https://github.com/ubergarm/openresty-nginx-jwt

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.
https://github.com/ubergarm/openresty-nginx-jwt

authorization jwt-bearer luarocks nginx-jwt openresty-module reverse-proxy

Last synced: about 1 year ago
JSON representation

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

• Host: GitHub
• URL: https://github.com/ubergarm/openresty-nginx-jwt
• Owner: ubergarm
• License: apache-2.0
• Created: 2016-09-14T18:16:34.000Z (almost 10 years ago)
• Default Branch: master
• Last Pushed: 2018-12-17T11:31:48.000Z (over 7 years ago)
• Last Synced: 2025-03-30T13:04:12.181Z (about 1 year ago)
• Topics: authorization, jwt-bearer, luarocks, nginx-jwt, openresty-module, reverse-proxy
• Language: Lua
• Size: 12.7 KB
• Stars: 91
• Watchers: 2
• Forks: 31
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
openresty-nginx-jwt

===

[![](https://images.microbadger.com/badges/image/ubergarm/openresty-nginx-jwt.svg)](https://microbadger.com/images/ubergarm/openresty-nginx-jwt) [![](https://images.microbadger.com/badges/version/ubergarm/openresty-nginx-jwt.svg)](https://microbadger.com/images/ubergarm/openresty-nginx-jwt) [![License](https://img.shields.io/github/license/mashape/apistatus.svg)](https://github.com/ubergarm/openresty-nginx-jwt/blob/master/LICENSE)

JWT Bearer Token authorization with `nginx`, `openresty`, and `lua-resty-jwt`.

An easy way to setup JWT Bearer Token authorization for any API endpoint, reverse proxy service, or location block without having to touch your server-side code.

## Run

This example uses the secret, token, and claims from [jwt.io](https://jwt.io/):

Server:

```bash

docker run --rm \

           -it \

           -e JWT_SECRET=secret \

           -v `pwd`/nginx.conf:/nginx.conf \

           -v `pwd`/bearer.lua:/bearer.lua \

           -p 8080:8080 \

           ubergarm/openresty-nginx-jwt

```

Client:

```bash

# apt-get install httpie || brew install httpie

http --print HBhb localhost:8080/secure/ "Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"

# token as url argument

http --print HBhb localhost:8080/secure/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

# token as cookie

http --print HBhb localhost:8080/secure/ "Cookie:token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"

```

## Configure

Edit `nginx.conf` to setup your custom location blocks.

Edit `bearer.lua` or create new `lua` scripts to meet your specific needs for each location block.

Restart a container and volume mount in all of the required configuration.

## Build

To update or build a custom image edit the `Dockerfile` and:

```bash

docker build -t ubergarm/openresty-nginx-jwt .

```

## Note

I originally tried to get [auth0/nginx-jwt](https://github.com/auth0/nginx-jwt) working, but even the newer forks are not as straight forward as simply using `lua-resty-jwt` rock directly.

If you're looking for something beyond just JWT auth, check out [kong](https://getkong.org/) for all your API middleware plugin needs!

Also [Caddy](https://caddyserver.com/) might be faster for a simple project.

## References

* https://github.com/openresty/docker-openresty

* https://github.com/SkyLothar/lua-resty-jwt

* https://github.com/svyatogor/resty-lua-jwt

* https://getkong.org/

* https://jwt.io/