{ openresty_oidc_block = { realm, client_id, client_secret, redirect_uri }: '' access_by_lua_block { local opts = { redirect_uri_path = "/redirect_uri", accept_none_alg = true, discovery = "https://auth.giugl.io/realms/${realm}/.well-known/openid-configuration", client_id = "${client_id}", client_secret = "${client_secret}", logout_path = "/logout", redirect_after_logout_uri = "https://auth.giugl.io/realms/${realm}/protocol/openid-connect/logout?redirect_uri=${redirect_uri}", redirect_after_logout_with_id_token_hint = false, } -- call introspect for OAuth 2.0 Bearer Access Token validation local res, err = require("resty.openidc").authenticate(opts) if err then ngx.status = 403 ngx.say(err) ngx.exit(ngx.HTTP_FORBIDDEN) end } ''; }