auth_jwt_redirect
The `auth_jwt_redirect` directive enables redirection to a specified login URL if JWT authentication fails.
Description
The auth_jwt_redirect directive is part of the NGINX Auth-JWT module, which ensures that requests to specific locations are authenticated using JSON Web Tokens (JWTs). When this directive is enabled (set to 'on'), and a request comes in with a JWT that is either missing or invalid, the user will be redirected to the URL specified in the auth_jwt_loginurl directive. This is particularly useful for applications requiring user authentication where unauthenticated users should be sent to a login page instead of receiving an error response. This mechanism simplifies the process of handling unauthorized access by automatically guiding users to the appropriate interface for authentication.
This directive can be configured within the http, server, or location contexts, making it flexible to implement at various levels of the application’s architecture. It takes a simple flag argument, where if it's set to 'on', the redirection behavior is activated. As part of setting up JWT authentication in a web application, this directive works in conjunction with other directives related to JWT handling, such as auth_jwt_enabled, auth_jwt_key, and auth_jwt_loginurl, providing a comprehensive approach to managing secured routes.
Config Example
location /protected {
auth_jwt_enabled on;
auth_jwt_key /path/to/key;
auth_jwt_loginurl /login;
auth_jwt_redirect on;
}Ensure that auth_jwt_loginurl is correctly configured, as this URL determines where users will be redirected after a failed authentication.
If redirection is enabled but no login URL is specified, it may lead to unexpected behavior or a blank error page.
Remember that this directive only facilitates redirection on authentication failure; proper JWT validation must still be set up using other directives.