auth_jwt_location
The auth_jwt_location directive specifies the location of the JSON Web Token (JWT) within the HTTP request.
Description
The auth_jwt_location directive is used to define where the JWT can be found in incoming requests for authentication purposes. This directive plays a critical role in the JWT processing flow by informing the NGINX server where to look for the token that must be validated before allowing access to the route. It accepts a single argument that dictates the location from which to retrieve the JWT, typically in the headers, query parameters, or in the URL path. For example, you could specify it as "Authorization" to indicate that the JWT is expected to be found in the Authorization header, or use query parameters like "?token=" to extract the token from the URL.
Config Example
location /protected {
auth_jwt_enabled on;
auth_jwt_location "Authorization";
auth_jwt_key "your_secret_key";
auth_jwt_loginurl /login;
}Ensure the specified location matches where the JWT is placed in requests to prevent authorization failures.
Case sensitivity in directive names can lead to configuration errors; use the correct casing based on documentation.