Support a /validate for use with ngx_http_auth_request_module
pecigonzalo opened this issue · 2 comments
It would be great to have a /something endpoint that could be used with NGINX https://nginx.org/en/docs/http/ngx_http_auth_request_module.html.
If you can give me some pointers, im happy to do the PR
Hi @pecigonzalo, yes would make perfect sense.
You should make the resource at /login/validate and it should return the token content as JSON, if the Accept-Header for JSON is present. The implementation should share the code with https://github.com/tarent/loginsrv/blob/14651bba903922fccb34776ef16aaf632c2fd878/login/handler.go#L151-L160
Please do not forget the tests and documentation in the README :)
@smancke I was going through the code, and we might not even need the path.
EG: NGINX
server {
listen 80;
location /authz/ {
internal;
proxy_pass http://auth:8080/;
proxy_set_header Accept "application/json";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
location /login {
proxy_pass http://auth:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location / {
auth_request /authz/login;
error_page 401 = /login;
error_page 403 = /login;
root /usr/share/nginx/html;
}
}
Seems to work for the most part, except for the fact that
- I believe
/loginshould return401not403 - Im setting
/loginjson as a separate locaiton, to avoid the client then doing POST/loginand getting JWT return. - We might make it cleaner by just doing an
@thislocation, but then we can put the path, or we have to use a rewrite.