A JWT authentication module for Lighttpd.
This module provides a scheme handler in accordance with RFC 6750 and a backend in accordance with RFC 7519.
$ cmake -S path/to/source -B path/to/build -DLIGHTTPD_SOURCE_DIR=path/to/lighttpd-source -DLIGHTTPD_BUILD_DIR=path/to/lighttpd-build
$ cmake --build path/to/buildIt is expected this project is built with the same artifacts (like config.h) as the lighttpd instance it'll be loaded into.
A builder is provided by the builder target in the root directory Dockerfile. A quick-build can be done like so
$ docker build path/to/repo --target=builderLoad into lighttpd with the a code snippet like
server.modules += ( "mod_auth", "mod_authn_file", "mod_authn_jwt" )
auth.backend = "jwt"
auth.backend.jwt.opts = (
"algorithm" => "RS256", # Algorithm which the token is signed
"keyfile" => "/etc/ssl/public.pem", # The public key of the issuer
"exp-leeway" => "300", # leeway in seconds for exp claim evaluation
"nbf-leeway" => "300", # leeway in seconds for nbf claim evaluation
"issuer" => "https://my-issuer.com", # iss claim is checked against this
"subject" => "user123", # sub claim is checked against this
"aud" => "https://my-client.com", # aud claim is checked against this
# General claims can be achieved like so
"claims" => (
"int-claim" => 10,
"str-claim" => "val"
),
# Complex claims can be achieved like so
"json-claims" => ("{\"nested\":{\"inner\": true}}")
)
auth.require = (
"" => (
"method" => "bearer",
"realm" => "A realm",
"require" => "valid-user"
)
)Simply run test.sh from the integration-test directory, it will build and run everything itself.
$ cd path/to/repo/integration-test
path/to/repo/integration-test$ ./test.shIndividual tests can be ran and inspected like...
path/to/repo/integration-test$ docker compose create --build
path/to/repo/integration-test$ docker start client
path/to/repo/integration-test$ docker exec client pytest test_jwt.py:test_invalidjwt
path/to/repo/integration-test$ docker logs server
path/to/repo/integration-test$ docker compose down --volumes