auth_hash_algorithm

Description

The auth_hash_algorithm directive in NGINX allows administrators to specify the hashing algorithm to be used when generating secure links for authentication. This algorithm is crucial for creating a secure token that combines a provided message, a secret key, and optional timestamp information. It leverages cryptographic functions defined by OpenSSL, supporting a variety of algorithms including SHA-256, SHA-512, MD5, and many more.

To use the auth_hash_algorithm directive, it must be defined within the context of http, server, or location. The directive expects a single argument which specifies the name of the algorithm as a string. When the server processes an incoming request that includes a secure link, it will utilize the specified algorithm to validate the hash against the expected value derived from the associated message and secret key. This behavior significantly enhances the security of links that have time-sensitive data, preventing unauthorized access to resources based on invalid tokens.

Each algorithm offered in the module utilizes a different method to transform the input data into a secure token. The choice of algorithm can depend on security requirements or performance considerations; for instance, more complex algorithms may provide higher security at the cost of increased computational overhead. The flexibility of selecting an algorithm allows NGINX configurations to adapt to the unique needs of various applications in different environments.

location /protected { auth_hash on; auth_hash_secret "your_secret_key"; auth_hash_message "$uri|$arg_timestamp|$auth_hash_secret"; auth_hash_algorithm sha256; auth_hash_check_time $arg_timestamp; auth_hash_check_token $arg_token; }

Description

Config Example

Related Directives