WeChat ID
aaronpk_tv
-
John Patrick Dandison ☁☁☁
https://twitter.com/AzureAndChill
•
Jul 24
Using the standard tier, correct? I think the paid one is required for byo
Yup, that was it! Thanks for the reminder! This works great. -
John Patrick Dandison ☁☁☁
https://twitter.com/AzureAndChill
•
Jul 24
Using the standard tier, correct? I think the paid one is required for byo
oh well that could very well be the missing piece here!
-
Jason Lengstorf
https://twitter.com/jlengstorf
•
Jul 24
you could redirect through a serverless function to validate. JWT is probably easier since you'll presumably already have that through whatever service you're using for user management
Sounds promising, but I still can't quite see all the pieces. Maybe we should do another livestream and tackle this live! -
John Patrick Dandison ☁☁☁
https://twitter.com/AzureAndChill
•
Jul 23
Azure static web apps has auth proxy built in and is pretty lightweight, $9 to byo oidc. Or an az function proxy and use easyauth/write a couple of methods to handle the redirect and code redemption. That's free under 1m executions
Managed to get pretty far with this approach, but got hung up on this issue if you have any thoughts: https://github.com/aaronpowell/swa-custom-auth-okta/issues/1
-
Jason Lengstorf
https://twitter.com/jlengstorf
•
Jul 23
but if you’re looking for a cookie, you can check for that in the redirect and send to auth if it’s not present
the cookie redirect could be:
/* /:splat 200! Cookie=your_cookie
/* /login
login could call a serverless function to set the cookie
how can I validate the contents of that cookie? From what I can tell in the docs the redirect method just checks for the presence of the cookie -
yeah, HTTP Basic Auth is problematic for several reasons
-
John Patrick Dandison ☁☁☁
https://twitter.com/AzureAndChill
•
Jul 23
Azure static web apps has auth proxy built in and is pretty lightweight, $9 to byo oidc. Or an az function proxy and use easyauth/write a couple of methods to handle the redirect and code redemption. That's free under 1m executions
This is promising, thanks, I am going to check it out.
-
Jo Wouters
https://twitter.com/jowouters
•
Jul 23
In that case you could move the whole static site to a specific directory that is protected via a _redirects definition ? Access is only granted to a specific role. https://docs.netlify.com/visitor-access/role-based-access-control/ Roles can be set via Identity
That's promising, but can I use an external OpenID Connect IDP for that? I don't want to manage users in Netlify -
karmanyaahm
https://social.linux.pizza/@karmanyaahm
•
Jul 23
@aaronpk I haven't used it but I've heard about Authelia which could perhaps do this?
I'm skimming through their docs and it looks like it is an OAuth server itself? That sounds like something different. -
Jason Lengstorf
https://twitter.com/jlengstorf
•
Jul 23
yeah, that definitely works! here’s some code to change roles if you need to, but in general Netlify Identity / roles will definitely let you gate content
https://github.com/stripe-samples/netlify-stripe-subscriptions
I'm still a little confused about Netlify Identity, but it seems like it requires that I manage users in Netlify, which isn't what I want.
Also wow the pricing 😮 $99/month/user in order to be able to use third party JWT tokens? -
He couldn’t get over his fiancee’s death. So he brought her back as an A.I. chatbot (www.sfchronicle.com)
-
Jesse Cooke
https://twitter.com/jc00ke
•
Jul 23
I used https://github.com/oauth2-proxy/oauth2-proxy in front of S3 years ago, worked quite well.
I just found a tutorial on deploying that on Heroku which is currently at the top of my list! -
Kevin C.
https://social.librem.one/@kcoram
•
Jul 23
@aaronpk
Does Vouch support OpenID Connect? I remember learning how to set it up for OAuth from instructions on your site . . .
It does! That's high on my list, but ideally I'd like to deploy this to something that doesn't require that I run nginx/Apache or a VM. -
Jason Lengstorf
https://twitter.com/jlengstorf
•
Jul 23
can you say more about what the ideal workflow is? if you can set a cookie, you can allow/deny access based on cookie presence https://docs.netlify.com/routing/redirects/redirect-options/#redirect-by-cookie-presence
I followed a few links from there and it looks like possibly this is the answer?
https://docs.netlify.com/visitor-access/role-based-access-control/#external-providers -
Jo Wouters
https://twitter.com/jowouters
•
Jul 23
Have you tried Snippet Injection? https://docs.netlify.com/site-deploys/post-processing/snippet-injection/ You could inject the Identity code in your static code https://identity.netlify.com/
That won't work, I need to prevent access to the files entirely if the user isn't logged in.
-
Jason Lengstorf
https://twitter.com/jlengstorf
•
Jul 23
can you say more about what the ideal workflow is? if you can set a cookie, you can allow/deny access based on cookie presence https://docs.netlify.com/routing/redirects/redirect-options/#redirect-by-cookie-presence
Ideally I'd have something like a Netlify function run on every incoming request to check the presence of a cookie, validate it, and based on the result, either send an HTTP redirect to start an OIDC flow, or return the static file requested.
