okay Internet, I need your suggestions: I have a static website that I can't modify, and I want to host it on some platform that I can tie to an arbitrary OpenID Connect provider so that only certain people can access it. What's the easiest way to do this?
9
2
11
Netlify @cassidoo @jlengstorf can help
1
I have spent no joke like 4 hours trying to do this on @netlify already today and cannot for the life of me figure it out
2
1
can you say more about what the ideal workflow is? if you can set a cookie, you can allow/deny access based on cookie presence docs.netlify.com/routing/red…

Redirect options

Understand redirect rule options to customize how site paths are matched and redirected.

docs.netlify.com
2
I followed a few links from there and it looks like possibly this is the answer? docs.netlify.com/visitor-acc…

Role-based access control with JWT

Use JSON Web Tokens (JWT), roles, and redirect rules to set granular access to your site or to specific pages with role-based access control.

docs.netlify.com
1
yeah, that definitely works! here’s some code to change roles if you need to, but in general Netlify Identity / roles will definitely let you gate content github.com/stripe-samples/ne…

GitHub - stripe-samples/netlify-stripe-subscriptions: An example of managing subscriptions with the...

An example of managing subscriptions with the Stripe Customer Portal and Netlify Identity. - GitHub - stripe-samples/netlify-stripe-subscriptions: An example of managing subscriptions with the Stri...

github.com
1
I'm still a little confused about Netlify Identity, but it seems like it requires that I manage users in Netlify, which isn't what I want. Also wow the pricing 😮 $99/month/user in order to be able to use third party JWT tokens?
1
you can do user stuff without plugging into Netlify Identity. the important part is the app_metadata.roles in the token
1
but if you’re looking for a cookie, you can check for that in the redirect and send to auth if it’s not present the cookie redirect could be: /* /:splat 200! Cookie=your_cookie /* /login login could call a serverless function to set the cookie
1
Replying to @jlengstorf @jeremyfiel @cassidoo @Netlify
how can I validate the contents of that cookie? From what I can tell in the docs the redirect method just checks for the presence of the cookie

Jul 23, 2021 · 11:30 PM UTC

1
Replying to @aaronpk @jeremyfiel @cassidoo @Netlify
you could redirect through a serverless function to validate. JWT is probably easier since you'll presumably already have that through whatever service you're using for user management
1
1
Sounds promising, but I still can't quite see all the pieces. Maybe we should do another livestream and tackle this live!
1