A library for NGINX implementing the OpenID Connect Relying Party (RP) and the OAuth 2.0 Resource Server (RS) functionality

$ luarocks install lua-resty-openidc

lua-resty-openidc is a library for NGINX implementing the OpenID Connect Relying Party (RP) and the OAuth 2.0 Resource Server (RS) functionality.

When used as an OpenID Connect Relying Party it authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i.e. the Authorization Code flow). When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0 Bearer Access Tokens against an Authorization Server or, in case a JSON Web Token is used for an Access Token, verification can happen against a pre-configured secret/key .

It maintains sessions for authenticated users by leveraging lua-resty-session thus offering a configurable choice between storing the session state in a client-side browser cookie or use in of the server-side storage mechanisms shared-memory|memcache|redis.

It supports server-wide caching of resolved Discovery documents and validated Access Tokens.

It can be used as a reverse proxy terminating OAuth/OpenID Connect in front of an origin server so that the origin server/services can be protected with the relevant standards without implementing those on the server itself.


1.7.6-31 year ago393,428 downloads
1.7.6-21 year ago(revision: 3)162 downloads
1.7.6-11 year ago(revision: 2)9,060 downloads
1.7.5-12 years ago303,675 downloads
1.7.4-13 years ago445,446 downloads
1.7.3-13 years ago27,367 downloads
1.7.2-15 years ago453,370 downloads
1.7.1-15 years ago21,479 downloads
1.7.0-25 years ago9,679 downloads
1.6.1-16 years ago36,260 downloads
1.6.0-16 years ago259,014 downloads
1.5.4-16 years ago2,122 downloads
1.5.3-16 years ago9,660 downloads
1.5.2-16 years ago1,750 downloads
1.5.1-16 years ago548 downloads
1.5.0-16 years ago162 downloads
1.4.1-16 years ago1,893 downloads
1.4.0-16 years ago9,544 downloads
1.3.2-17 years ago1,839 downloads
1.3.1-17 years ago1,577 downloads
1.3.0-27 years ago1,837 downloads
1.2.3-17 years ago2,827 downloads
1.2.1-17 years ago308 downloads
1.2.0-18 years ago218 downloads


lua >= 5.1
lua-resty-jwt >= 0.2.0
lua-resty-session >= 2.8, <= 3.10

Dependency for

amber-apigw, apisix, Apache APISIX, comvita-kong-oidc, fullscript-kong-oidc, kong-enhanced-oidc, kong-o2b-ticketing, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc-adfs, kong-oidc-auth, kong-oidc-by-prashanth, kong-oidc-forward-host, kong-oidc-google-groups, kong-oidc-ng, kong-oidc-test, kong-oidc-v2, kong-oidc-v3, kong-oidc-ws-rbac, kong-plugin-jwt-blacklist, kong-plugin-jwt-verifier, kong-plugin-oauth2-audience, kong-plugins-openidc, lua-resty-keycloak, lzq-kong-oidc, magic-apigw, nx-kong-oidc