WeChat ID
aaronpk_tv
-
yeah, HTTP Basic Auth is problematic for several reasons -
John Patrick Dandison โโโ
https://twitter.com/AzureAndChill
•
Jul 23
Azure static web apps has auth proxy built in and is pretty lightweight, $9 to byo oidc. Or an az function proxy and use easyauth/write a couple of methods to handle the redirect and code redemption. That's free under 1m executions
This is promising, thanks, I am going to check it out. -
Jo Wouters
https://twitter.com/jowouters
•
Jul 23
In that case you could move the whole static site to a specific directory that is protected via a _redirects definition ? Access is only granted to a specific role. https://docs.netlify.com/visitor-access/role-based-access-control/ Roles can be set via Identity
That's promising, but can I use an external OpenID Connect IDP for that? I don't want to manage users in Netlify -
karmanyaahm
https://social.linux.pizza/@karmanyaahm
•
Jul 23
@aaronpk I haven't used it but I've heard about Authelia which could perhaps do this?
I'm skimming through their docs and it looks like it is an OAuth server itself? That sounds like something different. -
Jason Lengstorf
https://twitter.com/jlengstorf
•
Jul 23
yeah, that definitely works! hereโs some code to change roles if you need to, but in general Netlify Identity / roles will definitely let you gate content
https://github.com/stripe-samples/netlify-stripe-subscriptions
I'm still a little confused about Netlify Identity, but it seems like it requires that I manage users in Netlify, which isn't what I want.
Also wow the pricing ๐ฎ $99/month/user in order to be able to use third party JWT tokens? -
Jesse Cooke
https://twitter.com/jc00ke
•
Jul 23
I used https://github.com/oauth2-proxy/oauth2-proxy in front of S3 years ago, worked quite well.
I just found a tutorial on deploying that on Heroku which is currently at the top of my list! -
Kevin C.
https://social.librem.one/@kcoram
•
Jul 23
@aaronpk
Does Vouch support OpenID Connect? I remember learning how to set it up for OAuth from instructions on your site . . .
It does! That's high on my list, but ideally I'd like to deploy this to something that doesn't require that I run nginx/Apache or a VM. -
Jason Lengstorf
https://twitter.com/jlengstorf
•
Jul 23
can you say more about what the ideal workflow is? if you can set a cookie, you can allow/deny access based on cookie presence https://docs.netlify.com/routing/redirects/redirect-options/#redirect-by-cookie-presence
I followed a few links from there and it looks like possibly this is the answer?
https://docs.netlify.com/visitor-access/role-based-access-control/#external-providers -
Jo Wouters
https://twitter.com/jowouters
•
Jul 23
Have you tried Snippet Injection? https://docs.netlify.com/site-deploys/post-processing/snippet-injection/ You could inject the Identity code in your static code https://identity.netlify.com/
That won't work, I need to prevent access to the files entirely if the user isn't logged in.
-
Jason Lengstorf
https://twitter.com/jlengstorf
•
Jul 23
can you say more about what the ideal workflow is? if you can set a cookie, you can allow/deny access based on cookie presence https://docs.netlify.com/routing/redirects/redirect-options/#redirect-by-cookie-presence
Ideally I'd have something like a Netlify function run on every incoming request to check the presence of a cookie, validate it, and based on the result, either send an HTTP redirect to start an OIDC flow, or return the static file requested.
-
Bertrand Carlier
https://twitter.com/bertrandcarlier
•
Jul 23
mod_auth_openidc for Apache or nginx equivalent by the excellent @hanszandbelt?
Those and https://github.com/vouch/vouch-proxy are on my list, but require that I run an nginx/Apache server somewhere, and ideally I'd be able to deploy this on something that doesn't require a full VM. That's my backup plan tho. -
Jeremy Fiel
https://twitter.com/jeremyfiel
•
Jul 23
If you can't modify it, how do you have access to deploy it somewhere else?
It's a static site, so it's a pile of files. I can push those files around as much as I want, but changing them is not really feasible -
I have spent no joke like 4 hours trying to do this on @netlify already today and cannot for the life of me figure it out
-
certified post-corporate hellscape solutions
https://twitter.com/4c4d
•
Jul 23
Google, Azure, AWS all have the concept of the identity aware proxy, which is something that inspects the jwt/token and denies access if it's not valid. I've used GCP's, and it's pretty well featured, but the other providers should be reasonable as well (it's a common feature)
That's exactly what I want, but is there anything lighter weight than those platforms? It feels way overkill. I can't find a corresponding feature in Netlify or Heroku for example though. -
jessekelber
https://micro.blog/jessekelber
•
Jul 22
@aaronpk nice Brommie! What luggage is that up front?
It's a brompton bag, I think it's the Metro Messenger bag! I got it over 4 years ago now! ๐ฎ -
Andy Millington ๐๐
https://twitter.com/sephster
•
Jul 15
totally understand the am/pm but superscript for ordinal indicators is the norm in the UK. I didn't realise this wasn't common over the pond. Learn something new every day!
oh it's not unusual, I'm just surprised that they took the effort to do that and nothing else! -
ahh sorry it's not at a good time for Europe! I'll try to schedule the next ones at a better time!
-
Nolan
https://toot.cafe/@nolan
•
Jul 14
My challenge to web developers is this: I should be able to type as fast into your text input as I can into a plain-old <input> or <textarea> with no JavaScript handlers on them. If I can't, then the event handlers should be debounced, and/or they should do less JavaScript work.
I can't believe this even needs to be said ๐คฆโโ๏ธ -
PhotoJoseph
https://twitter.com/photojoseph
•
Jul 14
Hey โฆ@QBCaresโฉ could this message be any more confusing and potentially misleading? And I canโt get out of this screenโฆ thatโs some SHIT tactics there. I pay a LOT every month. Stop trying to squeeze more.
This needs to go in an anti-UX hall of fame ๐
It's asking two contradictory questions, both phrased incredibly confusingly. There's no way to really know what the "yes" or "no" buttons will actually do. -
Dave - Post. Color. Gear.
https://twitter.com/PostColorGear
•
Jul 14
Does anyone have too many restrictions on their email / messages that they have to keep checking the spam folders to see if any companies have contacted you for business inquiries?
Or just me? lol
This is one of the reasons I got a WeChat account
