Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- events {
- worker_connections 1024;
- }
- http {
- lua_package_path "/usr/local/openresty/?.lua;;";
- resolver 192.168.20.1;
- lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
- lua_ssl_verify_depth 5;
- # cache for discovery metadata documents
- lua_shared_dict discovery 1m;
- # cache for JWKs
- lua_shared_dict jwks 1m;
- server {
- listen 80 default_server;
- server_name _;
- return 301 https://$host$request_uri;
- }
- server {
- listen 443 ssl;
- ssl_certificate /usr/local/openresty/nginx/ssl/nginx.crt;
- ssl_certificate_key /usr/local/openresty/nginx/ssl/nginx.key;
- location / {
- access_by_lua_block {
- local opts = {
- redirect_uri_path = "/welcome",
- discovery = "https://portal.example.com/.well-known/openid-configuration",
- client_id = "@!1234.1234.1234.1234!1234!1234.1234!1234!1234.1234.1234.1234",
- client_secret = "SECRETPASSWORD",
- ssl_verify = "no",
- scope = "openid email profile",
- redirect_uri_scheme = "https",
- }
- -- call authenticate for OpenID Connect user authentication
- local res, err = require("resty.openidc").authenticate(opts)
- if err then
- ngx.status = 500
- ngx.say(err)
- ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
- end
- ngx.req.set_header("X-USER", res.id_token.sub)
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement