diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab1_implicit_flow_gcp/README.md" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab1_implicit_flow_gcp/README.md" index adbdaea2facd5fd008fa03fd9dcd21efb09fe369..a9c69dca32a630eaf502e3872ed2d7256c919cf2 100644 --- "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab1_implicit_flow_gcp/README.md" +++ "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab1_implicit_flow_gcp/README.md" @@ -1,4 +1,4 @@ -# Lab环境介绍 +# Lab环境介绍说明 本次演示的是利用Nginx Plus实现OAUTH2.0 Implicit Flow流程的认证授权。具体细节: diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/README.md" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/README.md" new file mode 100644 index 0000000000000000000000000000000000000000..d0fda21d9843cc78a909537ed4bb3931c8221c6b --- /dev/null +++ "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/README.md" @@ -0,0 +1,260 @@ +# Lab环境介绍 + + +本次演示使用F5 APM作为授权服务器,完成在APM上注册一个应用。NGINX PLUS会作为client和APM交互获取ID Token。 +F5 APM可以作为Oauth2.0的所有角色,本次只作为AS提供Token的颁发。 + +## UDF环境介绍 + +![输入图片说明](snapshot/labtopology.png) + +1. NGINX作为client,会在用户访问资源时,重定向用户浏览器访问APM。 +2. APM会对用户进行认证,本次demo,用户认证信息存放在APM本地数据库,实际生产一般会挂AD、LDAP等。 +3. 通过认证后,APM会把code发给用户端,用户浏览器会携带Code给NGINX。 +4. NGINX会利用code,从APM请求ID Token和Access Token。 + + + +### 如何登录APM 授权服务器 + +![输入图片说明](snapshot/APM.png) + + > 登录 : `admin/admin` + +### 如何登录win10 enduser + +![输入图片说明](snapshot/win10.png) + + > 登录:`Administrator/cw8bBYvk` + +### 如何登录client(nginx plus) + +![输入图片说明](snapshot/nginxLogin.png) + **直接会以root身份登录** + + +--- + +# 实验步骤 + +## F5 APM 配置 + +APM可以作为OAUTH2.0的各种身份,本次lab会把APM作为认证服务器 + +### 增加一个新的scope 和 claim + +**1. 增加新的scope : profile** + +![输入图片说明](snapshot/addScopeProfile.png) + +![输入图片说明](snapshot/addScopeProfile2.png) + +**2. 增加新的claim,nginxworkshop : name = nginx** + +![输入图片说明](snapshot/addClaim1.png) + +![输入图片说明](snapshot/addClaim2.png) + + +- **Scope**是OAUTH2.0对授权委派范围进行的约束,一般应用系统可以针对scope来提供对应的资源。在OIDC中,scope可以是一组逻辑的claim +- **Claim**在OIDC中是ID Token中携带的用户身份信息 + + +### 在APM上注册一个新的应用 + +**1.APM上已经有一个应用,我们可以注册一个新的应用,名字叫做Nginxworkshop** + +![输入图片说明](snapshot/addNewApp.png) + +- **Name & Application Name :** 填写Nginxworkshop,这是注册的应用名字 +- **website logo url:** https://raw.githubusercontent.com/xtomrfx/Hello-World/master/nginxpic.png + 是APM对用户认证时候弹出的应用logo,本demo是上传的一个NGINX图标 +- **Grant Type:** Authorization Code 使用code flow +- **Redirect URI :** https://www.anxintest.com:443/_codexch ,重定向URI是NGINX配置的对应回调URL +- **support openid connect :** 开启enable,开启OIDC认证 +- **Authentication Type:** 选择Secret, 使用key方式交互 +- **Scope:** 选择刚建立的profile + + +**2.注册的应用需要挂到OAUTH Profile中** + +![输入图片说明](snapshot/OAUTH%20Profile.png) +![输入图片说明](snapshot/OAUTHProfile2.png) +- **JWT Primary KEY & ID Token Primary KEY :** 选择预先配置好的JWT KEY **nginxapp** +- **JWT ID Token userif的claim :** 把新加的 **nginxworkshop** 加入对应的claims +- **Authorization Server Endpoints:** 是OAUTH2.0 交互API的端点,可以自定义,这些都死要在Client端配置的(NGINX上) + + + +### 配置Policy 并挂在到对应的VS上 + +**1. 编辑已经配置好的认证策略** +![输入图片说明](snapshot/accessPolicy.png) + +**2. 预设的策略里,点击OAUTH AUthorization,可以添加ID token携带的信息** +![输入图片说明](snapshot/Apply%20Access%20Pollcy.png) + +**3. 可以增加ID TOKEN携带的audiance等信息** +![输入图片说明](snapshot/audiance.png) + +![输入图片说明](snapshot/idtokeninfor.png) + +![输入图片说明](snapshot/Add%20new%20ertry.png) + +**4. 配置客户端和APM认证的用户信息,本lab已经预设好** + +![输入图片说明](snapshot/local.png) + +预设的账号是 f5admin/admin + +**5. 把配置好的策略挂在到对应vs下** + +local traffic > virtual servers > virtual server list + +![输入图片说明](snapshot/vs.png) + +![输入图片说明](snapshot/Pollcy.png) + +**以上就完成了APM作为Authorization Server的配置,可以查看对应的Client ID和Secret** + +![输入图片说明](snapshot/finalcheck.png) + + + +## 配置 NGINX PLUS + +### 修改 openid_connect_configuration.conf 为对应的APM的API端点 + +本次demo的API端点已经都配置好了,需要修改的是注册好的clientid和secret,查看方式之前已经提过。 + +**1. 查看client id 和 secret的地方:** + +![输入图片说明](snapshot/finalcheck.png) + +**2. 修改openid_connect_configuration.conf 对应的参数** + +```bash +vim /etc/nginx/conf.d/openid_connect_configuration.conf +``` +![输入图片说明](snapshot/changevalues.png) +以上红框部门填写APM上对于的client id 和 secret,其他都已经配置好,不用修改。 + +**3. 从APM下载key,用于验证JWS对应的签名,只有签名正确,才能通过认证,进行访问** +```bash +wget --no-check-certificate https://10.1.10.254/f5-oauth2/v1/jwks -O apm1.key +``` + +可以查看frontend.conf 中对于jws认证的配置 +```bash +vim /etc/nginx/conf.d/frontend.conf +``` +![输入图片说明](snapshot/jwtkeyconfig.png) + +**4.加载配置** + +```bash +nginx -s reload +``` + +## 访问网站 + +**1. 通过RDP访问UDF中的win10** + +**2. 打开浏览器,输入 https://www.anxintest.com** + +**3. 通过APM认证, f5admin/admin** + +![输入图片说明](snapshot/loginAS.png) + +**4. 同意授权访问,可以看到确认访问的scope** +![输入图片说明](snapshot/Authorization%20request.png) + +**5. 访问成功!** +![输入图片说明](snapshot/Deme%20App.png) + + +# NGINX PLUS OAUTH2.0 配置说明 + +### NGINX Plus配置文件说明 + +先说明一下NGINX PLUS目录里重要的配置文件有哪些: +> `frontend.conf` : 提供了访问的前端入口,请求通过fronted.conf开始触发一些利的oauth2.0的验证流程 +> `openid_connect_configuration.conf` : 一些key values的映射,方便调用。配置ldp相关参数的文件。 +> `openid_connect.js` : JavaScript代码主要是完成整个Authorization code流程的逻辑,驱动各种subrequest 和 请求处理。(正常不需要修改) +> `openid_connect.server_conf`: nginx plus处理oauth2.0流程的主要配置 +> 1. 正常不需要修改配置 +> 2. resovler按需改成使用的dns服务器 +> 3. 按需使用自动申请jwt key的auth_jwt_key_request,也可以手动下载后本地加载 + +### frontend.conf 部分配置说明 + +```nginx + listen 88; # Use SSL/TLS in production + + location / { + # This site is protected with OpenID Connect + auth_jwt "" token=$cookie_auth_token; + error_page 401 = @do_oidc_flow; + + auth_jwt_key_file /etc/nginx/conf.d/okta.key; # Enable when using filename + #auth_jwt_key_request /_jwks_uri; # Enable when using URL + + # Successfully authenticated users are proxied to the backend, + # with 'sub' claim passed as HTTP header + proxy_set_header username $jwt_claim_sub; + proxy_pass http://my_backend; # The backend site/app + + access_log /var/log/nginx/access.log main_jwt; + } +``` +`auth_jwt` 指令要求如果需要访问`http://my_backend` , 需要通过jwt的验证。 jwt从`token=$cookie_auth_token`可知,会从http cookie获取,cookie的名字为auth_token + +`auth_jwt_key_request` 和 `auth_jwt_key_file` 两个指令都是获取用于验证jwt的key,前者通过请求api自动获得,或者手动下载到本地后指定路径使用。 + + +### openid_connect_configuration.conf 部分配置说明 +```nginx +map $host $oidc_authz_endpoint { + default "对应ldp的authz的enpoint地址"; + #www.example.com "https://my-idp/oauth2/v1/authorize"; +} + +map $host $oidc_token_endpoint { + default "对应ldp的token endpoint地址"; +} +``` +这里对各种OAUTH2.0 交互需要的API endpoint和client id、Secret做了一个变量的映射,方便直接修改对应的参数即可。 + + +### openid_connect.server_conf 部分配置说明 +```nginx + location @do_oidc_flow { + status_zone "OIDC start"; + js_content oidc.auth; + default_type text/plain; # In case we throw an error + } + + set $redir_location "/_codexch"; + location = /_codexch { + # This location is called by the IdP after successful authentication + status_zone "OIDC code exchange"; + js_content oidc.codeExchange; + error_page 500 502 504 @oidc_error; + } + + location = /_token { + # This location is called by oidcCodeExchange(). We use the proxy_ directives + # to construct the OpenID Connect token request, as per: + # http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest + log_subrequest on; + internal; + proxy_ssl_server_name on; # For SNI to the IdP + proxy_set_header Content-Type "application/x-www-form-urlencoded"; + proxy_set_body "grant_type=authorization_code&client_id=$oidc_client&$args&redirect_uri=$redirect_base$redir_location"; + proxy_method POST; + proxy_pass $oidc_token_endpoint; + access_log /var/log/nginx/token.access.log main_jwt2; + } +``` +通过定义不同的内部location,来构造请求,访问对应的endpoint。(按照RFC6749定义的flow) +触发访问location的是openid_connect.js 中JavaScript定义的各种subrequest diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/APM.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/APM.png" new file mode 100644 index 0000000000000000000000000000000000000000..de551767ecce81b5c77942487945428cc1a02f7e Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/APM.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Add new ertry.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Add new ertry.png" new file mode 100644 index 0000000000000000000000000000000000000000..0c9d14d19823d8e6e05b4cc20661e9a6130af1d0 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Add new ertry.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Apply Access Pollcy.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Apply Access Pollcy.png" new file mode 100644 index 0000000000000000000000000000000000000000..0ae8bf38bfaac31e6dcd4a84664383486d77a4f0 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Apply Access Pollcy.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Authorization request.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Authorization request.png" new file mode 100644 index 0000000000000000000000000000000000000000..cd9e34871fac804447ad15a9ccd2ba01c46f282c Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Authorization request.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Deme App.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Deme App.png" new file mode 100644 index 0000000000000000000000000000000000000000..28c2bc2ab9b86a0bf1387c79f6e5fae55d643e65 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Deme App.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/OAUTH Profile.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/OAUTH Profile.png" new file mode 100644 index 0000000000000000000000000000000000000000..36a160a99d72571b4602c2106d030e9643fd708e Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/OAUTH Profile.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/OAUTHProfile2.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/OAUTHProfile2.png" new file mode 100644 index 0000000000000000000000000000000000000000..07a52c06320ed467dec42eb95db0c8fb54c63c9b Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/OAUTHProfile2.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Pollcy.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Pollcy.png" new file mode 100644 index 0000000000000000000000000000000000000000..979a12154e118571c57d21b8cd6748a10dd53588 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/Pollcy.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/accessPolicy.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/accessPolicy.png" new file mode 100644 index 0000000000000000000000000000000000000000..6c975839bef64da75b48067753e862c77d953668 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/accessPolicy.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addClaim1.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addClaim1.png" new file mode 100644 index 0000000000000000000000000000000000000000..efba3e3a494696dd46ae07c30947c88753e69cd7 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addClaim1.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addClaim2.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addClaim2.png" new file mode 100644 index 0000000000000000000000000000000000000000..258d4f561b20de9c6c71f6531bcc12af068344d5 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addClaim2.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addNewApp.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addNewApp.png" new file mode 100644 index 0000000000000000000000000000000000000000..9f003a285f6f1134ba56549cb83cc4097a426ca4 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addNewApp.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addScopeProfile.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addScopeProfile.png" new file mode 100644 index 0000000000000000000000000000000000000000..8dea9a16bbf0ec17f48cf7caa902a2a6642abc05 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addScopeProfile.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addScopeProfile2.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addScopeProfile2.png" new file mode 100644 index 0000000000000000000000000000000000000000..473f217cb27761b8500508d9cb24ca599a11f8a6 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/addScopeProfile2.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/audiance.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/audiance.png" new file mode 100644 index 0000000000000000000000000000000000000000..be0a20c559e07a3ea1a9f8204af1b3a5afca250c Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/audiance.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/changevalues.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/changevalues.png" new file mode 100644 index 0000000000000000000000000000000000000000..57a765c48cd203e46eb1a924c36bbc6d7e63b82d Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/changevalues.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/check all.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/check all.png" new file mode 100644 index 0000000000000000000000000000000000000000..ef1ced13ec7b4d7bb944a9044f9394f2ef1c1f64 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/check all.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/finalcheck.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/finalcheck.png" new file mode 100644 index 0000000000000000000000000000000000000000..a5a6db3d679aa063a50b09c8c2d97ec4bf5efc40 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/finalcheck.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/idtokeninfor.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/idtokeninfor.png" new file mode 100644 index 0000000000000000000000000000000000000000..261cc75f1cbdb27ffd334a78d86bcddbbe8e256e Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/idtokeninfor.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/jwtkeyconfig.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/jwtkeyconfig.png" new file mode 100644 index 0000000000000000000000000000000000000000..934daa98845fb68b38d87419c2f8daf8a2f3edfb Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/jwtkeyconfig.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/labtopology.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/labtopology.png" new file mode 100644 index 0000000000000000000000000000000000000000..13fc98e3ba882f5c828e696caf0b5cacaa83affa Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/labtopology.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/local.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/local.png" new file mode 100644 index 0000000000000000000000000000000000000000..19cbb4c08b042660c4a2e6a32cdff37e32dcc0cd Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/local.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/loginAS.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/loginAS.png" new file mode 100644 index 0000000000000000000000000000000000000000..0de937429a102a31d954e12e39b58e0e08686617 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/loginAS.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/nginxLogin.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/nginxLogin.png" new file mode 100644 index 0000000000000000000000000000000000000000..e6cec656075f899393b4b73ffbfe3f2921afbe43 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/nginxLogin.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/vs.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/vs.png" new file mode 100644 index 0000000000000000000000000000000000000000..0903f4379bcf8d1c3b0b0bc7168655541599a854 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/vs.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/win10.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/win10.png" new file mode 100644 index 0000000000000000000000000000000000000000..763be968a3c7e0c2831bc96d49d5338d94d1bad8 Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/win10.png" differ diff --git "a/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/\346\210\252\345\233\276lab\346\213\223\346\211\221.png" "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/\346\210\252\345\233\276lab\346\213\223\346\211\221.png" new file mode 100644 index 0000000000000000000000000000000000000000..13fc98e3ba882f5c828e696caf0b5cacaa83affa Binary files /dev/null and "b/10 NGINX\350\256\244\350\257\201\346\216\210\346\235\203/lab4_APM_AS_NGINX_Client_oauth2.0/snapshot/\346\210\252\345\233\276lab\346\213\223\346\211\221.png" differ