A library for NGINX implementing the OpenID Connect Relying Party (RP) and the OAuth 2.0 Resource Server (RS) functionality

$ luarocks install lua-resty-openidc

lua-resty-openidc is a library for NGINX implementing the OpenID Connect Relying Party (RP) and the OAuth 2.0 Resource Server (RS) functionality.

When used as an OpenID Connect Relying Party it authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i.e. the Authorization Code flow). When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0 Bearer Access Tokens against an Authorization Server or, in case a JSON Web Token is used for an Access Token, verification can happen against a pre-configured secret/key .

It maintains sessions for authenticated users by leveraging lua-resty-session thus offering a configurable choice between storing the session state in a client-side browser cookie or use in of the server-side storage mechanisms shared-memory|memcache|redis.

It supports server-wide caching of resolved Discovery documents and validated Access Tokens.

It can be used as a reverse proxy terminating OAuth/OpenID Connect in front of an origin server so that the origin server/services can be protected with the relevant standards without implementing those on the server itself.


1.7.6-3233 days ago161,791 downloads
1.7.6-2233 days ago(revision: 3)150 downloads
1.7.6-1237 days ago(revision: 2)8,595 downloads
1.7.5-11 year ago269,195 downloads
1.7.4-12 years ago290,478 downloads
1.7.3-13 years ago27,293 downloads
1.7.2-14 years ago414,846 downloads
1.7.1-14 years ago21,332 downloads
1.7.0-24 years ago9,390 downloads
1.6.1-15 years ago32,709 downloads
1.6.0-15 years ago230,342 downloads
1.5.4-15 years ago2,111 downloads
1.5.3-15 years ago9,653 downloads
1.5.2-15 years ago1,743 downloads
1.5.1-15 years ago541 downloads
1.5.0-15 years ago150 downloads
1.4.1-15 years ago1,098 downloads
1.4.0-16 years ago8,733 downloads
1.3.2-16 years ago1,832 downloads
1.3.1-16 years ago1,570 downloads
1.3.0-26 years ago1,827 downloads
1.2.3-16 years ago2,713 downloads
1.2.1-17 years ago301 downloads
1.2.0-17 years ago202 downloads


lua >= 5.1
lua-resty-jwt >= 0.2.0
lua-resty-session >= 2.8, <= 3.10

Dependency for

amber-apigw, Apache APISIX, comvita-kong-oidc, fullscript-kong-oidc, kong-enhanced-oidc, kong-o2b-ticketing, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc-adfs, kong-oidc-auth, kong-oidc-by-prashanth, kong-oidc-forward-host, kong-oidc-google-groups, kong-oidc-ng, kong-oidc-test, kong-oidc-v2, kong-oidc-v3, kong-oidc-ws-rbac, kong-plugin-jwt-blacklist, kong-plugin-jwt-verifier, kong-plugin-oauth2-audience, kong-plugins-openidc, lua-resty-keycloak, lzq-kong-oidc, magic-apigw, nx-kong-oidc