Aaron Parecki

66°F

John Patrick Dandison ☁☁☁ https://twitter.com/AzureAndChill • Jul 23
Azure static web apps has auth proxy built in and is pretty lightweight, $9 to byo oidc. Or an az function proxy and use easyauth/write a couple of methods to handle the redirect and code redemption. That's free under 1m executions

This is promising, thanks, I am going to check it out.

Portland, Oregon • 84°F

2 likes

Fri, Jul 23, 2021 4:05pm -07:00
Jo Wouters https://twitter.com/jowouters • Jul 23
In that case you could move the whole static site to a specific directory that is protected via a _redirects definition ? Access is only granted to a specific role. https://docs.netlify.com/visitor-access/role-based-access-control/ Roles can be set via Identity

That's promising, but can I use an external OpenID Connect IDP for that? I don't want to manage users in Netlify

Portland, Oregon • 84°F

1 reply

Fri, Jul 23, 2021 4:03pm -07:00
karmanyaahm https://social.linux.pizza/@karmanyaahm • Jul 23
@aaronpk I haven't used it but I've heard about Authelia which could perhaps do this?

I'm skimming through their docs and it looks like it is an OAuth server itself? That sounds like something different.

Portland, Oregon • 83°F

1 like 2 replies

Fri, Jul 23, 2021 3:58pm -07:00
Jason Lengstorf https://twitter.com/jlengstorf • Jul 23
yeah, that definitely works! here’s some code to change roles if you need to, but in general Netlify Identity / roles will definitely let you gate content

https://github.com/stripe-samples/netlify-stripe-subscriptions

I'm still a little confused about Netlify Identity, but it seems like it requires that I manage users in Netlify, which isn't what I want.

Also wow the pricing 😮 $99/month/user in order to be able to use third party JWT tokens?

Portland, Oregon • 83°F

1 reply

Fri, Jul 23, 2021 3:55pm -07:00
He couldn’t get over his fiancee’s death. So he brought her back as an A.I. chatbot (www.sfchronicle.com)

Fri, Jul 23, 2021 3:53pm -07:00 #ai #chatbot
Jesse Cooke https://twitter.com/jc00ke • Jul 23
I used https://github.com/oauth2-proxy/oauth2-proxy in front of S3 years ago, worked quite well.

I just found a tutorial on deploying that on Heroku which is currently at the top of my list!

Portland, Oregon • 83°F

2 likes 1 reply

Fri, Jul 23, 2021 3:48pm -07:00
Kevin C. https://social.librem.one/@kcoram • Jul 23
@aaronpk
Does Vouch support OpenID Connect? I remember learning how to set it up for OAuth from instructions on your site . . .

It does! That's high on my list, but ideally I'd like to deploy this to something that doesn't require that I run nginx/Apache or a VM.

Portland, Oregon • 83°F

Fri, Jul 23, 2021 3:46pm -07:00
Jason Lengstorf https://twitter.com/jlengstorf • Jul 23
can you say more about what the ideal workflow is? if you can set a cookie, you can allow/deny access based on cookie presence https://docs.netlify.com/routing/redirects/redirect-options/#redirect-by-cookie-presence

I followed a few links from there and it looks like possibly this is the answer?

https://docs.netlify.com/visitor-access/role-based-access-control/#external-providers

Portland, Oregon • 83°F

3 replies

Fri, Jul 23, 2021 3:40pm -07:00
Jo Wouters https://twitter.com/jowouters • Jul 23
Have you tried Snippet Injection? https://docs.netlify.com/site-deploys/post-processing/snippet-injection/ You could inject the Identity code in your static code https://identity.netlify.com/

That won't work, I need to prevent access to the files entirely if the user isn't logged in.

Portland, Oregon • 83°F

1 like 3 replies

Fri, Jul 23, 2021 3:37pm -07:00
Jason Lengstorf https://twitter.com/jlengstorf • Jul 23
can you say more about what the ideal workflow is? if you can set a cookie, you can allow/deny access based on cookie presence https://docs.netlify.com/routing/redirects/redirect-options/#redirect-by-cookie-presence

Ideally I'd have something like a Netlify function run on every incoming request to check the presence of a cookie, validate it, and based on the result, either send an HTTP redirect to start an OIDC flow, or return the static file requested.

Portland, Oregon • 83°F

5 replies

Fri, Jul 23, 2021 3:32pm -07:00
Bertrand Carlier https://twitter.com/bertrandcarlier • Jul 23
mod_auth_openidc for Apache or nginx equivalent by the excellent @hanszandbelt?

Those and https://github.com/vouch/vouch-proxy are on my list, but require that I run an nginx/Apache server somewhere, and ideally I'd be able to deploy this on something that doesn't require a full VM. That's my backup plan tho.

Portland, Oregon • 83°F

2 likes

Fri, Jul 23, 2021 3:30pm -07:00
Jeremy Fiel https://twitter.com/jeremyfiel • Jul 23
If you can't modify it, how do you have access to deploy it somewhere else?

It's a static site, so it's a pile of files. I can push those files around as much as I want, but changing them is not really feasible

Portland, Oregon • 83°F

Fri, Jul 23, 2021 3:29pm -07:00
Jeremy Fiel https://twitter.com/jeremyfiel • Jul 23
Netlify @cassidoo @jlengstorf can help

I have spent no joke like 4 hours trying to do this on @netlify already today and cannot for the life of me figure it out

Portland, Oregon • 83°F

1 like 17 replies

Fri, Jul 23, 2021 3:21pm -07:00
certified post-corporate hellscape solutions https://twitter.com/4c4d • Jul 23
Google, Azure, AWS all have the concept of the identity aware proxy, which is something that inspects the jwt/token and denies access if it's not valid. I've used GCP's, and it's pretty well featured, but the other providers should be reasonable as well (it's a common feature)

That's exactly what I want, but is there anything lighter weight than those platforms? It feels way overkill. I can't find a corresponding feature in Netlify or Heroku for example though.

Portland, Oregon • 83°F

8 replies

Fri, Jul 23, 2021 3:20pm -07:00
okay Internet, I need your suggestions:

I have a static website that I can't modify, and I want to host it on some platform that I can tie to an arbitrary OpenID Connect provider so that only certain people can access it.

What's the easiest way to do this?

Portland, Oregon • 83°F

13 likes 7 reposts 47 replies

Fri, Jul 23, 2021 3:16pm -07:00 #oauth #openid
9:58pm
Asleep

6:17am
Awake

8h 19m
Slept

29m
Awake for

Portland, Oregon, USA • 61°F

Fri, Jul 23, 2021 6:17am -07:00
Christina Warren https://twitter.com/film_girl

OK, so this is actually a super interesting article but the first sentence really threw me for a loop. Like it’s *technically* true but…https://engineering.fb.com/2021/07/22/data-infrastructure/mysql/

Portland, Oregon • 77°F

Thu, Jul 22, 2021 6:44pm +00:00 (liked on Thu, Jul 22, 2021 7:20pm -07:00)
Francesco Gabaglio https://twitter.com/fragabaglio

If you've ever listened to a podcast, you've used RSS. Well, except if you use spotify

Portland, Oregon • 79°F

Thu, Jul 22, 2021 8:32pm +00:00 (liked on Thu, Jul 22, 2021 3:53pm -07:00)
Banks, brokerages, PSN, the Steam Store, and more went down in massive internet outage - The Verge (www.theverge.com)

"Outages like this show that, while the web is decentralized in theory, many major sites’ functionality is dependent on a handful of companies."

Thu, Jul 22, 2021 11:16am -07:00 #dns #internet
Dear Whole Foods aka Amazon. You know my entire grocery shopping history, you know how much tofu I buy, so why on earth would you think it's appropriate to send me ads for ground beef? #vegetarian #ads

Portland, Oregon • 62°F

16 likes 1 repost 7 replies

Thu, Jul 22, 2021 10:23am -07:00 #amazon #vegetarian #ads

older