nginx-proxy-manager-zh/backend/templates/_openid_connect.conf

{% if openidc_enabled -%}
    access_by_lua_block {
	    local openidc = require("resty.openidc")
        local opts = {
            redirect_uri = "{{- openidc_redirect_uri -}}",
            discovery = "{{- openidc_discovery -}}",
            token_endpoint_auth_method = "{{- openidc_auth_method -}}",
            client_id = "{{- openidc_client_id -}}",
            client_secret = "{{- openidc_client_secret -}}",
            scope = "openid email profile"
        }

        local res, err = openidc.authenticate(opts)

        if err then
            ngx.status = 500
            ngx.say(err)
            ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
        end


        ngx.req.set_header("X-OIDC-SUB", res.id_token.sub)
        ngx.req.set_header("X-OIDC-EMAIL", res.id_token.email)
        ngx.req.set_header("X-OIDC-NAME", res.id_token.name)
    }
{% endif %}
Use OpenResty instead of plain nginx to support OpenID Connect authorization. 2020-05-25 12:45:47 -04:00			`{% if openidc_enabled -%}`
			`access_by_lua_block {`
			`local openidc = require("resty.openidc")`
			`local opts = {`
			`redirect_uri = "{{- openidc_redirect_uri -}}",`
			`discovery = "{{- openidc_discovery -}}",`
			`token_endpoint_auth_method = "{{- openidc_auth_method -}}",`
			`client_id = "{{- openidc_client_id -}}",`
			`client_secret = "{{- openidc_client_secret -}}",`
			`scope = "openid email profile"`
			`}`

			`local res, err = openidc.authenticate(opts)`

			`if err then`
			`ngx.status = 500`
			`ngx.say(err)`
			`ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)`
			`end`


			`ngx.req.set_header("X-OIDC-SUB", res.id_token.sub)`
			`ngx.req.set_header("X-OIDC-EMAIL", res.id_token.email)`
			`ngx.req.set_header("X-OIDC-NAME", res.id_token.name)`
			`}`
			`{% endif %}`