but if you’re looking for a cookie, you can check for that in the redirect and send to auth if it’s not present
the cookie redirect could be:
/* /:splat 200! Cookie=your_cookie
login could call a serverless function to set the cookie
In that case you could move the whole static site to a specific directory that is protected via a _redirects definition ? Access is only granted to a specific role. docs.netlify.com/visitor-access… Roles can be set via Identity
I'm still a little confused about Netlify Identity, but it seems like it requires that I manage users in Netlify, which isn't what I want.
Also wow the pricing 😮 $99/month/user in order to be able to use third party JWT tokens?
Azure static web apps has auth proxy built in and is pretty lightweight, $9 to byo oidc. Or an az function proxy and use easyauth/write a couple of methods to handle the redirect and code redemption. That's free under 1m executions
Ideally I'd have something like a Netlify function run on every incoming request to check the presence of a cookie, validate it, and based on the result, either send an HTTP redirect to start an OIDC flow, or return the static file requested.
Those and github.com/vouch/vouch-pr… are on my list, but require that I run an nginx/Apache server somewhere, and ideally I'd be able to deploy this on something that doesn't require a full VM. That's my backup plan tho.
so it might look something like, static asset in google Cloud Storage, sitting behind Identity Aware Proxy - we have a bunch of these sitting around. Higher traffic loads might require idk like some sort of cloud cdn and billing tiers tho idk
Google, Azure, AWS all have the concept of the identity aware proxy, which is something that inspects the jwt/token and denies access if it's not valid. I've used GCP's, and it's pretty well featured, but the other providers should be reasonable as well (it's a common feature)