Skip to content
This repository has been archived by the owner on Feb 14, 2018. It is now read-only.

Extract JWT from Cookie #65

Open
ismell opened this issue Jan 10, 2017 · 3 comments
Open

Extract JWT from Cookie #65

ismell opened this issue Jan 10, 2017 · 3 comments

Comments

@ismell
Copy link

ismell commented Jan 10, 2017

I would like to secure a webapp. It would be nice if the JWT access token could be stored in a cookie instead of requiring the Authorization HTTP header.

A configuration like JWT_COOKIE_NAME=AuthToken would configure the auth function to look at the cookie.
@tarekrached
Copy link

+1 on this. Without it, I don't see how to secure static assets that are not accessed via XMLHttpRequest or fetch, where we don't have control of the request headers.

@neurofoo
Copy link

+1. recently run into the same issue as @tarekrached re: static pages

@wstam88
Copy link

wstam88 commented Sep 2, 2017
edited 

// if there is no auth header
if auth_header == nil then
        // check cookie for token
        if ngx.var.cookie_token ~= nil then
            token = ngx.var.cookie_token;
        elseif ngx.var.arg_token == nil then
            ngx.exit(ngx.HTTP_UNAUTHORIZED)
        else
            // also check voor token in query params (?token=...)
            token = ngx.var.arg_token;
        end
    else
        // use auth header if there
        token = auth_header;
    end

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tarekrached @ismell @neurofoo @wstam88