Skip to content

Updates to use new phantom token module #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Updates to use new phantom token module #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion deployments/curity/apigateway/nginx/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM nginx:1.25.5-alpine

RUN curl -s -L 'https://github.com/curityio/nginx_phantom_token_module/releases/download/1.6.0/alpine.ngx_curity_http_phantom_token_module_1.25.5.so' > /usr/lib/nginx/modules/ngx_curity_http_phantom_token_module.so
RUN curl -s -L 'https://github.com/curityio/nginx_phantom_token_module/releases/download/2.0.0/alpine.ngx_curity_http_phantom_token_module_1.25.5.so' > /usr/lib/nginx/modules/ngx_curity_http_phantom_token_module.so
COPY resources/nginx-1.25.5/alpine/ngx_http_oauth_proxy_module.so /usr/lib/nginx/modules
15 changes: 13 additions & 2 deletions deployments/curity/apigateway/nginx/default.conf.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ server {

# Run the Phantom Token module to get a JWT access token from an opaque access token
phantom_token on;
phantom_token_client_credential api-gateway-client Password1;
phantom_token_introspection_endpoint curity;

# Forward the JWT access token to the API
Expand Down Expand Up @@ -117,10 +116,22 @@ server {
}

location curity {
proxy_pass http://login-internal:8443/oauth/v2/oauth-introspect;

# Avoid exposing this route externally
internal;

# Configure introspection headers including a basic credential of base64encode(api-gateway-client:Password1)
proxy_pass_request_headers off;
proxy_set_header Accept "application/jwt";
proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_set_header Authorization "Basic YXBpLWdhdGV3YXktY2xpZW50OlBhc3N3b3JkMQ==";

# Configure the introspection results cache
proxy_cache_methods POST;
proxy_cache api_cache;
proxy_cache_key §request_body;
proxy_ignore_headers Set-Cookie;

proxy_pass http://login-internal:8443/oauth/v2/oauth-introspect;
}
}
2 changes: 1 addition & 1 deletion deployments/external/apigateway/nginx/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM nginx:1.25.5-alpine

RUN curl -s -L 'https://github.com/curityio/nginx_phantom_token_module/releases/download/1.6.0/alpine.ngx_curity_http_phantom_token_module_1.25.5.so' > /usr/lib/nginx/modules/ngx_curity_http_phantom_token_module.so
RUN curl -s -L 'https://github.com/curityio/nginx_phantom_token_module/releases/download/2.0.0/alpine.ngx_curity_http_phantom_token_module_1.25.5.so' > /usr/lib/nginx/modules/ngx_curity_http_phantom_token_module.so
COPY resources/nginx-1.25.5/alpine/ngx_http_oauth_proxy_module.so /usr/lib/nginx/modules