Having issues while trying to protect server with OIDC RP #32
Labels
enhancement
New feature or request
Comments
|
Hi @b-rajesh sorry for the late response. As discussed back in July I do not have any security concerns disabling the jwt protection for the locations handling the authentication. Did you do any testing with the suggested solution? |
tippexs
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi
When i am trying to protect the server (instead of location) with OIDC RP reference implementation , login flow is not kicking off. It works fine if we have the following defined in the location block works fine as mentioned in the reference implementation
error_page 401 = @do_oidc_flow;
auth_jwt "authz" token=$session_jwt;
auth_jwt_key_request /_jwks_uri; # Enable when using filename
Since the auth_jwt is defined in the server block , the named location is also being protected . I was directed to use
auth_jwt off;
in the openid_connect.server_conf
Can we fix the openid_connect.server_conf to have the same ? though the reference implementation doesn't have this challenge, it would helpful if anyone wanted to protect the whole server to with the given config.
The text was updated successfully, but these errors were encountered: