@@ -25,6 +25,7 @@ typedef struct {
2525 ngx_flag_t auth_jwt_redirect ;
2626 ngx_str_t auth_jwt_validation_type ;
2727 ngx_str_t auth_jwt_algorithm ;
28+ ngx_flag_t auth_jwt_validate_email ;
2829
2930} ngx_http_auth_jwt_loc_conf_t ;
3031
@@ -78,6 +79,13 @@ static ngx_command_t ngx_http_auth_jwt_commands[] = {
7879 offsetof(ngx_http_auth_jwt_loc_conf_t , auth_jwt_algorithm ),
7980 NULL },
8081
82+ { ngx_string ("auth_jwt_validate_email" ),
83+ NGX_HTTP_MAIN_CONF |NGX_HTTP_SRV_CONF |NGX_HTTP_LOC_CONF |NGX_CONF_FLAG ,
84+ ngx_conf_set_flag_slot ,
85+ NGX_HTTP_LOC_CONF_OFFSET ,
86+ offsetof(ngx_http_auth_jwt_loc_conf_t , auth_jwt_validate_email ),
87+ NULL },
88+
8189 ngx_null_command
8290};
8391
@@ -152,7 +160,6 @@ static ngx_int_t ngx_http_auth_jwt_handler(ngx_http_request_t *r)
152160 auth_jwt_algorithm = jwtcf -> auth_jwt_algorithm ;
153161 if (auth_jwt_algorithm .len == 0 || (auth_jwt_algorithm .len == sizeof ("HS256" ) - 1 && ngx_strncmp (auth_jwt_algorithm .data , "HS256" , sizeof ("HS256" ) - 1 )== 0 ))
154162 {
155- ngx_log_error (NGX_LOG_INFO , r -> connection -> log , 0 , "got to 0" );
156163 keylen = jwtcf -> auth_jwt_key .len / 2 ;
157164 keyBinary = ngx_palloc (r -> pool , keylen );
158165 if (0 != hex_to_binary ((char * )jwtcf -> auth_jwt_key .data , keyBinary , jwtcf -> auth_jwt_key .len ))
@@ -163,17 +170,14 @@ static ngx_int_t ngx_http_auth_jwt_handler(ngx_http_request_t *r)
163170 }
164171 else if ( auth_jwt_algorithm .len == sizeof ("RS256" ) - 1 && ngx_strncmp (auth_jwt_algorithm .data , "RS256" , sizeof ("RS256" ) - 1 ) == 0 )
165172 {
166- // in this case, 'Binary' is a misnomer, as it is the private key string itself
167- ngx_log_error (NGX_LOG_INFO , r -> connection -> log , 0 , "got to 1" );
173+ // in this case, 'Binary' is a misnomer, as it is the public key string itself
168174 keyBinary = ngx_palloc (r -> pool , jwtcf -> auth_jwt_key .len );
169175 ngx_memcpy (keyBinary , jwtcf -> auth_jwt_key .data , jwtcf -> auth_jwt_key .len );
170176 keylen = jwtcf -> auth_jwt_key .len ;
171177 }
172178
173179 // validate the jwt
174- ngx_log_error (NGX_LOG_INFO , r -> connection -> log , 0 , "trying to decode JWT" );
175180 jwtParseReturnCode = jwt_decode (& jwt , jwtCookieValChrPtr , keyBinary , keylen );
176-
177181 if (jwtParseReturnCode != 0 )
178182 {
179183 ngx_log_error (NGX_LOG_ERR , r -> connection -> log , 0 , "failed to parse jwt" );
@@ -209,15 +213,18 @@ static ngx_int_t ngx_http_auth_jwt_handler(ngx_http_request_t *r)
209213 set_custom_header_in_headers_out (r , & useridHeaderName , & sub_t );
210214 }
211215
212- email = jwt_get_grant (jwt , "emailAddress" );
213- if (email == NULL )
214- {
215- ngx_log_error (NGX_LOG_ERR , r -> connection -> log , 0 , "the jwt does not contain an email address" );
216- }
217- else
216+ if (jwtcf -> auth_jwt_validate_email == NULL || !jwtcf -> auth_jwt_validate_email )
218217 {
219- email_t = ngx_char_ptr_to_str_t (r -> pool , (char * )email );
220- set_custom_header_in_headers_out (r , & emailHeaderName , & email_t );
218+ email = jwt_get_grant (jwt , "emailAddress" );
219+ if (email == NULL )
220+ {
221+ ngx_log_error (NGX_LOG_ERR , r -> connection -> log , 0 , "the jwt does not contain an email address" );
222+ }
223+ else
224+ {
225+ email_t = ngx_char_ptr_to_str_t (r -> pool , (char * )email );
226+ set_custom_header_in_headers_out (r , & emailHeaderName , & email_t );
227+ }
221228 }
222229
223230 return NGX_OK ;
0 commit comments