a0f093651f
security/lua-resty-hmac HMAC functions for OpenResty / ngx_lua security/lua-resty-jwt JWT for OpenResty / ngx_lua security/lua-resty-openidc OpenID Connect and/or OAuth 2.0 functionality for OpenResty / ngx_lua security/lua-resty-openssl FFI-based OpenSSL binding for OpenResty / ngx_lua www/lua-resty-session Lua session library for OpenResty / ngx_lua
24 lines
1.1 KiB
Plaintext
24 lines
1.1 KiB
Plaintext
OpenID Connect Relying Party (RP) and/or the OAuth 2.0 Resource
|
|
Server (RS) functionality for OpenResty / ngx_lua
|
|
|
|
When used as an OpenID Connect Relying Party it authenticates users
|
|
against an OpenID Connect Provider using OpenID Connect Discovery
|
|
and the Basic Client Profile (i.e. the Authorization Code flow).
|
|
When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0
|
|
Bearer Access Tokens against an Authorization Server or, in case a
|
|
JSON Web Token is used for an Access Token, verification can happen
|
|
against a pre-configured secret/key .
|
|
|
|
It maintains sessions for authenticated users by leveraging
|
|
lua-resty-session thus offering a configurable choice between storing
|
|
the session state in a client-side browser cookie or use in of the
|
|
server-side storage mechanisms shared-memory|memcache|redis.
|
|
|
|
It supports server-wide caching of resolved Discovery documents and
|
|
validated Access Tokens.
|
|
|
|
It can be used as a reverse proxy terminating OAuth/OpenID Connect
|
|
in front of an origin server so that the origin server/services can
|
|
be protected with the relevant standards without implementing those
|
|
on the server itself.
|