Editor – Because of enhancements to the NGINX OpenID Connect reference implementation for NGINX Plus R22, the procedure that was described in this blog does not work for authentication using OpenID Connect with NGINX Plus R22 and later. For an alternative approach, see Tom’s Ansible role which helps generate configurations that work with NGINX Ingress Controller and NGINX Plus R22 and later.
In NGINX Ingress Controller 1.10.0 and later, a supported alternative is the OIDC policy resource. For more information, see Easy and Robust Single Sign-On with OpenID Connect and NGINX Ingress Controller on our blog.