Get JWT from other HTTP headers

TeslaGov / ngx-http-auth-jwt-module

Secure your NGINX locations with JWT

MIT License

309 stars 118 forks source link

Get JWT from other HTTP headers #79

Closed DerZade closed 1 year ago

DerZade commented 1 year ago

As far as I can see from the code, you can only load the JWT from either the Authorization header or from a cookie. Would be nice if you could also configure this module to load it from another header like the Proxy-Authorization header for example.

JoshMcCullough commented 1 year ago

Yes, I completely agree. We'd need to support the header value being just the JWT or bearer <JWT>, and allow you to specify the header name in the directive, e.g. auth_jwt_validation_type HEADER=my-header.