scope of nginx auth_request_set
andriykrefer opened this issue · comments
Andriy Krefer commented
Hi,
This is a question about the nginx example config.
Not sure if it any conflicting configuration on my side (very possible).
Config from example:
# send all requests to the `/validate` endpoint for authorization
auth_request /validate;
location = /validate {
...
# these return values are used by the @error401 call
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
}
# if validate returns `401 not authorized` then forward the request to the error401block
error_page 401 = @error401;
location @error401 {
# redirect to Vouch Proxy for login
# ************ $auth_resp_jwt and others are empty **************
return 302 https://vouch.yourdomain.com:9090/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
}
But the variables created with "auth_request_set" directive are not available at the redirected page.
I was only able to get its values, changing its scopes, like:
auth_request /validate;
# ****** PUT HERE **************
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
location = /validate {
...
}
Any clue why did this happen?
I´m also not sure if my change may cause other problems
Benjamin Foote commented
I'm not sure I'm following this correctly.
Could you please clarify the scope of the variables with a more complete example, possibly in a gist?
Which nginx version are you running?