github.com/nginxinc/kubernetes-ingress@v1.12.5/internal/configs/oidc/oidc_common.conf

github.com/nginxinc/kubernetes-ingress@v1.12.5/internal/configs/oidc/oidc_common.conf (about)

     1  map $proto $oidc_cookie_flags {
     2      http  "Path=/; SameSite=lax;"; # For HTTP/plaintext testing
     3      https "Path=/; SameSite=lax; HttpOnly; Secure;"; # Production recommendation
     4  }
     5  
     6  map $http_x_forwarded_port $redirect_base {
     7      ""      $proto://$host:$server_port;
     8      default $proto://$host:$http_x_forwarded_port;
     9  }
    10  
    11  map $http_x_forwarded_proto $proto {
    12      ""      $scheme;
    13      default $http_x_forwarded_proto;
    14  }
    15  
    16  proxy_cache_path /var/cache/nginx/jwk levels=1 keys_zone=jwk:64k max_size=1m;
    17  keyval_zone zone=oidc_id_tokens:1M timeout=1h sync;
    18  keyval_zone zone=refresh_tokens:1M timeout=8h sync;
    19  
    20  keyval $cookie_auth_token $session_jwt zone=oidc_id_tokens;   # Exchange cookie for JWT
    21  keyval $cookie_auth_token $refresh_token zone=refresh_tokens; # Exchange cookie for refresh token
    22  keyval $request_id $new_session zone=oidc_id_tokens; # For initial session creation
    23  keyval $request_id $new_refresh zone=refresh_tokens; # ''
    24  
    25  auth_jwt_claim_set $jwt_audience aud; # In case aud is an array
    26  js_import oidc from oidc/openid_connect.js;