nixos/hosts/architect/openid.nix

{
  openresty_oidc_block = { realm, client_id, client_secret, redirect_uri }: ''
    access_by_lua_block {
      local opts = {
        redirect_uri_path = "/redirect_uri",
        accept_none_alg = true,
        discovery = "https://auth.giugl.io/realms/${realm}/.well-known/openid-configuration",
        client_id = "${client_id}",
        client_secret = "${client_secret}",
        logout_path = "/logout",
        redirect_after_logout_uri = "https://auth.giugl.io/realms/${realm}/protocol/openid-connect/logout?redirect_uri=${redirect_uri}",
        redirect_after_logout_with_id_token_hint = false,
    }

      -- call introspect for OAuth 2.0 Bearer Access Token validation
      local res, err = require("resty.openidc").authenticate(opts)

      if err then
        ngx.status = 403
        ngx.say(err)
        ngx.exit(ngx.HTTP_FORBIDDEN)
      end
    }
  '';
}
radarr: Use openid.nix template 2022-10-28 13:43:55 +01:00			`{`
			`openresty_oidc_block = { realm, client_id, client_secret, redirect_uri }: ''`
			`access_by_lua_block {`
			`local opts = {`
			`redirect_uri_path = "/redirect_uri",`
			`accept_none_alg = true,`
			`discovery = "https://auth.giugl.io/realms/${realm}/.well-known/openid-configuration",`
			`client_id = "${client_id}",`
			`client_secret = "${client_secret}",`
			`logout_path = "/logout",`
			`redirect_after_logout_uri = "https://auth.giugl.io/realms/${realm}/protocol/openid-connect/logout?redirect_uri=${redirect_uri}",`
			`redirect_after_logout_with_id_token_hint = false,`
			`}`

			`-- call introspect for OAuth 2.0 Bearer Access Token validation`
			`local res, err = require("resty.openidc").authenticate(opts)`

			`if err then`
			`ngx.status = 403`
			`ngx.say(err)`
			`ngx.exit(ngx.HTTP_FORBIDDEN)`
			`end`
			`}`
			`'';`
			`}`