Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
421 views
in Technique[技术] by (71.8m points)

NGINX JWT authentication validating specific JWT Claims (iss, aud etc)

Want NGINX to authenticate incoming requests based on an OAuth2 token INCLUDING validating specific token claims e.g. "aud" audience claim, "iss" issuer claim etc.

ngx_http_auth_jwt_module (http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html) only validates the token to ensure it's signed by an expected party and validity period.

Issue is if you're using an cloud IdP (e.g. Azure AD) the above validations are insufficient as keys used to sign tokens are shared across different customer tenancies. Therefore claims in the token need to be additionally validated including the issuer, audience etc.

How can this be done with NGINX? The following module supports claims validation however is now archived: https://github.com/auth0/nginx-jwt

question from:https://stackoverflow.com/questions/65713529/nginx-jwt-authentication-validating-specific-jwt-claims-iss-aud-etc

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...