JWT Validation implementation for HAProxy Lua host
Branch: master
Clone or download
Latest commit 73a88c3 Jan 22, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib Initial commit Jan 22, 2019
LICENSE Initial commit Jan 22, 2019
README.md Initial commit Jan 22, 2019
haproxy-example.cfg Initial commit Jan 22, 2019
install.sh Initial commit Jan 22, 2019


JSON Web Token (JWT) library for HAProxy

This is a Lua library for HAProxy that will verify JWT tokens.


The jwtverify.lua file has these dependencies:

Install like so:

git clone https://github.com/haproxytech/haproxy-lua-jwt.git
cd haproxy-lua-jwt
chmod +x ./install.sh
sudo ./install.sh luajwt

You have several installation modes:

Command Meaning
sudo install.sh luajwt Installs jwtverify.lua and its dependencies to /usr/local/share/lua/5.3/jwtverify.lua
sudo install.sh haproxy Installs HAProxy
sudo install.sh all Installs HAProxy and jwtverify.lua and its dependencies


A sample application can be found at https://github.com/haproxytechblog/haproxy-jwt-vagrant.


  1. Sign up for an account with an OAuth token provider, such as https://auth0.com
  2. Create a new API on the Auth0 website
  3. Create a new "Machine to Machine Application" on the Auth0 website, optionally granting it "scopes"
  4. Download the public key certificate for your application on the Auth0 website via Applications > My App > Settings > Show Advanced Settings > Certificates > Download Certificate. Auth0 signs tokens using this key. Convert it using openssl x509 -pubkey -noout -in ./mycert.pem > pubkey.pem.
  5. Update the HAProxy configuration file by:
    • Copy haproxy-example.cfg to /etc/haproxy/haproxy.cfg and restart HAProxy via sudo systemctl restart haproxy
    • or run it from this directory via sudo haproxy -f ./haproxy-example.cfg
  6. Get a JSON web token (JWT) from your authentication server by following the Quick Start on the Auth0 website, under the Applications tab, for your Machine to Machine application.
  7. Make requests to your API and attach the JWT in the Authorization header. You should get a successful response.