This tutorial demonstrates how to use the nginx-openid-connect module to add authentication and authorization to your NGINX server. We recommend that you log in to follow this quickstart with examples configured for your account.
1

System requirements

This tutorial and seed project have been tested with the following:
  • NGINX Plus R24
2

Install and enable nginx-plus-module-njs module

First, you need to install the nginx-plus-module-njs module for NGINX Plus.Follow the dynamic module installation guide to install packages in your host OS.For Linux distributions that use yum package manager, you can install the module like so:
sudo yum install nginx-plus-module-njs jq
Once you’ve installed it, you need to enable it for NGINX by adding the following line near the top of your /etc/nginx/nginx.conf file:
load_module modules/ngx_http_js_module.so;
3

Checkout nginx-openid-connect template repository

Clone the nginx-openid-connect repository. This repository comes with a template configuration.
git clone https://github.com/nginxinc/nginx-openid-connect
4

Configure NGINX with your Auth0 application details

Run the configure.sh script inside the nginx-openid-connect folder to populate the template configuration for your Auth0 application:
./configure.sh --auth_jwt_key request \
--client_id mz9iNEIo2PHu7oeh8QRt19ndTyyCIgai \
--pkce_enable \
https://dev-gja8kxz4ndtex3rq.us.auth0.com/.well-known/openid-configuration
Next, add your tenant’s logout URL to your openid_connect_configuration.conf file.
5

Configure Accept-Encoding header for token and JWKS endpoints

Add the Accept-Encoding header and set the value to gzip in your openid_connect.server_conf file.
6

Copy OpenID Connect configuration files

Copy your four configuration files to the conf.d folder.
sudo cp openid_connect.js \ 
frontend.conf \
openid_connect_configuration.conf \
openid_connect.server_conf /etc/nginx/conf.d
7

Configure Auth0 application settings

In the Auth0 Dashboard:
  1. Go to Applications > Applications, and then select your application from the list.
  2. Switch to the Settings view.
  3. In the Application URIs section, add https://dev-gja8kxz4ndtex3rq.us.auth0.com/_codexch to Allowed Callback URLs.
  4. Switch to the Credentials view.
In the Application Authentication section, set Authentication Method to None.
8

Pass headers to upstream application

Add additional headers from the ID token (JWT) to the upstream target in your /etc/nginx/conf.d/frontend.conf file.

Next Steps

Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application.This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out:
  • Auth0 Dashboard - Learn how to configure and manage your Auth0 tenant and applications
  • Auth0 Marketplace - Discover integrations you can enable to extend Auth0’s functionality