JWT#
The module enables validation of JSON Web Tokens (JWT) using specified keys.
It is incompatible with the Auth JWT module. Enable the module in the For detailed documentation and source code, see:
max-lt/nginx-jwt-moduleLoading the Module#
main{}
context:load_module modules/ngx_http_auth_jwt_module.so;
Configuration Example#
http {
server {
auth_jwt_key "0123456789abcdef" hex;
auth_jwt off;
# Authorization via Authentication header
location /secured-by-auth-header/ {
auth_jwt on;
}
# Authorization via cookie
location /secured-by-cookie/ {
auth_jwt $cookie_MyCookieName;
}
# Key inheritance and override
location /secured-by-auth-header-too/ {
auth_jwt_key "another-secret";
auth_jwt on;
}
# Authorization via RSA key
location /secured-by-rsa-key/ {
auth_jwt_key /etc/keys/rsa-public.pem file;
auth_jwt on;
}
location /not-secure/ {}
}
}
Additional Information#