{"id":22268101,"url":"https://github.com/curityio/nginx_oauth_proxy_module","last_synced_at":"2025-07-28T12:30:53.465Z","repository":{"id":44485315,"uuid":"438910725","full_name":"curityio/nginx_oauth_proxy_module","owner":"curityio","description":"NGINX module that decrypts secure cookies from Single Page Apps and forwards JWT access tokens to APIs","archived":false,"fork":false,"pushed_at":"2024-09-04T17:26:50.000Z","size":422,"stargazers_count":16,"open_issues_count":1,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-09-06T00:28:09.250Z","etag":null,"topics":["api-gateway","nginx","oauth-proxy","oauth2","spa","token-handler"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-16T08:13:51.000Z","updated_at":"2024-07-16T12:09:59.000Z","dependencies_parsed_at":"2024-09-05T23:29:37.677Z","dependency_job_id":null,"html_url":"https://github.com/curityio/nginx_oauth_proxy_module","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fnginx_oauth_proxy_module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fnginx_oauth_proxy_module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fnginx_oauth_proxy_module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fnginx_oauth_proxy_module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/nginx_oauth_proxy_module/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227905532,"owners_count":17837906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","nginx","oauth-proxy","oauth2","spa","token-handler"],"created_at":"2024-12-03T11:11:06.511Z","updated_at":"2025-07-28T12:30:53.457Z","avatar_url":"https://github.com/curityio.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OAuth Proxy NGINX Module\n\n[![Quality](https://img.shields.io/badge/quality-test-yellow)](https://curity.io/resources/code-examples/status/)\n[![Availability](https://img.shields.io/badge/availability-binary-blue)](https://curity.io/resources/code-examples/status/)\n\nAn NGINX module that decrypts secure cookies in API calls from Single Page Applications.\\\nThis is the OAuth Proxy component of the [Token Handler Pattern](https://curity.io/resources/learn/the-token-handler-pattern/).\n\n![Token Handler Pattern](token-handler-pattern.png)\n\n## High Level Usage\n\nThe OAuth proxy is a forwarder placed in front of your business APIs, to deal with cookie authorization.\\\nA typical flow for an SPA calling an API would work like this:\n\n![Security Handling](security-handling.png)\n\n- The SPA sends an AES256 encrypted HTTP Only cookie containing an opaque access token\n- The OAuth Proxy module decrypts the cookie to get the opaque access token\n- The opaque access token is then forwarded in the HTTP Authorization Header\n- The [Phantom Token Module](https://github.com/curityio/nginx_phantom_token_module) then swaps the opaque token for a JWT access token\n- The incoming HTTP Authorization Header is then updated with the JWT access token\n- The API must then verify the JWT in a zero trust manner, on every request\n\n## Required Configuration Directives\n\nAll of the directives are required for locations where the module is enabled.\\\nNGINX will fail to load if the configuration for any locations fail validation:\n\n#### oauth_proxy\n\n\u003e **Syntax**: **`oauth_proxy`** `on` | `off`\n\u003e\n\u003e **Context**: `location`\n\nThe module is disabled by default but can be enabled for paths you choose.\n\n#### oauth_proxy_cookie_name_prefix\n\n\u003e **Syntax**: **`oauth_proxy_cookie_name_prefix`** `string`\n\u003e\n\u003e **Context**: `location`\n\nThe prefix used in the SPA's cookie name, typically representing a company or product name.\\\nThe value supplied must not be empty, and `example` would lead to full cookie names such as `example-at`.\n\n#### oauth_proxy_encryption_key\n\n\u003e **Syntax**: **`oauth_proxy_encryption_key`** `string`\n\u003e\n\u003e **Context**: `location`\n\nThis must be a 32 byte encryption key expressed as 64 hex characters.\\\nIt is used to decrypt AES256 encrypted secure cookies.\\\nThe key is initially generated with a tool such as `openssl`, as explained in Curity tutorials.\n\n#### oauth_proxy_trusted_web_origins\n\n\u003e **Syntax**: **`oauth_proxy_trusted_web_origins`** `string[]`\n\u003e\n\u003e **Context**: `location`\n\nA whitelist of at least one web origin from which the module will accept requests.\\\nMultiple origins could be used in special cases where cookies are shared across subdomains.\n\n#### oauth_proxy_cors_enabled\n\n\u003e **Syntax**: **`oauth_proxy_cors_enabled`** `boolean`\n\u003e\n\u003e **Context**: `location`\n\nWhen enabled, the OAuth proxy returns CORS response headers on behalf of the API.\\\nWhen an origin header is received that is in the trusted_web_origins whitelist, response headers are written.\\\nThe [access-control-allow-origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) header is returned, so that the SPA can call the API.\\\nThe [access-control-allow-credentials](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials) header is returned, so that the SPA can send secured cookies to the API.\\\nDefault values are provided for other CORS headers that the SPA needs.\n\n## Optional Configuration Directives\n\n#### oauth_proxy_allow_tokens\n\n\u003e **Syntax**: **`oauth_proxy_allow_tokens`** `on` | `off`\n\u003e\n\u003e **Default**: *off*\n\u003e\n\u003e **Context**: `location`\n\nIf set to true, then requests that already have a bearer token are passed straight through to APIs.\\\nThis can be useful when web and mobile clients share the same API routes.\n\n#### oauth_proxy_cors_allow_methods\n\n\u003e **Syntax**: **`oauth_proxy_cors_allow_methods`** `string`\n\u003e\n\u003e **Default**: *'OPTIONS,GET,HEAD,POST,PUT,PATCH,DELETE'*\n\u003e\n\u003e **Context**: `location`\n\nWhen CORS is enabled, these values are returned in the [access-control-allow-methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) response header.\\\nA '*' wildcard value should not be configured here, since it will not work with credentialed requests.\n\n#### oauth_proxy_cors_allow_headers\n\n\u003e **Syntax**: **`oauth_proxy_cors_allow_headers`** `string`\n\u003e\n\u003e **Default**: *''*\n\u003e\n\u003e **Context**: `location`\n\nWhen CORS is enabled, the module returns these values in the [access-control-allow-headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) response header.\\\nIf no values are configured then at runtime any headers the SPA sends are allowed.\\\nThis is managed by returning the contents of the [access-control-request-headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers) field.\\\nIf setting values explicitly, ensure that the token handler CSRF request header is included, eg `x-example-csrf`.\\\nA '*' wildcard value should not be configured here, since it will not work with credentialed requests.\n\n#### oauth_proxy_cors_expose_headers\n\n\u003e **Syntax**: **`oauth_proxy_cors_expose_headers`** `string`\n\u003e\n\u003e **Default**: *''*\n\u003e\n\u003e **Context**: `location`\n\nWhen CORS is enabled, the module returns these values in the [access-contol-expose-headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) response header.\\\nA '*' wildcard value should not be configured here, since it will not work with credentialed requests.\n\n#### oauth_proxy_cors_max_age\n\n\u003e **Syntax**: **`oauth_proxy_cors_max_age`** `number`\n\u003e\n\u003e **Default**: *86400*\n\u003e\n\u003e **Context**: `location`\n\nWhen CORS is enabled, the module returns this value in the [access-contol-max-age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age) response header.\\\nThis option prevents excessive pre-flight OPTIONS requests, to improve the efficiency of API calls.\n\n## Example Configurations\n\n#### Loading the Module\n\nIn deployed systems the module is loaded using the [load_module](http://nginx.org/en/docs/ngx_core_module.html#load_module) directive.\\\nThis needs to be done in the _main_ part of the NGINX configuration:\n\n```nginx\nload_module modules/ngx_curity_http_oauth_proxy_module.so;\n```\n\n#### Basic Configuration\n\nThe following location decrypts cookies, then forwards an access token to the downstream API:\n\n```nginx\nlocation /products {\n\n    oauth_proxy on;\n    oauth_proxy_cookie_name_prefix \"example\";\n    oauth_proxy_encryption_key \"4e4636356d65563e4c73233847503e3b21436e6f7629724950526f4b5e2e4e50\";\n    oauth_proxy_trusted_web_origin \"https://www.example.com\";\n    oauth_proxy_cors_enabled on;\n\n    proxy_pass \"https://productsapi.example.com\";\n}\n```\n\n#### Inherited Configuration\n\nParent and child locations can be used, in which case children inherit the parent settings:\n\n```nginx\nlocation /api {\n\n    oauth_proxy on;\n    oauth_proxy_cookie_name_prefix \"example\";\n    oauth_proxy_encryption_key \"4e4636356d65563e4c73233847503e3b21436e6f7629724950526f4b5e2e4e50\";\n    oauth_proxy_trusted_web_origin \"https://www.example.com\";\n    oauth_proxy_cors_enabled on;\n    \n    location /api/products {\n        proxy_pass \"https://productsapi.example.com\";\n    }\n\n    location /api/offers {\n        proxy_pass \"https://offersapi.example.com\";\n    }\n}\n```\n\n## Cookie Details\n\nThe module expects to receives two cookies, which use a custom prefix with fixed suffixes.\\\nCookies are encrypted using AES256-GCM, and received in a base64 URL encoded format.\n\n| Example Cookie Name | Fixed Suffix | Contains |\n| ------------------- | ------------ | -------- |\n| example-at | -at | An encrypted cookie containing an opaque or JWT access token |\n| example-csrf | -csrf | A CSRF cookie verified during data changing requests |\n\n## Security Behavior\n\nThe module handles cookies according to [OWASP Cross Site Request Forgery Best Practices](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html):\n\n#### Options Requests\n\nThe module first handles pre-flight OPTIONS requests and writes CORS response headers:\n\n```text\naccess-control-allow-origin: https://www.example.com\naccess-control-allow-credentials: true\naccess-control-allow-cors_allow_methods: OPTIONS,GET,HEAD,POST,PUT,PATCH,DELETE\naccess-control-allow-cors_allow_headers: x-example-csrf\naccess-control-max-age: 86400\nvary: origin,access-control-request-headers\n```\n\n#### Web Origin Checks\n\nOn the main request the module first reads the `Origin HTTP Header`, sent by all modern browsers.\\\nIf this does not contain a trusted value the request is immediately rejected with a 401 response.\n\n#### Cross Site Request Forgery Checks\n\nThe process is as follows, though the exact identifiers depend on the configured cookie prefix:\n\n- After a user login the browser receives an `example-csrf` cookie from the main Token Handler API.\n- When the SPA loads it receives a `csrf-token`, which stays the same for the authenticated session.\n- This is sent as an `x-example-csrf` request header on POST, PUT, PATCH, DELETE commands.\n- The cookie and header value must have the same value or the module returns a 401 error response.\n\n#### Access Token Handling\n\nOnce other checks have completed, the module processes the access token cookie.\\\nThe `-at` cookie is decrypted, after which the token is forwarded to the downstream API:\n\n```text\nAuthorization Bearer 42665300-efe8-419d-be52-07b53e208f46\n```\n\nWith opaque reference tokens the encrypted cookies do not exceed NGINX default header sizes.\\\nIf large JWTs are instead used, then these NGINX properties may need to use larger than default values:\n\n- proxy_buffers\n- proxy_buffer_size\n- large_client_header_buffers\n\n#### Decryption\n\nAES256-GCM uses authenticated encryption, so invalid cookies are rejected with a 401 response:\n\n- Cookies encrypted with a different encryption key\n- Cookies where any part of the payload has been tampered with\n\n#### Error Responses\n\nError responses contain a JSON body and CORS headers so that the SPA can read the details:\n\n```text\n{\n    \"code\": \"unauthorized\", \n    \"message\": \"Access denied due to missing or invalid credentials\"\n}\n\naccess-control-allow-origin: https://www.example.com\naccess-control-allow-credentials: true\n```\n\nThe code in the [Example SPA](https://github.com/curityio/spa-using-token-handler) shows how to handle error responses.\\\nThe HTTP status code is usually sufficient, and the error code can inform the SPA of specific causes.\n\n## Compatibility\n\nThis module has been tested for the Linux NGINX distributions from the [Deployment Resources](/resources/deployment). It requires the [NGINX HTTP SSL module](http://nginx.org/en/docs/http/ngx_http_ssl_module.html) to be enabled, so that OpenSSL libraries are available.\n \nThe binary releases align with the 24 month supported release cycle of [NGINX Plus](https://docs.nginx.com/nginx/releases/) to keep the NGINX secure environment up to date. The module's code has also run to a production level with many previous NGINX releases.\n\n### Pre-Built Releases\n\nPre-built binaries of this module are provided for the following versions of NGINX.\\\nDownload the .so file for your platform and deploy it to the `/usr/lib/nginx/modules` folder of your NGINX servers.\n\n|                                    | NGINX 1.27.4 / NGINX Plus R34 | NGINX 1.27.2 / NGINX Plus R33 | NGINX 1.25.5 / NGINX Plus R32 | NGINX 1.25.3 / NGINX Plus R31 | NGINX 1.25.1 / NGINX Plus R30 |\n| -----------------------------------|:-----------------------------:|:-----------------------------:|:-----------------------------:|:------------------------------:|:-----------------------------:|\n| Alpine                             | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/alpine.ngx_curity_http_oauth_proxy_module_1.27.4.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/alpine.ngx_curity_http_oauth_proxy_module_1.27.2.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/alpine.ngx_curity_http_oauth_proxy_module_1.25.5.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/alpine.ngx_curity_http_oauth_proxy_module_1.25.3.so)          | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/alpine.ngx_curity_http_oauth_proxy_module_1.25.1.so)          |\n| Debian 11.0 (Bullseye)             | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bullseye.ngx_curity_http_oauth_proxy_module_1.27.4.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bullseye.ngx_curity_http_oauth_proxy_module_1.27.2.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bullseye.ngx_curity_http_oauth_proxy_module_1.25.5.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bullseye.ngx_curity_http_oauth_proxy_module_1.25.3.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bullseye.ngx_curity_http_oauth_proxy_module_1.25.1.so) |\n| Debian 12.0 (Bookworm)             | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bookworm.ngx_curity_http_oauth_proxy_module_1.27.4.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bookworm.ngx_curity_http_oauth_proxy_module_1.27.2.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bookworm.ngx_curity_http_oauth_proxy_module_1.25.5.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bookworm.ngx_curity_http_oauth_proxy_module_1.25.3.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/debian.bookworm.ngx_curity_http_oauth_proxy_module_1.25.1.so) |\n| Ubuntu 20.04 LTS (Focal Fossa)     | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.20.04.ngx_curity_http_oauth_proxy_module_1.27.4.so)    | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.20.04.ngx_curity_http_oauth_proxy_module_1.27.2.so)    | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.20.04.ngx_curity_http_oauth_proxy_module_1.25.5.so)    | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.20.04.ngx_curity_http_oauth_proxy_module_1.25.3.so)    | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.20.04.ngx_curity_http_oauth_proxy_module_1.25.1.so)    |\n| Ubuntu 22.04 LTS (Jammy Jellyfish) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.22.04.ngx_curity_http_oauth_proxy_module_1.27.4.so)    | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.22.04.ngx_curity_http_oauth_proxy_module_1.27.2.so)    | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.22.04.ngx_curity_http_oauth_proxy_module_1.25.5.so)    | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.22.04.ngx_curity_http_oauth_proxy_module_1.25.3.so)    | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.22.04.ngx_curity_http_oauth_proxy_module_1.25.1.so)    |\n| Ubuntu 24.04 LTS (Noble Numbat) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.24.04.ngx_curity_http_oauth_proxy_module_1.27.4.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.24.04.ngx_curity_http_oauth_proxy_module_1.27.2.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/ubuntu.24.04.ngx_curity_http_oauth_proxy_module_1.25.5.so) | X | X |\n| Amazon Linux 2                     | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2.ngx_curity_http_oauth_proxy_module_1.27.4.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2.ngx_curity_http_oauth_proxy_module_1.27.2.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2.ngx_curity_http_oauth_proxy_module_1.25.5.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2.ngx_curity_http_oauth_proxy_module_1.25.3.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2.ngx_curity_http_oauth_proxy_module_1.25.1.so)           |\n| Amazon Linux 2023                  | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2023.ngx_curity_http_oauth_proxy_module_1.27.4.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2023.ngx_curity_http_oauth_proxy_module_1.27.2.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2023.ngx_curity_http_oauth_proxy_module_1.25.5.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2023.ngx_curity_http_oauth_proxy_module_1.25.3.so)           | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/amzn2023.ngx_curity_http_oauth_proxy_module_1.25.1.so)           |\n| CentOS Stream 9.0+                 | x | x | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/centos.stream.9.ngx_curity_http_oauth_proxy_module_1.25.5.so) | [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/centos.stream.9.ngx_curity_http_oauth_proxy_module_1.25.3.so)| [⇓](https://github.com/curityio/nginx_oauth_proxy_module/releases/download/1.6.0/centos.stream.9.ngx_curity_http_oauth_proxy_module_1.25.1.so)|\n\n## Building From Source\n\nTo build the latest code against older NGINX versions or Linux distributions, follow the instructions in the [Development Wiki](https://github.com/curityio/nginx_oauth_proxy_module/wiki).\n\n- [Build the Module](https://github.com/curityio/nginx_oauth_proxy_module/wiki/3.-Builds)\n- [Deploy the Module](https://github.com/curityio/nginx_oauth_proxy_module/wiki/4.-Testing-Deployment)\n\n## Licensing\n\nThis software is copyright (C) 2022 Curity AB. It is open source software that is licensed under the [Apache 2 license](LICENSE). For commercial support of this module, please contact [Curity sales](mailto:sales@curity.io).\n\n## More Information\n\nPlease visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fnginx_oauth_proxy_module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Fnginx_oauth_proxy_module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fnginx_oauth_proxy_module/lists"}