This configuration enables NGINX to validate an authentication token against an authorization server by using OAuth 2.0 Token Introspection (RFC 7662). This solution uses the auth_request module and the NGINX JavaScript module to require authentication and perform the token introspection request.
By default, the client's authentication token is expected as a bearer token supplied in the Authorization header. If supplied elsewhere in the HTTP request, the $access_token variable must be configured to specify where to obtain the token.
Token introspection requests are authenticated. By default, the $oauth_client_id and $oauth_client_secret variables are used to perform HTTP Basic authentication with the Authorization Server. If only the $oauth_client_secret variable is specified then that value is used