JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.
An easy way to setup JWT Bearer Token authorization for any API endpoint, reverse proxy service, or location block without having to touch your server-side code.
This example uses the secret, token, and claims from jwt.io:
Server:
docker run --rm \
-it \
-e JWT_SECRET=secret \
-v `pwd`/nginx.conf:/nginx.conf \
-v `pwd`/bearer.lua:/bearer.lua \
-p 8080:8080 \
ubergarm/openresty-nginx-jwtClient:
# apt-get install httpie || brew install httpie
http --print HBhb localhost:8080/secure/ "Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
# token as url argument
http --print HBhb localhost:8080/secure/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
# token as cookie
http --print HBhb localhost:8080/secure/ "Cookie:token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"Edit nginx.conf to setup your custom location blocks.
Edit bearer.lua or create new lua scripts to meet your specific needs for each location block.
Restart a container and volume mount in all of the required configuration.
To update or build a custom image edit the Dockerfile and:
docker build -t ubergarm/openresty-nginx-jwt .I originally tried to get auth0/nginx-jwt working, but even the newer forks are not as straight forward as simply using lua-resty-jwt rock directly.
If you're looking for something beyond just JWT auth, check out kong for all your API middleware plugin needs!
Also Caddy might be faster for a simple project.
I'd love to get this running in an Alpine Linux, but openresty/openresty:alpine doesn't come with LuaRocks. It should be possible with some work and would reduce the image size considerably.