auth_request
The auth_request directive is used to implement subrequest-based authentication by specifying a location that will be checked before granting access to the resource. — NGINX HTTP Core
Описание
The `auth_request` directive allows NGINX to handle authentication through a subrequest to a specified location. This location is intended to process authentication requests, and if the subrequest returns a 2xx status code, access to the original request is granted. If the response is anything other than a 2xx status, access is denied and the original request is not processed. This directive can be used in various contexts, including `http`, `server`, and `location`, allowing for flexible integration within different server configurations. The argument expects a single location name or path that NGINX will use for performing the authentication check. Typically, this would be a designated endpoint that handles the logic of checking user credentials or access conditions for the request being evaluated. When using `auth_request`, it's essential to ensure that the subrequest location is properly configured to return the correct status code based on the authentication result. The subrequest can also carry along the original request's headers if required, allowing for more complex authentication checks that consider client information.
Пример конфига
location /protected {
auth_request /auth;
}
location = /auth {
internal;
# Authentication logic here
if ($http_authorization = "Bearer valid_token") {
return 200;
}
return 401;
}Make sure the subrequest location is configured to handle `internal` requests only; otherwise, it can be accessed directly by clients.
Be aware of cascading subrequest failures if nested locations are misconfigured, leading to unexpected access denial.
The response from the subrequest must return suitable HTTP status codes (200 for success, other codes for denial) to be processed correctly.