-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Remove the auth_jwt_redirect directive #37
Comments
looks good.
|
@Maxx-T I looked at your branch and I like the elimination of all of that code. Can you make a pull request? |
Yes, it sould not take long. |
Done #42 🙂 |
Thanks @max-lt It only took me 2 years to merge your commit - sorry. This was an awesome commit because it did away with so much of the C code. |
Ok... after merging the commit I had to revert it, @max-lt . I ran into trouble with the redirect:
request_uri is not urlencoded. So, if the original request was for /secure/index.htm?foo=bar&hello=world it would return a 302 for this location: https://teslagov.com?redirect=/secure/index.htm?foo=bar&hello=world This won't work because the ? and & need to be URL encoded. I couldn't find any way to urlencode in the nginx.conf. |
Can this help ? https://stackoverflow.com/a/31269010/4111143 |
I believe that example is simply stripping the path off the URL and passing it through to the proxy. The issue we are seeing is, for example, in the context of a login redirect. In short, we need to encode the entire original URL, and append it to the login URL so we can send the user back to that URL after they login. Example
@fitzyjoe found a way to do this by using Javascript within the NGINX config (calling out to a script and using It would be great if we could accept your changes but also perhaps expose a function in the module which would allow us to encode some value from NGINX. We could call it like this ...
We somehow feel better about doing this in C than JS (speed?). |
@max-lt looks like we can use ngx_escape_uri to do this. And we already do use it, so we should have realized that. |
BTW @max-lt, reading over this issue again and IMO, your proposed solution is a bit more wordy than what we have today. Since you would generally only set
You could also use nested locations to consolidate your auth JWT directives, if necessary. So, while I like the idea of getting rid of all of that C code, I believe allowing this module to handle the redirect on its own makes the API easier and less verbose, and also keeps it all in one place. |
Closing this for now but we can revisit if needed. |
I came across this and it was really helpful. @JoshMcCullough if you're ok with it, I could submit a PR to add to docs. Let me know. |
@lukepalmer please feel free to submit a PR to update the docs. Thanks! |
The
auth_jwt_redirect
directive makes the code overly complicated and can be easily replaced by the nginx'serror_page
directive:from:
to:
I'm maintaining a branch that had this simplification (around 130 less lines (~25%) for the
module.c
file, and no more gotos (#13), diff here) and can make a PR if you are interested.The text was updated successfully, but these errors were encountered: