This tutorial and seed project have been tested with the following:

• NGINX Plus R24

First, you need to install the nginx-plus-module-njs module for NGINX Plus.

Follow the dynamic module installation guide to install packages in your host OS.

For Linux distributions that use yum package manager, you can install the module like so:

sudo yum install nginx-plus-module-njs jq

Once you've installed it, you need to enable it for NGINX by adding the following line near the top of your /etc/nginx/nginx.conf file:

load_module modules/ngx_http_js_module.so;

Clone the nginx-openid-connect repository. This repository comes with a template configuration.

git clone https://github.com/nginxinc/nginx-openid-connect

Run the configure.sh script inside the nginx-openid-connect folder to populate the template configuration for your Auth0 application:

./configure.sh --auth_jwt_key request \
--client_id {yourClientId} \
--pkce_enable \
https://{yourDomain}/.well-known/openid-configuration

Next, add your tenant’s logout URL to your openid_connect_configuration.conf file.

Add the Accept-Encoding header and set the value to gzip in your openid_connect.server_conf file.

Copy your four configuration files to the conf.d folder.

sudo cp openid_connect.js \ 
frontend.conf \
openid_connect_configuration.conf \
openid_connect.server_conf /etc/nginx/conf.d

In the Auth0 Dashboard:

1. Go to Applications > Applications, and then select your application from the list.

2. Switch to the Settings view.

3. In the Application URIs section, add https://{yourDomain}/_codexch to Allowed Callback URLs.

4. Switch to the Credentials view.

In the Application Authentication section, set Authentication Method to None.

Add additional headers from the ID token (JWT) to the upstream target in your /etc/nginx/conf.d/frontend.conf file.