Suggestions needed to validate oauth tokens
squared_away at mail.com
Thu Nov 10 21:30:58 UTC 2022
What I am trying to achieve: Serve downloadable content from one host behind Nginx based on the condition the user has a valid token. Basically I would like to serve the files only when the token is validated.
I'm using Nginx not Nginx+.
User -> auth request (send user:pass:grant_type etc. to API) to fetch a token from server A.
User -> send the token acquired from interaction with server A to server B for authentication to get authorization to download files from server B.
Server B running Nginx: Validate the token and if it's good allow the user to download the files.
Server A is running keycloak. The goal is to have any and all services use keycloak as the central authentication and authorization point.
Is there a way to have Nginx pass that token to Keycloak for validation before allowing access to those files.
Thanks in advance.
More information about the nginx