Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session keeps being lost / reinitialized #278

Closed
Mich-b opened this issue Aug 3, 2019 · 2 comments
Closed

Session keeps being lost / reinitialized #278

Mich-b opened this issue Aug 3, 2019 · 2 comments

Comments

@Mich-b
Copy link

Mich-b commented Aug 3, 2019
edited
Loading

Environment
  • lua-resty-auto-ssl 0.12.0-1 (installed) - /usr/local/lib/luarocks/rocks
  • lua-resty-hmac v1.0-1 (installed) - /usr/local/lib/luarocks/rocks
  • lua-resty-http 0.13-0 (installed) - /usr/local/lib/luarocks/rocks
  • lua-resty-jwt 0.2.0-0 (installed) - /usr/local/lib/luarocks/rocks
  • lua-resty-openidc 1.7.2-1 (installed) - /usr/local/lib/luarocks/rocks
  • lua-resty-session 2.24-1 (installed) - /usr/local/lib/luarocks/rocks
  • luacrypto 0.3.2-2 (installed) - /usr/local/lib/luarocks/rocks

OIDC provider: Auth0

Expected behaviour

Web site authenticates the user and the session of the user is kept until the session expires

Actual behaviour

Web site re-authenticate the user for every single request (similar to #249).
The problem occurs with a Kibana installation for which nginx is the proxy.

Minimized example

Minimal, complete configuration that reproduces the behavior.
access.lua:

 local opts = {
             -- the full redirect URI must be protected by this script and becomes:
             -- ngx.var.scheme.."://"..ngx.var.http_host..opts.redirect_uri_path
             -- unless the scheme is overridden using opts.redirect_uri_scheme or an X-Forwarded-Proto header in the incoming request
             redirect_uri = "https://subdomain.redactedname.com/redirect_uri",
             discovery = "https://redactedname.eu.auth0.com/.well-known/openid-configuration",
             client_id = "redacted",
             client_secret = "redacted"
             --authorization_params = { hd="pingidentity.com" },
             --scope = "openid email profile",
             -- Refresh the user's id_token after 900 seconds without requiring re-authentication
             --refresh_session_interval = 900,
             --iat_slack = 600,
             --redirect_uri_scheme = "https",
             --logout_path = "/logout",
             --redirect_after_logout_uri = "/",
             --redirect_after_logout_with_id_token_hint = true,
             --token_endpoint_auth_method = ["client_secret_basic"|"client_secret_post"],
             --ssl_verify = "no"
             --access_token_expires_in = 3600
             -- Default lifetime in seconds of the access_token if no expires_in attribute is present in the toke endpoint responsE
             --   This plugin will silently renew the access_token once it's expired if refreshToken scope is present.
             --access_token_expires_leeway = 0
             --   Expiration leeway for access_token renewal.
             --   If this is set, renewal will happen access_token_expires_leeway seconds before the token expiration.
             --   This avoids errors in case the access_token just expires when arriving to the OAuth Resoource Server.
             --force_reauthorize = false
             -- when force_reauthorize is set to true the authorization flow will be executed even if a token has been cached already
          }

          -- call authenticate for OpenID Connect user authentication
          local res, err = require("resty.openidc").authenticate(opts)

          if err then
            ngx.status = 500
            ngx.say(err)
            ngx.log(ngx.NOTICE, "in error")
            ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
          end

          -- at this point res is a Lua table with 3 keys:
          --   id_token    : a Lua table with the claims from the id_token (required)
          --   access_token: the access token (optional)
          --   user        : a Lua table with the claims returned from the user info endpoint (optional)

          --if res.id_token.hd ~= "pingidentity.com" then
          --  ngx.exit(ngx.HTTP_FORBIDDEN)
          --end

          --if res.user.email ~= "hans.zandbelt@zmartzone.eu" then
          --  ngx.exit(ngx.HTTP_FORBIDDEN)
          --end

          -- set headers with user info: this will overwrite any existing headers
          -- but also scrub(!) them in case no value is provided in the token
          ngx.req.set_header("X-USER", res.id_token.sub)

nginx.conf:

worker_processes  5;
user www-data www-data;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
error_log logs/error.log debug;
#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}

http{
    include       mime.types;
    default_type  application/octet-stream;
    resolver 192.168.2.1;
    lua_package_path '~/lua/?.lua;;';
    lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
    lua_ssl_verify_depth 5;
  # cache for discovery metadata documents
  lua_shared_dict discovery 1m;
  # cache for JWT verification results
  lua_shared_dict introspection 10m;
  # cache for JWKs
  lua_shared_dict jwks 1m;

  # The "auto_ssl" shared dict should be defined with enough storage space to
  # hold your certificate data. 1MB of storage holds certificates for
  # approximately 100 separate domains.
  lua_shared_dict auto_ssl 1m;
  # The "auto_ssl_settings" shared dict is used to temporarily store various settings
  # like the secret used by the hook server on port 8999. Do not change or
  # omit it.
  lua_shared_dict auto_ssl_settings 64k;
#    lua_code_cache off;

  # Initial setup tasks.
  init_by_lua_block {
    auto_ssl = (require "resty.auto-ssl").new()

    -- Define a function to determine which SNI domains to automatically handle
    -- and register new certificates for. Defaults to not allowing any domains,
    -- so this must be configured.
    auto_ssl:set("allow_domain", function(domain, auto_ssl, ssl_options)
      return ngx.re.match(domain, "^(redacted.redacted.com|redacted.redacted.com)$", "ijo")
    end)

    auto_ssl:init()
  }

  init_worker_by_lua_block {
    auto_ssl:init_worker()
  }


server{
    listen 80 default_server;
    server_name redacted.redacted.com;

    # Endpoint used for performing domain verification with Let's Encrypt.
    location /.well-known/acme-challenge/ {
      content_by_lua_block {
        auto_ssl:challenge_server()
      }
    }

    location / {
         return 301 https://$host$request_uri;
    }
}


server{
    listen 80 ;
    server_name redacted.redacted.com;

    # Endpoint used for performing domain verification with Let's Encrypt.
    location /.well-known/acme-challenge/ {
      content_by_lua_block {
        auto_ssl:challenge_server()
      }
    }

    location / {
         return 301 https://$host$request_uri;
    }
}

  # Internal server running on port 8999 for handling certificate tasks.
  server {
    listen 127.0.0.1:8999;

    # Increase the body buffer size, to ensure the internal POSTs can always
    # parse the full POST contents into memory.
    client_body_buffer_size 128k;
    client_max_body_size 128k;

    location / {
      content_by_lua_block {
        auto_ssl:hook_server()
      }
    }
  }

server{
    access_by_lua_file "conf/access.lua";
    #searched for hours for the next session: apparently the iphone switches user agent when going to native video player, causing a session check failure and thus redirect to auth0. Fixed by disable the check on user agent
    set $session_check_ua off;
    listen 443 ssl default_server; 
    server_name redacted.redacted.com;
    ssl_dhparam /home/redacted/ssl/dhparameters/dhparams.pem;
  
    # Dynamic handler for issuing or returning certs for SNI domains.
    ssl_certificate_by_lua_block {
      auto_ssl:ssl_certificate()
    }
  
    # You must still define a static ssl_certificate file for nginx to start.
    ssl_certificate /etc/letsencrypt/live/redacted.com-0002/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/redacted.com-0002/privkey.pem;

    location ~ (/app/kibana|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch|/dlls|/built_assets) {
      proxy_pass http://localhost:5601;
    }

    location / {
      proxy_pass http://localhost:8080;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded_Proto $scheme;
    }
}
 
}
Configuration and NGINX server log files
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:571: openidc_discover(): discovery data not in cache, making call to discovery endpoint
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:583: openidc_discover(): response data: {"issuer":"https://redactedname.eu.auth0.com/","authorization_endpoint":"https://redactedname.eu.auth0.com/authorize","token_endpoint":"https://redactedname.eu.auth0.com/oauth/token","userinfo_endpoint":"https://redactedname.eu.auth0.com/userinfo","mfa_challenge_endpoint":"https://redactedname.eu.auth0.com/mfa/challenge","jwks_uri":"https://redactedname.eu.auth0.com/.well-known/jwks.json","registration_endpoint":"https://redactedname.eu.auth0.com/oidc/register","revocation_endpoint":"https://redactedname.eu.auth0.com/oauth/revoke","scopes_supported":["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],"response_types_supported":["code","token","id_token","code token","code id_token","token id_token","code token id_token"],"code_challenge_methods_supported":["S256","plain"],"response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["HS256","RS256"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"claims_supported":["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],"request_uri_parameter_supported":false,"device_authorization_endpoint":"https://redactedname.eu.auth0.com/oauth/device/code"}
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:105: openidc_cache_set(): cache set: success=true err=nil forcible=false
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:1374: authenticate(): Redirect URI path (/redirect_uri) is currently navigated -> Processing authorization response coming from OP
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:1092: authenticate(): Authentication with OP done -> Calling OP Token Endpoint to obtain tokens
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:434: call_token_endpoint(): client_secret_basic: authorization header 'Basic dW9qZnUwc0hCZEhIUTV5SGRzbU5aVTY3Zk9qTWRhUGs6Vjcya1V2QnBWdmxIdVg0dS0tZDR5OXJoaWZHTGkwbnpYeWxpYm15OWU5S3NIUTlmZzFhQmQ4bmxZN192M2JScA=='
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:489: call_token_endpoint(): request body for token endpoint call: state=bb0210a51252b5746422b065a1174a68&grant_type=authorization_code&code=0X8WOr1nC8deUsV2&redirect_uri=https%3A%2F%2Fsubdomain.redactedname.com%2Fredirect_uri
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:506: call_token_endpoint(): token endpoint response: {"access_token":"LqUwkyLKMwCiJpGYIF_IykJuMmtPs89H","id_token":"redactedtoken"}
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:963: openidc_load_jwt_and_verify_crypto(): using discovery to find key
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:690: openidc_jwks(): openidc_jwks: URL is: https://redactedname.eu.auth0.com/.well-known/jwks.json (force=0) (decorator=nil
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:700: openidc_jwks(): cannot use cached JWKS data; making call to jwks endpoint
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:712: openidc_jwks(): response data: {"keys":[{"alg":"RS256","kty":"RSA","use":"sig","x5c":["MIIDCzCCAfOgAwIBAgIJRKjt+hv4AbW+MA0GCSqGSIb3DQEBCwUAMCMxITAfBgNVBAMTGHBvcnRhc2VjdXJhLmV1LmF1dGgwLmNvbTAeFw0xNzA4MDUwODI3NDZaFw0zMTA0MTQwODI3NDZaMCMxITAfBgNVBAMTGHBvcnRhc2VjdXJhLmV1LmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVt6aDbcjsQZZpVuPuZF2okxsLk8feftKaI/nIauY7mPd7UldyKqF3XikjE9z5jp2MnrdtoeK7eM4t3DSSHX+5qVE2db+lTOaevVbkj430j/IDAFrQebU7+w2dLMzK8jpei0JEsLqHX8Blart/xNKdcKXbSNcFE6V9cBvZVWzHLxQV7R15XRLW8/ZWQ38udjIJ5CvoqmD7nwIraCWv50qDEWxgL4Qw6KxPrp2FVH7zLr9oiuofajlcolJ7eL8ZbwVMh+QT8vrkKNmcxN4TeDQuzoxrg8nCEgDSGoq3bvHd3vZJ1M13nDWfb07zoHEhAS95LD3LpMNs/kMQloTAkiIECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUeE36JlkwJxLjRrr6Ab6fqCGS+PUwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQBua/LO0JPorWLdXkurW/GASBaS6HFr2Pj+gTJjHIqfcj9AqDtkakx5aXy8KhEeUD41B8JGSQtpG0MOS3J0Sx5Nsm2o+wUxIqmXOo74FiR6d8cRlxXZ2m9guIwqUHbrvv1tNHhB2oThL66AREVaWKpYMdPv/kvJ+PqliAUMEYzWL5iQXX8uXLEhmCoJhLY621wIIyCl3IJCd2OFl8S6v3wA30yM9tYtpgXi59rBDoYyYoLKacLu4RoEjIgEwD6lG/HiaDrdLyGbSuy11rCPLq4wSK9WHAAb/JKKx6sBRWOUG2uHAD0XY3BGp9N2CJeZu1/8rJ7m6RFLUBjoVD/HIZPO"],"n":"1W3poNtyOxBlmlW4-5kXaiTGwuTx95-0poj-chq5juY93tSV3IqoXdeKSMT3PmOnYyet22h4rt4zi3cNJIdf7mpUTZ1v6VM5p69VuSPjfSP8gMAWtB5tTv7DZ0szMryOl6LQkSwuodfwGVqu3_E0p1wpdtI1wUTpX1wG9lVbMcvFBXtHXldEtbz9lZDfy52MgnkK-iqYPufAitoJa_nSoMRbGAvhDDorE-unYVUfvMuv2iK6h9qOVyiUnt4vxlvBUyH5BPy-uQo2ZzE3hN4NC7OjGuDycISANIairdu8d3e9knUzXecNZ9vTvOgcSEBL3ksPcukw2z-QxCWhMCSIgQ","e":"AQAB","kid":"OUVEMURFRkMwQzRCMjg3ODczQUEzRTFCMDZDMDVCQjc5MEJFOUQwMA","x5t":"OUVEMURFRkMwQzRCMjg3ODczQUEzRTFCMDZDMDVCQjc5MEJFOUQwMA"}]}
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:105: openidc_cache_set(): cache set: success=true err=nil forcible=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:817: openidc_pem_from_x5c(): Found x5c, getting PEM public key from x5c entry of json public key
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:822: openidc_pem_from_x5c(): Generated PEM key from x5c:-----BEGIN CERTIFICATE-----
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:105: openidc_cache_set(): cache set: success=true err=nil forcible=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:991: openidc_load_jwt_and_verify_crypto(): jwt: {"payload":{"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1034: openidc_load_and_validate_jwt_id_token(): id_token header: {"kid":"OUVEMURFRkMwQzRCMjg3ODczQUEzRTFCMDZDMDVCQjc5MEJFOUQwMA","alg":"RS256","typ":"JWT"}
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1035: openidc_load_and_validate_jwt_id_token(): id_token payload: {"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:522: call_userinfo_endpoint(): authorization header 'Bearer LqUwkyLKMwCiJpGYIF_IykJuMmtPs89H'
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:537: call_userinfo_endpoint(): userinfo response: {"sub":"auth0|59859c3a6422220d846de482","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1155: authenticate(): OIDC Authorization Code Flow completed -> Redirecting to original URL (/app/kibana)
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *77 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *77 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *77 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *77 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
@Mich-b
Copy link
Author

Mich-b commented Aug 4, 2019
edited
Loading

Solved, due to bungle/lua-resty-session#23

Setting set $session_secret <secret>; solved the issue.

@bodewig
Copy link
Collaborator

bodewig commented Aug 4, 2019

many thanks for the update

@bodewig bodewig closed this as completed Aug 4, 2019
@james-mchugh james-mchugh mentioned this issue Nov 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bodewig @Mich-b