Support a /validate for use with ngx_http_auth_request_module

[pecigonzalo]

It would be great to have a /something endpoint that could be used with NGINX https://nginx.org/en/docs/http/ngx_http_auth_request_module.html.

If you can give me some pointers, im happy to do the PR

[smancke]

Hi @pecigonzalo, yes would make perfect sense.
You should make the resource at /login/validate and it should return the token content as JSON, if the Accept-Header for JSON is present. The implementation should share the code with https://github.com/tarent/loginsrv/blob/14651bba903922fccb34776ef16aaf632c2fd878/login/handler.go#L151-L160

Please do not forget the tests and documentation in the README :)

[pecigonzalo]

@smancke I was going through the code, and we might not even need the path.
EG: NGINX

server {
    listen 80;


    location /authz/ {
        internal;
        proxy_pass http://auth:8080/;

        proxy_set_header Accept "application/json";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme  $scheme;

    }

    location /login {
        proxy_pass http://auth:8080;

        proxy_set_header X-Real-IP               $remote_addr;
        proxy_set_header X-Scheme                $scheme;
        proxy_set_header X-Auth-Request-Redirect $request_uri;
    }

    location / {
        auth_request /authz/login;
        error_page 401 = /login;
        error_page 403 = /login;

        root   /usr/share/nginx/html;
    }
}

Seems to work for the most part, except for the fact that

• I believe /login should return 401 not 403
• Im setting /login json as a separate locaiton, to avoid the client then doing POST /login and getting JWT return.
• We might make it cleaner by just doing an @this location, but then we can put the path, or we have to use a rewrite.