Hi all,
I was trying to build a simple example of an nginx server secured by an OIDC Provider, using lua-resty-openidc.
The initial redirection to the Authorization Server works fine, the user gets authenticated and all the tokens are retrieved (using the Authorization Code Flow https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowSteps).
After obtaining the tokens that identity is stored in a session using openresty.session (https://github.com/pingidentity/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L577-L584), then this session keys are verified when revisiting the same location `/admin` in my case (https://github.com/pingidentity/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L568-L571), but the recently stored session data is null resulting on an infinite loop.
I've added some logging and my session is empty (https://github.com/akvo/learning-sessions/blob/master/nginx-secured/nginx.conf#L51-L53)
The full log of the whole infinite redirection can be found: https://gist.github.com/iperdomo/3a0a6401000b07cddf9737e4ec8aadd0
And my nginx.conf can be found at: https://github.com/akvo/learning-sessions/blob/master/nginx-secured/nginx.conf
Any ideas why the openresty.session save is not working for me?
Thanks,