Does this support Nginx oss?

[satscreate]

Does this module support for oss too? may be a part of it? Also i would really like to know how do i protect my API (GET, POST ) calls with this approach? Here is the idea!

1. Client calls nginx get the access_token & id_token
2. Add those tokens to subsequent calls in client POST | GET req

Will that be possible with this module? and the same can be validated when the POST | GET req hits nginx.

[magicalyak]

This only supports plus leveraging the native jwt auth provided. The api can be easily protected to on plus.

[lcrilly]

The original implementation (R15 branch) sent the actual id_token/access_token to the client as a cookie: https://github.com/nginxinc/nginx-openid-connect/blob/R15/openid_connect.server_conf#L19 https://github.com/nginxinc/nginx-openid-connect/blob/R15/openid_connect.js#L69

This is similar to what you are looking for with step 1 of your idea.

More recent implementations use the NGINX Plus key value store as a token cache so that the client never receives the actual token.

In both case, the JWT validation is a NGINX Plus feature. If you can perform the token validation another way (e.g. using auth_request for introspection) then you could adapt the R15 code to work with NGINX open source.

[rebecca-sich]

Hi all, I understand this exact Setup only works with NGINX plus but can anyone point me to any resources for a way to do something similar with NGINX OSs. I have NGINX serving as a reverse proxy for a Flask app that I want protected by Okta and can't seem to find any good resources.

Thank you.

[lcrilly]

I have NGINX serving as a reverse proxy for a Flask app that I want protected by Okta and can't seem to find any good resources.

Okta have their own NGINX integration guides here https://www.okta.com/integrations/nginx-as-api-gateway/