I would like Nginx to call an External OAuth server to validate a bearer token and additionally extract the client_id from the OAuth validation response. I need the client_id to apply rate limiting.
However, I have not been able to find a native way in Nginx to simply extract an attribute from a response body. I was hoping to do something simple like regexing a variable such as $response_body.
I did see a couple of alternative options, such as installing a Luo module or a Javascript module.
Is there any way to do this natively in Nginx or do I have to use a custom option?
The response body from the OAuth server would look something like:
{
"active": true,
"client_id": "abc123"
}
I've gotten this far:
location / {
set $bearer_token "";
if ($http_authorization ~* "^Bearer\s(.+)$") {
set $bearer_token $1;
}
auth_request /oauth_validate;
proxy_pass https://my-server;
# I would like to extract the "active" and "client_id" values from the response body here
# And then approve/disprove and apply rate limiting on the client_id
}
location /oauth_validate {
internal;
proxy_method POST;
proxy_pass_request_headers off;
proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_set_body "token=$bearer_token&client_credentials&client_id=foo&client_secret=bar";
proxy_pass https://external-oauth.com/oauth2/default/v1/introspect;
}
