NGINX Modern Apps > Class 3 - NGINX Dataplane Scripting Source | Edit on
Generating JWT token [http/authorization/gen_hs_jwt]¶
This example will construct a JSON Web Token (JWT) from scratch including generating the digital signature.
Step 1: Use the following commands to start your NGINX container with this lab’s files: Notice the JWT_GEN_KEY environment variable
EXAMPLE='http/authorization/gen_hs_jwt'
docker run --rm --name njs_example -e JWT_GEN_KEY="foo" -v $(pwd)/conf/$EXAMPLE.conf:/etc/nginx/nginx.conf:ro -v $(pwd)/njs/:/etc/nginx/njs/:ro -p 80:80 -d nginx
Step 2: Now let’s use curl to test our NGINX server:
curl 'http://localhost/jwt'
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImV4cCI6MTU4NDcyMjk2MH0.eyJpc3MiOiJuZ2lueCIsInN1YiI6ImFsaWNlIiwiZm9vIjoxMjMsImJhciI6InFxIiwienl4IjpmYWxzZX0.GxfKkJSWI4oq5sGBg4aKRAcFeKmiA6v4TR43HbcP2X8
docker stop njs_example
Code Snippets¶
This config uses js_set to invoke the jwt function in our njs code. The generated JWT is returned in the response body.
nginx.conf¶
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | env JWT_GEN_KEY;
...
http {
js_path "/etc/nginx/njs/";
js_import utils.js;
js_import main from http/authorization/gen_hs_jwt.js;
js_set $jwt main.jwt;
server {
...
location /jwt {
return 200 $jwt;
}
}
}
|
The njs code creates a claims object and then builds the JWT by combining the header, claims, and a digital signature.
gen_hs_jwt.js¶
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | function generate_hs256_jwt(claims, key, valid) {
var header = { typ: "JWT", alg: "HS256" };
var claims = Object.assign(claims, {exp: Math.floor(Date.now()/1000) + valid});
var s = [header, claims].map(JSON.stringify)
.map(v=>v.toString('base64url'))
.join('.');
var h = require('crypto').createHmac('sha256', key);
return s + '.' + h.update(s).digest().toString('base64url');
}
function jwt(r) {
var claims = {
iss: "nginx",
sub: "alice",
foo: 123,
bar: "qq",
zyx: false
};
return generate_hs256_jwt(claims, process.env.JWT_GEN_KEY, 600);
}
export default {jwt}
|