{
  openresty_oidc_block = { realm, client_id, client_secret, redirect_uri }: ''
    access_by_lua_block {
      local opts = {
        redirect_uri_path = "/redirect_uri",
        accept_none_alg = true,
        discovery = "https://auth.giugl.io/realms/${realm}/.well-known/openid-configuration",
        client_id = "${client_id}",
        client_secret = "${client_secret}",
        logout_path = "/logout",
        redirect_after_logout_uri = "https://auth.giugl.io/realms/${realm}/protocol/openid-connect/logout?redirect_uri=${redirect_uri}",
        redirect_after_logout_with_id_token_hint = false,
    }

      -- call introspect for OAuth 2.0 Bearer Access Token validation
      local res, err = require("resty.openidc").authenticate(opts)

      if err then
        ngx.status = 403
        ngx.say(err)
        ngx.exit(ngx.HTTP_FORBIDDEN)
      end
    }
  '';
}