nginxinc / nginx-openid-connect

Reference implementation of OpenID Connect integration for NGINX Plus
https://www.nginx.com/products/nginx/
Other
198 stars 94 forks source link

Having issues while trying to protect server with OIDC RP #32

Open b-rajesh opened 3 years ago

b-rajesh commented 3 years ago

Hi

When i am trying to protect the server (instead of location) with OIDC RP reference implementation , login flow is not kicking off. It works fine if we have the following defined in the location block works fine as mentioned in the reference implementation error_page 401 = @do_oidc_flow; auth_jwt "authz" token=$session_jwt; auth_jwt_key_request /_jwks_uri; # Enable when using filename

Since the auth_jwt is defined in the server block , the named location is also being protected . I was directed to use auth_jwt off; in the openid_connect.server_conf

Can we fix the openid_connect.server_conf to have the same ? though the reference implementation doesn't have this challenge, it would helpful if anyone wanted to protect the whole server to with the given config.

tippexs commented 3 years ago

Hi @b-rajesh sorry for the late response. As discussed back in July I do not have any security concerns disabling the jwt protection for the locations handling the authentication.

Did you do any testing with the suggested solution?