Hello,
What I am trying to achieve: Serve downloadable content from one host behind Nginx based on the condition the user has a valid token. Basically I would like to serve the files only when the token is validated.
I'm using Nginx not Nginx+.
User -> auth request (send user:pass:grant_type etc. to API) to fetch a token from server A.
User -> send the token acquired from interaction with server A to server B for authentication to get authorization to download files from server B.
Server B running Nginx: Validate the token and if it's good allow the user to download the files.
Server A is running keycloak. The goal is to have any and all services use keycloak as the central authentication and authorization point.
Is there a way to have Nginx pass that token to Keycloak for validation before allowing access to those files.
Thanks in advance.
Sa
Hi,
hope you're doing well.
On Thu, Nov 10, 2022 at 10:30:58PM +0100, SA Squared wrote:
[...]
> Is there a way to have Nginx pass that token to Keycloak for
> validation before allowing access to those files.
Here's the link [1] to the reference implementation of OpenID Connect
integration with NGINX Plus, the solution utilizes auth_jwt directive [2],
of the ngx_http_auth_jwt_module [3], key-value module [4], and
nginx javascript module [5].
References
1. https://github.com/nginxinc/nginx-openid-connect
2. http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt
3. http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html
4. http://nginx.org/en/docs/http/ngx_http_keyval_module.html
5. http://nginx.org/en/docs/njs/
Hope that helps.
--
Sergey A. Osokin