You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Web site authenticates the user and the session of the user is kept until the session expires
Actual behaviour
Web site re-authenticate the user for every single request (similar to #249).
The problem occurs with a Kibana installation for which nginx is the proxy.
Minimized example
Minimal, complete configuration that reproduces the behavior.
access.lua:
local opts = {
-- the full redirect URI must be protected by this script and becomes:
-- ngx.var.scheme.."://"..ngx.var.http_host..opts.redirect_uri_path
-- unless the scheme is overridden using opts.redirect_uri_scheme or an X-Forwarded-Proto header in the incoming request
redirect_uri = "https://subdomain.redactedname.com/redirect_uri",
discovery = "https://redactedname.eu.auth0.com/.well-known/openid-configuration",
client_id = "redacted",
client_secret = "redacted"
--authorization_params = { hd="pingidentity.com" },
--scope = "openid email profile",
-- Refresh the user's id_token after 900 seconds without requiring re-authentication
--refresh_session_interval = 900,
--iat_slack = 600,
--redirect_uri_scheme = "https",
--logout_path = "/logout",
--redirect_after_logout_uri = "/",
--redirect_after_logout_with_id_token_hint = true,
--token_endpoint_auth_method = ["client_secret_basic"|"client_secret_post"],
--ssl_verify = "no"
--access_token_expires_in = 3600
-- Default lifetime in seconds of the access_token if no expires_in attribute is present in the toke endpoint responsE
-- This plugin will silently renew the access_token once it's expired if refreshToken scope is present.
--access_token_expires_leeway = 0
-- Expiration leeway for access_token renewal.
-- If this is set, renewal will happen access_token_expires_leeway seconds before the token expiration.
-- This avoids errors in case the access_token just expires when arriving to the OAuth Resoource Server.
--force_reauthorize = false
-- when force_reauthorize is set to true the authorization flow will be executed even if a token has been cached already
}
-- call authenticate for OpenID Connect user authentication
local res, err = require("resty.openidc").authenticate(opts)
if err then
ngx.status = 500
ngx.say(err)
ngx.log(ngx.NOTICE, "in error")
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
-- at this point res is a Lua table with 3 keys:
-- id_token : a Lua table with the claims from the id_token (required)
-- access_token: the access token (optional)
-- user : a Lua table with the claims returned from the user info endpoint (optional)
--if res.id_token.hd ~= "pingidentity.com" then
-- ngx.exit(ngx.HTTP_FORBIDDEN)
--end
--if res.user.email ~= "hans.zandbelt@zmartzone.eu" then
-- ngx.exit(ngx.HTTP_FORBIDDEN)
--end
-- set headers with user info: this will overwrite any existing headers
-- but also scrub(!) them in case no value is provided in the token
ngx.req.set_header("X-USER", res.id_token.sub)
nginx.conf:
worker_processes 5;
user www-data www-data;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log logs/error.log debug;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http{
include mime.types;
default_type application/octet-stream;
resolver 192.168.2.1;
lua_package_path '~/lua/?.lua;;';
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
lua_ssl_verify_depth 5;
# cache for discovery metadata documents
lua_shared_dict discovery 1m;
# cache for JWT verification results
lua_shared_dict introspection 10m;
# cache for JWKs
lua_shared_dict jwks 1m;
# The "auto_ssl" shared dict should be defined with enough storage space to
# hold your certificate data. 1MB of storage holds certificates for
# approximately 100 separate domains.
lua_shared_dict auto_ssl 1m;
# The "auto_ssl_settings" shared dict is used to temporarily store various settings
# like the secret used by the hook server on port 8999. Do not change or
# omit it.
lua_shared_dict auto_ssl_settings 64k;
# lua_code_cache off;
# Initial setup tasks.
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
-- Define a function to determine which SNI domains to automatically handle
-- and register new certificates for. Defaults to not allowing any domains,
-- so this must be configured.
auto_ssl:set("allow_domain", function(domain, auto_ssl, ssl_options)
return ngx.re.match(domain, "^(redacted.redacted.com|redacted.redacted.com)$", "ijo")
end)
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
server{
listen 80 default_server;
server_name redacted.redacted.com;
# Endpoint used for performing domain verification with Let's Encrypt.
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
location / {
return 301 https://$host$request_uri;
}
}
server{
listen 80 ;
server_name redacted.redacted.com;
# Endpoint used for performing domain verification with Let's Encrypt.
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
location / {
return 301 https://$host$request_uri;
}
}
# Internal server running on port 8999 for handling certificate tasks.
server {
listen 127.0.0.1:8999;
# Increase the body buffer size, to ensure the internal POSTs can always
# parse the full POST contents into memory.
client_body_buffer_size 128k;
client_max_body_size 128k;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
server{
access_by_lua_file "conf/access.lua";
#searched for hours for the next session: apparently the iphone switches user agent when going to native video player, causing a session check failure and thus redirect to auth0. Fixed by disable the check on user agent
set $session_check_ua off;
listen 443 ssl default_server;
server_name redacted.redacted.com;
ssl_dhparam /home/redacted/ssl/dhparameters/dhparams.pem;
# Dynamic handler for issuing or returning certs for SNI domains.
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
# You must still define a static ssl_certificate file for nginx to start.
ssl_certificate /etc/letsencrypt/live/redacted.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com-0002/privkey.pem;
location ~ (/app/kibana|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch|/dlls|/built_assets) {
proxy_pass http://localhost:5601;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded_Proto $scheme;
}
}
}
Configuration and NGINX server log files
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:571: openidc_discover(): discovery data not in cache, making call to discovery endpoint
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:583: openidc_discover(): response data: {"issuer":"https://redactedname.eu.auth0.com/","authorization_endpoint":"https://redactedname.eu.auth0.com/authorize","token_endpoint":"https://redactedname.eu.auth0.com/oauth/token","userinfo_endpoint":"https://redactedname.eu.auth0.com/userinfo","mfa_challenge_endpoint":"https://redactedname.eu.auth0.com/mfa/challenge","jwks_uri":"https://redactedname.eu.auth0.com/.well-known/jwks.json","registration_endpoint":"https://redactedname.eu.auth0.com/oidc/register","revocation_endpoint":"https://redactedname.eu.auth0.com/oauth/revoke","scopes_supported":["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],"response_types_supported":["code","token","id_token","code token","code id_token","token id_token","code token id_token"],"code_challenge_methods_supported":["S256","plain"],"response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["HS256","RS256"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"claims_supported":["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],"request_uri_parameter_supported":false,"device_authorization_endpoint":"https://redactedname.eu.auth0.com/oauth/device/code"}
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:105: openidc_cache_set(): cache set: success=true err=nil forcible=false
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:00 [debug] 26237#26237: *28 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:1374: authenticate(): Redirect URI path (/redirect_uri) is currently navigated -> Processing authorization response coming from OP
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:1092: authenticate(): Authentication with OP done -> Calling OP Token Endpoint to obtain tokens
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:434: call_token_endpoint(): client_secret_basic: authorization header 'Basic dW9qZnUwc0hCZEhIUTV5SGRzbU5aVTY3Zk9qTWRhUGs6Vjcya1V2QnBWdmxIdVg0dS0tZDR5OXJoaWZHTGkwbnpYeWxpYm15OWU5S3NIUTlmZzFhQmQ4bmxZN192M2JScA=='
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:489: call_token_endpoint(): request body for token endpoint call: state=bb0210a51252b5746422b065a1174a68&grant_type=authorization_code&code=0X8WOr1nC8deUsV2&redirect_uri=https%3A%2F%2Fsubdomain.redactedname.com%2Fredirect_uri
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:506: call_token_endpoint(): token endpoint response: {"access_token":"LqUwkyLKMwCiJpGYIF_IykJuMmtPs89H","id_token":"redactedtoken"}
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:963: openidc_load_jwt_and_verify_crypto(): using discovery to find key
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:690: openidc_jwks(): openidc_jwks: URL is: https://redactedname.eu.auth0.com/.well-known/jwks.json (force=0) (decorator=nil
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:700: openidc_jwks(): cannot use cached JWKS data; making call to jwks endpoint
2019/08/03 15:46:09 [debug] 26237#26237: *28 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:712: openidc_jwks(): response data: {"keys":[{"alg":"RS256","kty":"RSA","use":"sig","x5c":["MIIDCzCCAfOgAwIBAgIJRKjt+hv4AbW+MA0GCSqGSIb3DQEBCwUAMCMxITAfBgNVBAMTGHBvcnRhc2VjdXJhLmV1LmF1dGgwLmNvbTAeFw0xNzA4MDUwODI3NDZaFw0zMTA0MTQwODI3NDZaMCMxITAfBgNVBAMTGHBvcnRhc2VjdXJhLmV1LmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVt6aDbcjsQZZpVuPuZF2okxsLk8feftKaI/nIauY7mPd7UldyKqF3XikjE9z5jp2MnrdtoeK7eM4t3DSSHX+5qVE2db+lTOaevVbkj430j/IDAFrQebU7+w2dLMzK8jpei0JEsLqHX8Blart/xNKdcKXbSNcFE6V9cBvZVWzHLxQV7R15XRLW8/ZWQ38udjIJ5CvoqmD7nwIraCWv50qDEWxgL4Qw6KxPrp2FVH7zLr9oiuofajlcolJ7eL8ZbwVMh+QT8vrkKNmcxN4TeDQuzoxrg8nCEgDSGoq3bvHd3vZJ1M13nDWfb07zoHEhAS95LD3LpMNs/kMQloTAkiIECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUeE36JlkwJxLjRrr6Ab6fqCGS+PUwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQBua/LO0JPorWLdXkurW/GASBaS6HFr2Pj+gTJjHIqfcj9AqDtkakx5aXy8KhEeUD41B8JGSQtpG0MOS3J0Sx5Nsm2o+wUxIqmXOo74FiR6d8cRlxXZ2m9guIwqUHbrvv1tNHhB2oThL66AREVaWKpYMdPv/kvJ+PqliAUMEYzWL5iQXX8uXLEhmCoJhLY621wIIyCl3IJCd2OFl8S6v3wA30yM9tYtpgXi59rBDoYyYoLKacLu4RoEjIgEwD6lG/HiaDrdLyGbSuy11rCPLq4wSK9WHAAb/JKKx6sBRWOUG2uHAD0XY3BGp9N2CJeZu1/8rJ7m6RFLUBjoVD/HIZPO"],"n":"1W3poNtyOxBlmlW4-5kXaiTGwuTx95-0poj-chq5juY93tSV3IqoXdeKSMT3PmOnYyet22h4rt4zi3cNJIdf7mpUTZ1v6VM5p69VuSPjfSP8gMAWtB5tTv7DZ0szMryOl6LQkSwuodfwGVqu3_E0p1wpdtI1wUTpX1wG9lVbMcvFBXtHXldEtbz9lZDfy52MgnkK-iqYPufAitoJa_nSoMRbGAvhDDorE-unYVUfvMuv2iK6h9qOVyiUnt4vxlvBUyH5BPy-uQo2ZzE3hN4NC7OjGuDycISANIairdu8d3e9knUzXecNZ9vTvOgcSEBL3ksPcukw2z-QxCWhMCSIgQ","e":"AQAB","kid":"OUVEMURFRkMwQzRCMjg3ODczQUEzRTFCMDZDMDVCQjc5MEJFOUQwMA","x5t":"OUVEMURFRkMwQzRCMjg3ODczQUEzRTFCMDZDMDVCQjc5MEJFOUQwMA"}]}
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:105: openidc_cache_set(): cache set: success=true err=nil forcible=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:817: openidc_pem_from_x5c(): Found x5c, getting PEM public key from x5c entry of json public key
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:822: openidc_pem_from_x5c(): Generated PEM key from x5c:-----BEGIN CERTIFICATE-----
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:105: openidc_cache_set(): cache set: success=true err=nil forcible=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:991: openidc_load_jwt_and_verify_crypto(): jwt: {"payload":{"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1034: openidc_load_and_validate_jwt_id_token(): id_token header: {"kid":"OUVEMURFRkMwQzRCMjg3ODczQUEzRTFCMDZDMDVCQjc5MEJFOUQwMA","alg":"RS256","typ":"JWT"}
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1035: openidc_load_and_validate_jwt_id_token(): id_token payload: {"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:522: call_userinfo_endpoint(): authorization header 'Bearer LqUwkyLKMwCiJpGYIF_IykJuMmtPs89H'
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:408: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:537: call_userinfo_endpoint(): userinfo response: {"sub":"auth0|59859c3a6422220d846de482","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1155: authenticate(): OIDC Authorization Code Flow completed -> Redirecting to original URL (/app/kibana)
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *77 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *77 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *77 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *77 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *78 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=true, session.data.id_token=true, session.data.authenticated=true, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1470: authenticate(): id_token={"updated_at":"2019-08-03T13:46:09.868Z","nickname":"nickname"
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26234#26234: *80 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26236#26236: *79 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26235#26235: *58 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1414: authenticate(): session.present=nil, session.data.id_token=false, session.data.authenticated=nil, opts.force_reauthorize=nil, opts.renew_access_token_on_expiry=nil, try_to_renew=true, token_expired=false
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:565: openidc_discover(): openidc_discover: URL is: https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:115: openidc_cache_get(): cache hit: type=discovery key=https://redactedname.eu.auth0.com/.well-known/openid-configuration
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:645: openidc_get_token_auth_method(): 1 => client_secret_basic
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:648: openidc_get_token_auth_method(): no configuration setting for option so select the first supported method specified by the OP: client_secret_basic
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:662: openidc_get_token_auth_method(): token_endpoint_auth_method result set to client_secret_basic
2019/08/03 15:46:10 [debug] 26237#26237: *28 [lua] openidc.lua:1449: authenticate(): Authentication is required - Redirecting to OP Authorization endpoint
The text was updated successfully, but these errors were encountered:
Environment
OIDC provider: Auth0
Expected behaviour
Web site authenticates the user and the session of the user is kept until the session expires
Actual behaviour
Web site re-authenticate the user for every single request (similar to #249).
The problem occurs with a Kibana installation for which nginx is the proxy.
Minimized example
Minimal, complete configuration that reproduces the behavior.
access.lua:
nginx.conf:
Configuration and NGINX server log files
The text was updated successfully, but these errors were encountered: