blob: 25b52643f71f7e2a1126c2880214fcf84db4cee1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
OpenID Connect Relying Party (RP) and/or the OAuth 2.0 Resource
Server (RS) functionality for OpenResty / ngx_lua
When used as an OpenID Connect Relying Party it authenticates users
against an OpenID Connect Provider using OpenID Connect Discovery
and the Basic Client Profile (i.e. the Authorization Code flow).
When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0
Bearer Access Tokens against an Authorization Server or, in case a
JSON Web Token is used for an Access Token, verification can happen
against a pre-configured secret/key .
It maintains sessions for authenticated users by leveraging
lua-resty-session thus offering a configurable choice between storing
the session state in a client-side browser cookie or use in of the
server-side storage mechanisms shared-memory|memcache|redis.
It supports server-wide caching of resolved Discovery documents and
validated Access Tokens.
It can be used as a reverse proxy terminating OAuth/OpenID Connect
in front of an origin server so that the origin server/services can
be protected with the relevant standards without implementing those
on the server itself.
|
