1

We are using nginx server for reverse proxying with openresty openid lua installed.... This means that every request has an Authorization header containing JWT token - access id and refresh token.

Now, what we need to do is decode the access token because I need the sub from the JWT token and log it on nginx server.

Is there a way to decode and log JWT? I looked into the openidc.lua file and I can see that it decodes the id token but I can't see where I can decode the access token.

Any help would be greatly appreciated.

Prasoon Karunan V
  • 2,916
  • 2
  • 12
  • 26

2 Answers2

3

This done the trick for me 

local jwt = require "resty.jwt"
local jwt_obj = jwt:load_jwt(res.access_token)
local cjson = require "cjson"
ngx.log(ngx.DEBUG, "res.access_token.sub=", cjson.encode(jwt_obj))
0

A JWT token (or better said a JWS, a signed token) just consists of two Base64Url encoded JSON structures and a signature.

To see how it works, you an check your token on https://jwt.io

On that site you'll also find links to JWT frameworks for different languages, also for Lua. But to read the contents of a JWT/JWS you just need a Base64Url decoder and a JSON derserializer.

jps
  • 20,041
  • 15
  • 75
  • 79
  • Would you have any examples that I could go off? –  Mar 30 '18 at 18:37
  • I'm not working with Lua, so I would have to google that myself.But on the Github page for [lua-resty-jwt](https://github.com/SkyLothar/lua-resty-jwt) are some examples. – jps Mar 30 '18 at 18:45