Protecting Huginn with HTTP auth breaks Twilio integration.

[virtadpt]

When using the Twilio agent to interact with the outside world, putting Huginn behind a web server which implements HTTP Basic Auth breaks inbound interaction from Twilio's API server. For example, sending a text message to an agent network results in the following error at Twilio:

Error              11200 HTTP retrieval failure 
Description    An attempt to retrieve content from https://exocortex.virtadpt.net/ returned the HTTP status code 401.

Is there a way to work around this such that Twilio's API server can send incoming events while still preventing untrusted users from monkeying with Huginn?

[dsander]

Doesn't the invitation code offer enough 'protection'?

You could try https://username:password@exocortex.virtadpt.net/.

[virtadpt]

I don't know. I set it up at the advice of @cantino.

Hmmm... I'll try that.

[cantino]

@dsander Since he is running in development mode, I encouraged him to put the site behind basic auth in nginx. Rails in development is fairly insecure (interactive debug consoles, error logs, etc.).

@virtadpt you could probably set nginx to allow only requests to the webhook routes without basic auth, right?

[virtadpt]

I could try. I haven't had time to mess with Huginn for a few weeks now.

[cantino]

That'd be my recommendation.

[virtadpt]

I've created a separate basic auth user for webhooks and I'm trying that URL spec - I forgot that you could do that.

It works like a charm!

[cantino]

Great!