if res.scope ~= "edit" then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
How would the user be redirect back to relevant openid-connect/auth end point when the above scope validation fail? The above example simply returns forbidden back to user which isn't actionable.
For context at our organisation we have a different scope depending on if 2FA login is required or not. Therefore sometimes the users are issued non-2FA JWT token, and I would like to force the user to login with 2FA. So ideally I'd like to validate the token, and if non-2FA scope is present, force a redirect back to openid (with the correct scope) to allow login with 2FA.
Question related to token validation:
In the example given:
How would the user be redirect back to relevant openid-connect/auth end point when the above scope validation fail? The above example simply returns forbidden back to user which isn't actionable.
For context at our organisation we have a different scope depending on if 2FA login is required or not. Therefore sometimes the users are issued non-2FA JWT token, and I would like to force the user to login with 2FA. So ideally I'd like to validate the token, and if non-2FA scope is present, force a redirect back to openid (with the correct scope) to allow login with 2FA.