Hi, thanks for your reply Valentin. I have checked auth_request module, in fact the module I'm writing started as modifications to auth_request module.
To clarify, I'm not trying to do one-off setup for my server using the Stormpath API. The idea is to provide a module so any Stormpath's user can easily integrate the two. Specifically, the reasons why auth_request wasn't enough: * It requires another location on the local server to be provided (that location can be proxied using http_proxy_module, but still has to be added) to which it'll make the requests. I wanted to avoid forcing the users to need to add another location block and proxy_pass directives to the external API (felt like a hack). * It requires specific semantics regarding the response (200, 401, 403 are interpreted as usual, everything else is server error). Stormpath's API has different semantics so it wouldn't work anyways. * You can't do more than one auth request per client request. In some cases, I need two - first to authenticate the client, then to check if the user is in a specific group (and to be able to do this, I need to parse the response body). So it looks like auth_request module would be ideal if the users provide a small authorization web service that does whichever auth logic is needed, and then responds according to auth_request semantics. If I just wanted to implement the integration for my (one) specific use-case, I'd likely do that. But the motivation for the module is to avoid forcing users to do these one-off auth services, and instead just compile in and use a module that provides this. Best, Senko On Wed, Jun 17, 2015 at 5:29 PM, Valentin V. Bartenev <[email protected]> wrote: > On Wednesday 17 June 2015 11:25:33 Senko Rasic wrote: >> Hi, >> >> I'm writing a new module (out-of-tree) for supporting authentication >> using Stormpath's user management API (https://stormpath.com/). >> >> Basically, the module makes one or more HTTP requests to the >> Stormpath API to determine if the client request should be authorized >> to access a location or not. >> > [..] > > Have you checked the auth_request module? > > See: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html > > wbr, Valentin V. Bartenev > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx -- Senko Rasic <senko at senko dot net> _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
