Skip to content

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

License

Notifications You must be signed in to change notification settings

ubergarm/openresty-nginx-jwt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

openresty-nginx-jwt

License

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

An easy way to setup JWT Bearer Token authorization for any API endpoint, reverse proxy service, or location block without having to touch your server-side code.

Run

This example uses the secret, token, and claims from jwt.io:

Server:

docker run --rm \
           -it \
           -e JWT_SECRET=secret \
           -v `pwd`/nginx.conf:/nginx.conf \
           -v `pwd`/bearer.lua:/bearer.lua \
           -p 8080:8080 \
           ubergarm/openresty-nginx-jwt

Client:

# apt-get install httpie || brew install httpie
http --print HBhb localhost:8080/secure/ "Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
# token as url argument
http --print HBhb localhost:8080/secure/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
# token as cookie
http --print HBhb localhost:8080/secure/ "Cookie:token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"

Configure

Edit nginx.conf to setup your custom location blocks.

Edit bearer.lua or create new lua scripts to meet your specific needs for each location block.

Restart a container and volume mount in all of the required configuration.

Build

To update or build a custom image edit the Dockerfile and:

docker build -t ubergarm/openresty-nginx-jwt .

Note

I originally tried to get auth0/nginx-jwt working, but even the newer forks are not as straight forward as simply using lua-resty-jwt rock directly.

If you're looking for something beyond just JWT auth, check out kong for all your API middleware plugin needs!

Also Caddy might be faster for a simple project.

References