Configuring nginx with an API Gateway & authentication service

Question

I'm currently implementing some logic in my nginx configuration so I can handle authentication and token verification. My logic here is:

First case scenario:

1. User tries to access the /login or /register pages.
2. Nginx should redirect these calls directly to the auth service.
3. Auth creates a token and sends it back to the user.
4. End.

Second case scenario:

1. User tries to access the /someservice/somepage page with a token.
2. Nginx should redirect this call to the API Gateway.
3. API Gateway verifies if the user is trying to access a secured resource, if it is, verify the token and send back a 2xx response.
4. Nginx gets a 2xx response & redirects the user to the real /someservice
5. Someservice generates the response and sends it back to the user.
6. End.

First of all, does this logic seems alright to you? should I be considering other options authentication options? And most importantly, how do I implement this logic using nginx?

My nginx configuration looks like this:

http {
  upstream gateway {
    server ...;
  }
  upstream auth {
    server ...;
  }
  upstream someservice {
    server ...;
  }
  server {
    location ^~ /api {
      proxy_pass http://gateway;
      # redirect ???
    }
    location /auth {
      proxy_pass http://auth;
    }
    location /someservice {
      proxy_pass http://someservice;
    }
  }
}

Thanks!

Answer 1

So finally I kept my original configurations with some small tweaks like the great auth_request nginx directive, and I group functionality by level of protection, if the user tries to access a secured resource, then nginx will validate first the request via another service.