{ lib }: { openresty_oidc_block = { access_role ? "" }: '' access_by_lua_block { local opts = { discovery = "https://auth.giugl.io/realms/master/.well-known/openid-configuration", client_id = "nginx", client_secret = "9C6BYxPhTbrRS4DIwd3Smk7e11ABmnt8", logout_path = "/logout", redirect_after_logout_uri = "/", redirect_uri = "/redirect_uri", keepalive = "yes", accept_none_alg = true } -- call introspect for OAuth 2.0 Bearer Access Token validation local res, err = require("resty.openidc").authenticate(opts) if err then ngx.status = 403 ngx.say(err) ngx.exit(ngx.HTTP_FORBIDDEN) end ${lib.optionalString (access_role != "") '' if not check_role(res, "${access_role}") then ngx.status = 401 ngx.header.content_type = 'text/html'; ngx.say("You are not authorized to access this page. Please contact Er Pepotto.") ngx.exit(ngx.HTTP_UNAUTHORIZED) end ''} } ''; }