auth_jwt_enabled
The `auth_jwt_enabled` directive enables JWT authentication checks for NGINX locations.
Description
The auth_jwt_enabled directive is utilized within the context of http, server, or location blocks in NGINX configurations to enable or disable JWT (JSON Web Token) authentication. When set to 'on', this directive activates the JWT validation process for incoming requests to the specified context. This validation will check if a valid JWT is present in the request, and if configured, it will also extract claims from the JWT and populate them into the NGINX environment variables, allowing further processing or access control based on these claims.
The directive takes a single argument, which can be 'on' or 'off'. Setting it to 'on' means that the JWT authentication will be processed, whereas 'off' disables this feature, essentially allowing any access without JWT checking. The expected behavior upon a failed validation is determined by the auth_jwt_redirect directive. If JWT validation fails and auth_jwt_redirect is set to 'on', users will be redirected to the login URL specified by auth_jwt_loginurl. This functionality is particularly useful for API and web applications that require secure access control based on token-based authentication.
Config Example
location /protected {
auth_jwt_enabled on;
auth_jwt_loginurl /login;
auth_jwt_key /path/to/key;
}Ensure that if auth_jwt_enabled is set to 'on', the corresponding keys and login URL are also correctly configured to avoid authentication failures.
Confusing the location of the JWT can lead to failed authentication — make sure auth_jwt_location points to the correct header or cookie holding the JWT.