Directive Reference

auth_jwt

The `auth_jwt` directive enables JWT validation for requests in NGINX.

NGINX JWT Module · httpserverlocation
Syntaxauth_jwt $variable | on | off;
Defaultoff
Contexthttp, server, location
Arguments1

Description

The auth_jwt directive is designed to facilitate the validation of JSON Web Tokens (JWT) within NGINX configurations. It allows administrators to specify how JWTs should be retrieved and validated—either via the default HTTP Authorization header, or through a custom variable such as a cookie. This is particularly useful for applications that utilize token-based authentication mechanisms for improving API security.

The directive accepts three arguments: on, off, or a variable (e.g. $cookie_MyCookieName). When set to on, the directive activates JWT validation using the previously defined key specified by the auth_jwt_key directive. If set to off, JWT validation is disabled. By using a variable as an argument, users can retrieve the JWT from alternative sources, accommodating various application designs and client implementations.

The directive works closely with other related directives such as auth_jwt_key to specify the secret or public key used for validating the JWT's signature. This validation process is critical for ensuring that the token's integrity and authenticity are maintained, thereby protecting the application from unauthorized access and potential security threats.

Config Example

http {
    server {
        auth_jwt_key "0123456789abcdef" hex;
        auth_jwt off;

        location /secured-by-auth-header/ {
            auth_jwt on;
        }

        location /secured-by-cookie/ {
            auth_jwt $cookie_MyCookieName;
        }
    }
}

Make sure the JWT secret or key is defined before using this directive.

Using the wrong encoding format for the key can lead to validation failures.

Do not forget to load the module in the main context of your configuration file.

Related Directives

auth_jwt_keyauth_jwt_algauth_jwt_require
← Back to all directives