richbai90
richbai90

Reputation: 5204

nginx auth_request with cookie

Probably a duplicate of this question but it doesn't have an answer, and I tried the suggestion there and was unable to make it work. I need to authorize a every request before proxying it, and I'm trying to do that via cookie, but the cookie value isn't set on any subsequent requests. Most places on the internet recommend something like the following

server {
  auth_request /auth;

  location /auth {
    internal;
    proxy_pass http://auth:8080/auth;
    auth_request_set $saved_set_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $saved_set_cookie;
  }
}

But that does not seem to be working. I've tried even using a custom header to see if I can see it, as mentioned in the question above, and it doesn't work.

server {
  auth_request /auth;

  location /auth {
    internal;
    proxy_pass http://auth:8080/auth;
    auth_request_set $saved_set_cookie $upstream_http_set_cookie;
    add_header X-COOKIE-TEST $saved_set_cookie;
  }
}

If I go to the auth server directly I do see the cookie is set

enter image description here

Upvotes: 1

Views: 5034

Answers (1)

user3775041
user3775041

Reputation: 332

Found a working solution at https://github.com/nginxinc/NGINX-Demos/blob/331fd357e6e1813b5d41aed48880cf274d31dcee/oauth2-token-introspection-oss/frontend.conf#L29 and it's really simple (Nginx 1.18.0):

  location / {
    auth_request /authz;
    auth_request_set $new_cookie $sent_http_set_cookie; # use sent_http_*, not upstream_http_*
    add_header Set-Cookie $new_cookie;
    add_header X-Test $sent_http_set_cookie;            # it's even working directly
  }

Upvotes: 2

Related Questions