A library for NGINX implementing the OpenID Connect Relying Party (RP) and the OAuth 2.0 Resource Server (RS) functionality

$ luarocks install lua-resty-openidc

lua-resty-openidc is a library for NGINX implementing the OpenID Connect Relying Party (RP) and the OAuth 2.0 Resource Server (RS) functionality.

When used as an OpenID Connect Relying Party it authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i.e. the Authorization Code flow). When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0 Bearer Access Tokens against an Authorization Server or, in case a JSON Web Token is used for an Access Token, verification can happen against a pre-configured secret/key .

It maintains sessions for authenticated users by leveraging lua-resty-session thus offering a configurable choice between storing the session state in a client-side browser cookie or use in of the server-side storage mechanisms shared-memory|memcache|redis.

It supports server-wide caching of resolved Discovery documents and validated Access Tokens.

It can be used as a reverse proxy terminating OAuth/OpenID Connect in front of an origin server so that the origin server/services can be protected with the relevant standards without implementing those on the server itself.


1.7.6-3117 days ago94,914 downloads
1.7.6-2118 days ago(revision: 3)135 downloads
1.7.6-1121 days ago(revision: 2)7,924 downloads
1.7.5-11 year ago242,137 downloads
1.7.4-12 years ago227,356 downloads
1.7.3-12 years ago27,255 downloads
1.7.2-13 years ago404,836 downloads
1.7.1-14 years ago21,013 downloads
1.7.0-24 years ago9,345 downloads
1.6.1-14 years ago30,861 downloads
1.6.0-14 years ago224,897 downloads
1.5.4-15 years ago2,089 downloads
1.5.3-15 years ago9,639 downloads
1.5.2-15 years ago1,729 downloads
1.5.1-15 years ago526 downloads
1.5.0-15 years ago136 downloads
1.4.1-15 years ago1,084 downloads
1.4.0-15 years ago8,713 downloads
1.3.2-16 years ago1,818 downloads
1.3.1-16 years ago1,556 downloads
1.3.0-26 years ago1,813 downloads
1.2.3-16 years ago2,665 downloads
1.2.1-16 years ago273 downloads
1.2.0-16 years ago149 downloads


lua >= 5.1
lua-resty-jwt >= 0.2.0
lua-resty-session >= 2.8, <= 3.10

Dependency for

amber-apigw, Apache APISIX, comvita-kong-oidc, fullscript-kong-oidc, kong-enhanced-oidc, kong-o2b-ticketing, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc-adfs, kong-oidc-auth, kong-oidc-by-prashanth, kong-oidc-forward-host, kong-oidc-google-groups, kong-oidc-ng, kong-oidc-test, kong-oidc-v2, kong-oidc-v3, kong-oidc-ws-rbac, kong-plugin-jwt-blacklist, kong-plugin-jwt-verifier, kong-plugin-oauth2-audience, kong-plugins-openidc, lua-resty-keycloak, lzq-kong-oidc, magic-apigw, nx-kong-oidc