Search code examples
nginxspring-websocketstompsockjs

NGINX - Validate oauth2 token

First, this is the technology I'm using to establish websocket connection:

  • Sock JS for frontend, with STOMP protocol
  • NGINX as web proxy
  • Spring as socket server with STOMP protocol

I have an NGINX instance provisioned that will proxy web socket request, so far this NGINX config is working fine minus the token validation.

location /wsapp/ {
    proxy_pass http://wsbackend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host; }

Want to validate and terminate token in NGINX but don't seem to find a way to intercept the token which is part of stomp header. Is there a workaround for this?

Solution

  • For the benefit of everyone who will encounter the same problem, i managed to solve the issue by not relying on the stomp message exchange for token validation.

    Instead, token validation happens when establishing websocket connection and token is passed via query string.

    let socket = new SockJS('https://example.net/wsapp?myjwt=' + token);
stompClient = Stomp.over(socket);

    And NGINX will do the validation using the auth_jwt directive:

    auth_jwt "JWT Test Realm" token=$arg_myjwt;

    Reference: NGINX JWT authentication