Skip to content

lgrosz/mod_authn_jwt

BranchesTags

Repository files navigation

mod_authn_jwt

A JWT authentication module for Lighttpd.

This module provides a scheme handler in accordance with RFC 6750 and a backend in accordance with RFC 7519.

Requirements

Build

The build is performed by patching the source into and building lighttpd. All build systems supported by lighttpd are supported by this module.

Begin by patching the source

$ cp mod_authn_jwt/mod_authn_file.c lighttpd/src
$ cp mod_authn_jwt/*.patch lighttpd
$ cd lighttpd
$ patch -p1 <CMakeLists.txt.patch
$ patch -p1 <meson.patch
$ patch -p1 <autoconf.patch

Then configure and build with your preferred build system

Autoconf

$ cd lighttpd
$ ./autogen.sh
$ ./configure --with-jwt
$ make
$ make check

CMake

$ cmake -B build -S lighttpd -DWITH_JWT=ON
$ ctest --test-dir build

Meson

$ meson setup -Dwith_jwt=enabled build lighttpd
$ ninja -C build
$ meson test -C build

Docker

A builder and tester target in the root directory Dockerfile for quick-enough iteration without needing to setup a whole development environment.

$ docker build path/to/repo --target=builder
$ docker build path/to/repo --target=tester

Usage

Load into lighttpd with the a code snippet like

server.modules += ( "mod_auth", "mod_authn_file", "mod_authn_jwt" )

auth.backend = "jwt"
auth.backend.jwt.opts = (
    "algorithm" => "RS256", # Algorithm which the token is signed
    "keyfile" => "/etc/ssl/jwk.json", # The public key of the issuer
    "exp-leeway" => "300", # leeway in seconds for exp claim evaluation
    "nbf-leeway" => "300", # leeway in seconds for nbf claim evaluation
    "audience" => "https://my-client.com", # aud claim is checked against this
    "issuer" => "https://my-issuer.com", # iss claim is checked against this
    "subject" => "user123", # sub claim is checked against this
)

auth.require = (
  "" => (
    "method" => "bearer",
    "realm" => "A realm",
    "require" => "valid-user"
  )
)

Tests

Simply run test.sh from the integration-test directory, it will build and run everything itself.

$ cd path/to/repo/integration-test
path/to/repo/integration-test$ ./test.sh

Individual tests can be ran and inspected like...

path/to/repo/integration-test$ docker compose create --build
path/to/repo/integration-test$ docker compose start client
path/to/repo/integration-test$ docker compose exec client pytest test_jwt.py::test_invalidjwt
path/to/repo/integration-test$ docker compose logs server
path/to/repo/integration-test$ docker compose down --volumes

About

A JWT authentication module for Lighttpd.

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages