Want NGINX to authenticate incoming requests based on an OAuth2 token INCLUDING validating specific token claims e.g. "aud" audience claim, "iss" issuer claim etc.
ngx_http_auth_jwt_module (http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html) only validates the token to ensure it's signed by an expected party and validity period.
Issue is if you're using an cloud IdP (e.g. Azure AD) the above validations are insufficient as keys used to sign tokens are shared across different customer tenancies. Therefore claims in the token need to be additionally validated including the issuer, audience etc.
How can this be done with NGINX? The following module supports claims validation however is now archived: https://github.com/auth0/nginx-jwt
2.1m questions
2.1m answers
60 comments
57.0k users
