nginx auth_request with cookie

Question

Probably a duplicate of this question but it doesn't have an answer, and I tried the suggestion there and was unable to make it work. I need to authorize a every request before proxying it, and I'm trying to do that via cookie, but the cookie value isn't set on any subsequent requests. Most places on the internet recommend something like the following

server {
  auth_request /auth;

  location /auth {
    internal;
    proxy_pass http://auth:8080/auth;
    auth_request_set $saved_set_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $saved_set_cookie;
  }
}

But that does not seem to be working. I've tried even using a custom header to see if I can see it, as mentioned in the question above, and it doesn't work.

server {
  auth_request /auth;

  location /auth {
    internal;
    proxy_pass http://auth:8080/auth;
    auth_request_set $saved_set_cookie $upstream_http_set_cookie;
    add_header X-COOKIE-TEST $saved_set_cookie;
  }
}

If I go to the auth server directly I do see the cookie is set

score 1 · Accepted Answer · answered Jun 16 '21 at 07:37

Found a working solution at https://github.com/nginxinc/NGINX-Demos/blob/331fd357e6e1813b5d41aed48880cf274d31dcee/oauth2-token-introspection-oss/frontend.conf#L29 and it's really simple (Nginx 1.18.0):

  location / {
    auth_request /authz;
    auth_request_set $new_cookie $sent_http_set_cookie; # use sent_http_*, not upstream_http_*
    add_header Set-Cookie $new_cookie;
    add_header X-Test $sent_http_set_cookie;            # it's even working directly
  }

nginx auth_request with cookie

1 Answers1