openresty-nginx-jwt - JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt.

  •        126

JWT Bearer Token authorization with nginx, openresty, and lua-resty-jwt. An easy way to setup JWT Bearer Token authorization for any API endpoint, reverse proxy service, or location block without having to touch your server-side code.

https://github.com/ubergarm/openresty-nginx-jwt

Tags
Implementation
License
Platform

   




Related Projects

nginx-jwt - Lua script for Nginx that performs reverse proxy auth using JWT's

  •    Javascript

nginx-jwt is a Lua script for the Nginx server (running the HttpLuaModule) that will allow you to use Nginx as a reverse proxy in front of your existing set of HTTP services and secure them (authentication/authorization) using a trusted JSON Web Token (JWT) in the Authorization request header, having to make little or no changes to the backing services themselves.IMPORTANT: nginx-jwt is a Lua script that is designed to run on Nginx servers that have the HttpLuaModule installed. But ultimately its dependencies require components available in the OpenResty distribution of Nginx. Therefore, it is recommended that you use OpenResty as your Nginx server, and these instructions make that assumption.

OpenResty - Turning Nginx into a Full-Fledged Scriptable Web Platform

  •    C

OpenResty is a full-fledged web platform that integrates the standard Nginx core, LuaJIT, many carefully written Lua libraries, lots of high quality 3rd-party Nginx modules, and most of their external dependencies. It is designed to help developers easily build scalable web applications, web services, and dynamic web gateways.

lua-resty-openidc - Lua implementation to make NGINX operate as an OpenID Connect RP or OAuth 2

  •    Lua

lua-resty-openidc is a library for NGINX implementing the OpenID Connect Relying Party (RP) and/or the OAuth 2.0 Resource Server (RS) functionality. When used as an OpenID Connect Relying Party it authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i.e. the Authorization Code flow). When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0 Bearer Access Tokens against an Authorization Server or, in case a JSON Web Token is used for an Access Token, verification can happen against a pre-configured secret/key .

proxygateway - Proxy Gateway基于openresty(nginx lua module)开发,可以作为接口网关(api gateway)使用,整合业务模块接口,微服务治理聚合,通过web配置界面,能够轻松进行代理配置管理,支持负载均衡,服务器状态检测等

  •    Javascript

Proxy Gateway基于openresty(nginx lua module)开发,可以作为接口网关(api gateway)使用,整合业务模块接口,微服务治理聚合,通过web配置界面,能够轻松进行代理配置管理,支持负载均衡,服务器状态检测等

Kong - The Microservice API Gateway

  •    Lua

Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, API Middleware or in some cases Service Mesh). Backed by the battle-tested NGINX with a focus on high performance, Kong was made available as an open-source platform in 2015. Under active development, Kong is used in production at thousands of organizations from startups, Global 5000 and Government organizations.


jwtproxy - An HTTP-Proxy that adds AuthN through JWTs

  •    Go

The JWT proxy is intended to be used as a complementary service for authenticating, and possibly authorizing requests made between services. There is a forward proxy component, which can be configured to sign outgoing requests to another service, and a reverse proxy component, which can be used to authenticate incoming requests from another service.The JWT forward proxy is used to sign outgoing requests with a JWT using a private key.

orange - OpenResty/Nginx Gateway for API Monitoring and Management.

  •    Lua

A Gateway based on OpenResty(Nginx+lua) for API Monitoring and Management. Import the SQL file(e.g. install/orange-v0.6.3.sql) which is adapted to your Orange version into MySQL database named orange.

express-jwt-permissions - :vertical_traffic_light: Express middleware for JWT permissions

  •    Javascript

Middleware that checks JWT tokens for permissions, recommended to be used in conjunction with express-jwt. This middleware assumes you already have a JWT authentication middleware such as express-jwt.

go-jwt-middleware - A Middleware for Go Programming Language to check for JWTs on HTTP requests

  •    Go

A middleware that will check that a JWT is sent on the Authorization header and will then set the content of the JWT into the user variable of the request.This module lets you authenticate HTTP requests using JWT tokens in your Go Programming Language applications. JWTs are typically used to protect API endpoints, and are often issued using OpenID Connect.

lua-resty-auto-ssl - On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt

  •    Perl

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt. This uses the ssl_certificate_by_lua functionality in OpenResty 1.9.7.2+.

cpp-jwt - JSON Web Token library for C++

  •    C++

JSON Web Token(JWT) is a JSON based standard (RFC-7519) for creating assertions or access tokens that consists of some claims (encoded within the assertion). This assertion can be used in some kind of bearer authentication mechanism that the server will provide to clients, and the clients can make use of the provided assertion for accessing resources. This provides JWT client support in C++.

ledge - An RFC compliant and ESI capable HTTP cache for Nginx / OpenResty, backed by Redis

  •    Lua

An RFC compliant and ESI capable HTTP cache for Nginx / OpenResty, backed by Redis. Ledge can be utilised as a fast, robust and scalable alternative to Squid / Varnish etc, either installed standalone or integrated into an existing Nginx server or load balancer.

awesome-resty - A List of Quality OpenResty Libraries, and Resources.

  •    

A List of OpenResty / Nginx modules, Lua libraries, and related resources. OpenResty is a full-fledged web platform by integrating the standard Nginx core, LuaJIT, many carefully written Lua libraries, lots of high quality 3rd-party Nginx modules, and most of their external dependencies. It is designed to help developers easily build scalable web applications, web services, and dynamic web gateways.

jxwaf - JXWAF(锦衣盾)是一款基于openresty(nginx+lua)开发的下一代web应用防火墙

  •    C

JXWAF(锦衣盾)是一款基于openresty(nginx+lua)开发的下一代web应用防火墙

ngx_lua_waf - ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙

  •    Lua

ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙

lua-resty-waf - High-performance WAF built on the OpenResty stack

  •    Perl

lua-resty-waf is currently in active development. New bugs and questions opened in the issue tracker will be answered within a day or two, and performance impacting / security related issues will be patched with high priority. Larger feature sets and enhancements will be added when development resources are available (see the Roadmap section for an outline of planned features). lua-resty-waf is compatible with the master branch of lua-resty-core. The bundled version of lua-resty-core available in recent releases of OpenResty (>= 1.9.7.4) is compatible with lua-resty-waf; versions bundled with older OpenResty bundles are not, so users wanting to leverage resty.core will either need to replace the local version with the one available from the GitHub project, or patch the module based off this commit.

node-express-realworld-example-app

  •    Javascript

Requests are authenticated using the Authorization header with a valid JWT. We define two express middlewares in routes/auth.js that can be used to authenticate requests. The required middleware configures the express-jwt middleware using our application's secret and will return a 401 status code if the request cannot be authenticated. The payload of the JWT can then be accessed from req.payload in the endpoint. The optional middleware configures the express-jwt in the same way as required, but will not return a 401 status code if the request cannot be authenticated.

jose-jwt - Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for

  •    CSharp

Minimallistic zero-dependency library for generating, decoding and encryption JSON Web Tokens. Supports full suite of JSON Web Algorithms as of July 4, 2014 version. JSON parsing agnostic, can plug any desired JSON processing library. Extensively tested for compatibility with jose.4.j, Nimbus-JOSE-JWT and json-jwt libraries.v2.1 and above added extra features support for .NET461+ and coming with 3 version of binaries (NET4, NET461 and netstandard1.4).