Hi, I'm trying to integrate nginx with a proprietary authentication scheme and I need a bit of help!

The auth scheme is this: traffic is allowed through nginx if there exists a cookie containing a valid HMAC. If not, nginx is to redirect to an auth server (same domain) which will prompt the user for credentials. Upon successful login the auth server will emit a valid HMAC and then redirect the user back to nginx which will then validate and do its thing.

The HMAC validation is proprietary and there exists a C lib to perform the task. I figured writing an nginx module that will exeucte during the access phase would do the trick. Trouble is, I can't figure out how to do the redirect to the auth server in the case the HMAC is missing or invalid. Try as I might, I just can't get nginx to do a temporary redirect in the access phase (i can do this just fine in the content phase!).

What's the preferred approach for doing this? Can it be done all in the module, or do I need a combination of module + error_page redirection?

-Tom