If you are looking for Authentication Server or OAuth library then OpenID Conect implementations page is a good place to start. I chose Keycloak but also want to look on FreeIPA or https://ipsilon-project.org
For Apache web server everything is clear:
But I need something for Nginx .
https://github.com/tarachandverma/nginx-openidc written fully in C++ and this is interesting because you don’t need to enable Lua on Nginx (believe me, this can be harmful).
What is also interesting is tha module for only one purpose: to use reference tokens (opaque tokens)
https://github.com/curityio/nginx_phantom_token_module it’s written in C so no needs for additional deps.
Authentication Based on Subrequest Result
Actually Nginx already has something that can satisfy 80% of your needs:
But to use the sebrequest auth your auth server should support this or you need to setup another shim proxy:
and here is docker container which integrates it https://github.com/sinnerschrader/oauth-proxy-nginx
Or you can use this one which is written in Lua
Important article from Security researcher Egor Homakov who hacked several times GitHub and Facebook: