nginx - NGINX - lua-resty-openidc - 无法访问 POST api url
问题描述
使用配置了 lua-resty-openidc 的 Openresty NGINX。
api.conf
location /api/postsomething {
limit_except POST {
deny all;
}
error_page 403 = @405; # Convert response from '403 (Forbidden)' to '405 (Method Not Allowed)'
set $upstream api_dev;
rewrite ^ /_apipost last;
}
location = /_apipost {
internal;
set $api_name "someapi";
access_by_lua_file /etc/nginx/oauth_authenticate.lua;
proxy_pass https://$upstream$request_uri;
}
oauth_authenticate.lua
local opts = {
redirect_uri="https://<ipd>/oauth_callback",
discovery="https://<idp.ip>/.well-known/openid-configuration",
client_id="client_id_test",
client_secret="",
scope="openid",
ssl_verify="no"
}
local res, err =require("resty.openidc").authenticate(opts)
if err then
ngx.status = 500
ngx.say(err)
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
end
local jwt = require "resty.jwt"
local jwt_obj = jwt:load_jwt(res.access_token)
-- Parse the access token that was used above and print it to the logs
local cjson = require "cjson"
ngx.log(ngx.DEBUG, "Here is the access token:\n " .. cjson.encode(jwt_obj.payload))
-- set headers with user info: this will overwrite any existing headers
-- but also scrub(!) them in case no value is provided in the token
ngx.req.set_header("X-USER", res.id_token.sub)
现在在邮递员中调用我的后端 API 会得到下面的 url,
POST > https://nginx_ip/api/postsomething
结果:
<!-- template name: form.autopost.template.html -->
<html>
<head>
<title>Submit Form</title>
</head>
<body onload="javascript:document.forms[0].submit()">
<noscript>
<p>
<strong>Note:</strong> Since your browser does not support JavaScript, you must press the Resume button once
to proceed.
</p>
</noscript>
<form method="post" action="https://<idp_ip>/idp/SSO.saml2">
<input type="hidden" name="SAMLRequest" value="ddfdfdfdf3Q+"/>
<input type="hidden" name="RelayState" value="fdfergerger"/>
<noscript><input type="submit" value="Resume"/></noscript>
</form>
</body>
</html>
我如何使用真正受 OIDC 模块 lua 保护的 API(POST 调用)。如果我在浏览器中发出相同的请求,它会要求我进行用户身份验证,而浏览器结果是这样的,
405 (Method Not Allowed)
同样,如果我创建一个带有表单 POST 的 HTML 到https://nginx_ip/api/postsomething那么结果是 405。为什么?请帮忙 。
解决方案
推荐阅读
- python - BigQuery - AES_DECRYPT GCM - 无法使用长度为 32 的密钥解密密文
- mysql - 从 MySQL 脚本中查询 Teradata 表
- c# - 如何将不同目录中的文件连接成一个字符串数组
- c# - Why ActualWidth and ActualHeight of an Image returns 0 after Loaded event?
- javascript - 控制台给了我 TypeError .. 不是功能消息
- python-3.x - OSError:无法将文件“name.data”解释为泡菜
- mysql - 在 shell 脚本内反勾以执行 MySQL 查询
- java - 一个存储库中的多个项目 GitHub
- c# - 如何通过 join 和 group by 在 C# Linq 中获取 Min?
- c - 两个数相加