nginx-openid-connect
nginx-openid-connect copied to clipboard
nginxinc
Reference implementation of OpenID Connect integration for NGINX Plus
**Background:** - Current NJS implementation disregard the `access_token` that is being sent by the IdP and only uses the `id_token` to get stored in the NGINX Plus K/V store. -...
Err on being secure: Block the `auth_` cookies from the upstream, as it's more likely that they will not be needed than will be needed. This prevents accidental session exposure...
This PR hardens the implementation to use random values instead of the request_id for the OIDC Nonce and client session access token. The major changes are: - Adds generateID() function...
This change resolves CORS failures seen when using Microsoft IdPs. Related MS error codes: - AADSTS9002326 - AADSTS9002327
- Updated token exchange to use the Authorization header for client_secret_basic. - Refactored logic for generating POST request parameters for token retrieval and refresh. - Added "oidc_client_auth_method" variable to select...
Based on https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication we have: This section defines a set of Client Authentication methods that are used by Clients to authenticate to the Authorization Server when using the Token Endpoint....
Previously, ID token nonce claim validation was skipped in all cases due to lack of detection of if the session was a new session.
Our setup fails to refresh tokens, simply because our IdP does not return id_token in the refresh token response. As can be seen here, that is optional: https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse > Upon...
Hi I have two URLs hosted on my Nginx Plus proxy and I have an issue with this plugin and the logout function. A single user can connect to several...
If Nginx config has a location block which is changed via `rewrite`, when the id_token and access_token times out and refreshes the rewritten URL is not found and a 404...
