the regex'ed out part/folder(in binHex) of the url, and combine it with a secret key to use nginx to verify if client with JWT can access files in a folder. As then backend can generate JWT (with expiration of 1day) for that folder, thus giving front-end access to all needed files, without having to check complex user->group->project->file auth every time.

Thanks for making a great module!

[fitzyjoe]

@remnin ,

Sorry for not responding sooner. I understand that you're trying to put together a regex to decide which key to use. In the end the auth_jwt_key must be a value like this:

auth_jwt_key "-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aPPpS7ufs0bGbW9+OFQ RvJwb58fhi2BuHMd7Ys6m8D1jHW/AhDYrYVZtUnA60lxwSJ/ZKreYOQMlNyZfdqA rhYyyUkedDn8e0WsDvH+ocY0cMcxCCN5jItCwhIbIkTO6WEGrDgWTY57UfWDqbMZ 4lMn42f77OKFoxsOA6CVvpsvrprBPIRPa25H2bJHODHEtDr/H519Y681/eCyeQE/ 1ibKL2cMN49O7nRAAaUNoFcO89Uc+GKofcad1TTwtTIwmSMbCLVkzGeExBCrBTQo wO6AxLijfWV/JnVxNMUiobiKGc/PP6T5PI70Uv67Y4FzzWTuhqmREb3/BlcbPwtM oQIDAQAB -----END PUBLIC KEY-----";

Did you ever figure out an answer to this? Just to let you know, we just incorporated a new PR yesterday that adds support to specify a path to a file for the public key.

[remnin]

Hey @fitzyjoe , I'm trying to use the hex key version, but with a dynamic key.

auth_jwt_key "123DEF" ----> works

location ~ /filefolder/(?[^\/]+)/ { auth_jwt_key "${hexId}123DEF" ----> fails OR set $key "${hexId}123DEF"; auth_jwt_key $key; ----> fails

As then testing my JWT's validity(signature + exp), can be used for direct file access control in nginx.

[atomsnc]

Using a variable won't work. auth_jwt_key option is set at nginx configuration stage. A nginx variable is evaluated at runtime. To make this work, auth_jwt_key needs to be a complex value so that it can be evaluated at runtime .

AFAIK, fastest way is to convert auth_jwt_key to use ngx_http_set_complex_value_slot in ngx_http_auth_jwt_commands and use something like following in the handler function

ngx_str_t  res;

if (ngx_http_complex_value(r, &cv, &res) != NGX_OK) {
    return NGX_ERROR;
}

where r = request cv = complex value pointer stored in config res = evaluated string

Also, auth_jwt_key type will be changed to ngx_http_complex_value_t pointer.

[remnin]

Great, thank you!

[farzadam]

hi @atomsnc and @remnin can you help me understand what you did here? I have the same problem but did't understand your solution. can you elaborate on that? I am somehow new to the nginx though

[atomsnc]

Hello @farzadam ,

You can read up more on complex values here. (http://nginx.org/en/docs/dev/development_guide.html#http_complex_values)