auth_hash_check_token
The `auth_hash_check_token` directive is used to specify the token value for secure link hash authentication in NGINX.
Description
The auth_hash_check_token directive is part of the NGINX Secure Link Hash module, which enhances secure link functionality by enabling hash-based token verification for security. This directive is typically used in contexts such as http, server, and location blocks, and it accepts one or two arguments. The first argument is the token string to be checked, and the optional second parameter allows you to specify the format for the token, which can be hexadecimal (hex), base64, base64url, or binary (bin). If the format argument is omitted, the token is assumed to be in hexadecimal format by default.
This directive works in conjunction with other related directives such as auth_hash_message, auth_hash_secret, and auth_hash_algorithm, to provide full functionality for secure hash validation. The token is used to validate requests to ensure that they have not been tampered with. A successful validation yields a non-empty value for the special variable $auth_hash, while failure results in an empty value. This is crucial for maintaining security in environments where sensitive data is being accessed or manipulated.
Config Example
location ^~ /secure/ {
auth_hash on;
auth_hash_check_token $arg_st format=hex;
auth_hash_secret "my_secret_key";
auth_hash_message "$uri|$arg_ts|$auth_hash_secret";
auth_hash_algorithm sha256;
if ($auth_hash != "1") {
return 403;
}
}Ensure that the token format is correctly specified, as mismatches can lead to validation failures.
Be cautious with the use of a secret key; if it is exposed, the security of the hashes can be compromised.
Tokens must be generated using the same algorithm and secret that are used for validation to ensure consistency.