Powerful authentication with caddy-security #199
Comments
|
Caddy sounds fun. I guess one can already use this system, if they set up the wiki to be anonymous and set up this portal. It's like Basic Auth advanced replacement, right? Would the following be enough to implement the feature?:
|
|
Yup, that would be enough! |
|
The only thing missing would be assigning Mycorrhiza groups based on However, this only adds a little bit of value, and if it's at all difficult to implement, I'd much prefer you just implement username authentication. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I'm using caddy-security to authenticate requests: https://authp.github.io/
Caddy is a reverse-proxying web server like NGINX. It automatically sets up HTTPS transparently. Caddy-security is a Caddy plugin that allows creating an auth portal that supports email-based registration as well as OAuth providers like Google or Discord and passwordless authentication via email and SMS.
Once authenticated, caddy-security can pass information downstream: https://authp.github.io/docs/authorize/headers
Because caddy-security has verified the user, there is no need for Mycorrhiza itself to store any authentication credentials.
I would like to add Mycorrhiza to add support for header-based authentication compatible with caddy-security, as a third option to no auth and password auth. To implement support, a user should be logged into the username corresponding to X-Token-Subject, and if an account does not exist, it should be created.
You could point Mycorrizha users to using caddy-security as the default method, so that you don't need to implement any of this yourself. Caddy can be set up behind or in front of an existing web server and is a statically linked Go executable.
I'm not a Caddy developer, I just think this is the easiest and most ergonomic way to add security to Mycorrhiza.
The text was updated successfully, but these errors were encountered: