{"id":24839524,"url":"https://github.com/OpenIDC/ngx_oauth2_module","last_synced_at":"2025-10-14T13:30:58.791Z","repository":{"id":40695826,"uuid":"177124892","full_name":"OpenIDC/ngx_oauth2_module","owner":"OpenIDC","description":"OAuth 2.x Resource Server module for NGINX","archived":false,"fork":false,"pushed_at":"2024-08-22T11:34:15.000Z","size":50,"stargazers_count":15,"open_issues_count":0,"forks_count":12,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-22T13:02:52.382Z","etag":null,"topics":["c","nginx","nginx-module","oauth","oauth2","oauth2-resource-server"],"latest_commit_sha":null,"homepage":"","language":"M4","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpenIDC.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-22T11:03:00.000Z","updated_at":"2024-08-22T11:31:26.000Z","dependencies_parsed_at":"2024-01-02T11:34:31.214Z","dependency_job_id":"eb8e3862-3453-4a10-8ae6-09ff47fc6fd0","html_url":"https://github.com/OpenIDC/ngx_oauth2_module","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenIDC%2Fngx_oauth2_module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenIDC%2Fngx_oauth2_module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenIDC%2Fngx_oauth2_module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenIDC%2Fngx_oauth2_module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpenIDC","download_url":"https://codeload.github.com/OpenIDC/ngx_oauth2_module/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":236476439,"owners_count":19154817,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","nginx","nginx-module","oauth","oauth2","oauth2-resource-server"],"created_at":"2025-01-31T06:48:44.124Z","updated_at":"2025-10-14T13:30:53.458Z","avatar_url":"https://github.com/OpenIDC.png","language":"M4","funding_links":[],"categories":["Relying Parties (RP) Libraries"],"sub_categories":["C"],"readme":"[![Build Status](https://github.com/OpenIDC/ngx_oauth2_module/actions/workflows/build.yml/badge.svg)](https://github.com/OpenIDC/ngx_oauth2_module/actions/workflows/build.yml)\n\n# ngx_oauth2_module\n\nA module for the NGINX web server that makes NGINX operate as an OAuth 2.0 Resource Server,\nvalidating OAuth 2.0 bearer access tokens and setting headers/environment variables based\non the validation results.\n\n\n## Configuration \n\n```\nOAuth2TokenVerify [ introspect | jwk_uri | metadata | jwk | plain | base64 | base64url | hex | pem | pubkey | eckey_uri ] \u003cvalue\u003e \u003coptions\u003e\n```\n\n## Samples\n\n```\n    #\n    # obtain the access token from the authorization header\n    #\n    map $http_authorization $source_token {\n        default \"\";\n        \"~*^Bearer\\s+(?\u003ctoken\u003e[\\S]+)$\" $token;\n    }\n\n    map $pfc_introspect_sub $valid_sub {\n        \"joe\"        1;\n        \"alice\"     1;\n        \"bob\"      1;\n        \"~admin_.+\"      1;  #allow\n        \"~student_.+\"    0;  # deny\n        default    0; # default to deny\n    }\n\n    server {\n        listen       7070;\n        server_name  nginx;\n\n        #\n        # introspection with a sample \"require sub=joe\" authorization expression\n        #\n\n        location /oauth2/pingfed/introspect {\n            OAuth2TokenVerify $source_token introspect \n                https://pingfed:9031/as/introspect.oauth2\n                introspect.ssl_verify=false\u0026introspect.auth=client_secret_basic\u0026client_id=rs0\u0026client_secret=2Federate;\n\n            OAuth2Claim sub $pfc_introspect_sub;\n            OAuth2Claim username $pfc_introspect_username;\n            OAuth2Claim active $pfc_introspect_active;\n\n        \tOAuth2Require $valid_sub;            \n\n            proxy_set_header OAUTH2_CLAIM_sub $pfc_introspect_sub;\n            proxy_set_header OAUTH2_CLAIM_username $pfc_introspect_username;\n            proxy_set_header OAUTH2_CLAIM_active $pfc_introspect_active;\n            proxy_pass http://echo:8080/headers$is_args$args;\n        }\n\n        #\n        # local validation from a  provided jwks_uri\n        #\n        \n        location /oauth2/pingfed/jwks_uri {\n            OAuth2TokenVerify $source_token jwks_uri\n            \thttps://pingfed:9031/ext/one\n            \tjwks_uri.ssl_verify=false;\n\n            OAuth2Claim sub $pfc_jwks_uri_sub;\n            OAuth2Claim username $pfc_jwks_uri_username;\n            OAuth2Claim active $pfc_jwks_uri_active;\n\n            proxy_set_header OAUTH2_CLAIM_sub $pfc_jwks_uri_sub;\n            proxy_set_header OAUTH2_CLAIM_username $pfc_jwks_uri_username;\n            proxy_set_header OAUTH2_CLAIM_active $pfc_jwks_uri_active;\n            proxy_pass http://echo:8080/headers$is_args$args;\n        }\n\n        #\n        # local validation from a provided jwk\n        #\n        \n        # when using RFC 8705 OAuth 2.0 Mutual-TLS Certificate-Bound Access Tokens with liboauth2 \u003e= 1.6.1\n\t\tssl_verify_client optional_no_ca;\n\n        location /oauth2/pingfed/jwk {\n\t\t\tOAuth2TokenVerify $source_token jwk \n\t\t\t\t\"{\t\\\"kty\\\":\\\"RSA\\\",\n\t\t\t\t\t\\\"kid\\\":\\\"one\\\",\n\t\t\t\t\t\\\"use\\\":\\\"sig\\\",\n\t\t\t\t\t\\\"n\\\":\\\"12SBWV_4xU8sBEC2IXcakiDe3IrrUcnIHexfyHG11Kw-EsrZvOy6PrrcqfTr1GcecyWFzQvUr61DWESrZWq96vd08_iTIWIny8pU5dlCoC7FsHU_onUQI1m4gQ3jNr00KhH878vrBVdr_T-zuOYQQOBRMEyFG-I4nb91zO1n2gcpQHeabJw3JIC9g65FCpu8DSw8uXQ1hVfGUDZAK6iwncNZ1uqN4HhRGNevFXT7KVG0cNS8S3oF4AhHafFurheVxh714R2EseTVD_FfLn2QTlCss_73YIJjzn047yKmAx5a9zuun6FKiISnMupGnHShwVoaS695rDmFvj7mvDppMQ\\\",\n\t\t\t\t\t\\\"e\\\":\\\"AQAB\\\"\n\t\t\t\t}\" type=mtls\u0026mtls.policy=optional;\n\n            OAuth2Claim sub $pfc_jwk_sub;\n            OAuth2Claim username $pfc_jwk_username;\n            OAuth2Claim active $pfc_jwk_active;\n\n            proxy_set_header OAUTH2_CLAIM_sub $pfc_jwk_sub;\n            proxy_set_header OAUTH2_CLAIM_username $pfc_jwk_username;\n            proxy_set_header OAUTH2_CLAIM_active $pfc_jwk_active;\n            proxy_pass http://echo:8080/headers$is_args$args;\n        }\n    }      \n```\n\n## Support\n\n#### Community Support\nFor generic questions, see the Wiki pages with Frequently Asked Questions at:  \n  [https://github.com/OpenIDC/ngx_oauth2_module/wiki](https://github.com/OpenIDC/ngx_oauth2_module/wiki)  \nAny questions/issues should go to issues tracker.\n\n#### Commercial Services\nFor commercial Support contracts, Professional Services, Training and use-case specific support you can contact:  \n  [sales@openidc.com](mailto:sales@openidc.com)  \n\n\nDisclaimer\n----------\n*This software is open sourced by OpenIDC. For commercial support\nyou can contact [OpenIDC](https://www.openidc.com) as described above in the [Support](#support) section.*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOpenIDC%2Fngx_oauth2_module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOpenIDC%2Fngx_oauth2_module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOpenIDC%2Fngx_oauth2_module/lists"}