A library for NGINX implementing the OpenID Connect Relying Party (RP) and the OAuth 2.0 Resource Server (RS) functionality

$ luarocks install lua-resty-openidc

lua-resty-openidc is a library for NGINX implementing the OpenID Connect Relying Party (RP) and the OAuth 2.0 Resource Server (RS) functionality.

When used as an OpenID Connect Relying Party it authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i.e. the Authorization Code flow). When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0 Bearer Access Tokens against an Authorization Server or, in case a JSON Web Token is used for an Access Token, verification can happen against a pre-configured secret/key .

It maintains sessions for authenticated users by leveraging lua-resty-session thus offering a configurable choice between storing the session state in a client-side browser cookie or use in of the server-side storage mechanisms shared-memory|memcache|redis.

It supports server-wide caching of resolved Discovery documents and validated Access Tokens.

It can be used as a reverse proxy terminating OAuth/OpenID Connect in front of an origin server so that the origin server/services can be protected with the relevant standards without implementing those on the server itself.


1.7.5-1186 days ago54,687 downloads
1.7.4-11 year ago137,446 downloads
1.7.3-11 year ago26,819 downloads
1.7.2-12 years ago345,498 downloads
1.7.1-13 years ago19,849 downloads
1.7.0-23 years ago8,764 downloads
1.6.1-13 years ago25,885 downloads
1.6.0-14 years ago169,115 downloads
1.5.4-14 years ago2,081 downloads
1.5.3-14 years ago9,630 downloads
1.5.2-14 years ago1,723 downloads
1.5.1-14 years ago520 downloads
1.5.0-14 years ago115 downloads
1.4.1-14 years ago1,077 downloads
1.4.0-14 years ago8,657 downloads
1.3.2-15 years ago1,811 downloads
1.3.1-15 years ago1,550 downloads
1.3.0-25 years ago1,805 downloads
1.2.3-15 years ago2,400 downloads
1.2.1-15 years ago268 downloads
1.2.0-15 years ago137 downloads


lua >= 5.1
lua-resty-jwt >= 0.2.0

Dependency for

Apache APISIX, comvita-kong-oidc, fullscript-kong-oidc, kong-enhanced-oidc, kong-o2b-ticketing, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc, kong-oidc-adfs, kong-oidc-auth, kong-oidc-by-prashanth, kong-oidc-forward-host, kong-oidc-google-groups, kong-oidc-ng, kong-oidc-test, kong-oidc-v2, kong-oidc-ws-rbac, kong-plugin-jwt-blacklist, kong-plugin-jwt-verifier, kong-plugin-oauth2-audience, lua-resty-keycloak, lzq-kong-oidc, magic-apigw, nx-kong-oidc