How to implement basic authentication?

Hey!
I would like to have a basic authentication for my frontity site. How can I implement that?
The reason for this is that I will deploy a dev branch of my site soon and this will probably done via ZEIT Now. However, ZEIT now does not support a separate authentication any longer (please correct me if I’m wrong). Even if it’s possible somehow, I would like to protect the site itself.

I guess that I would have to adjust core/server and add a middleware, maybe https://github.com/koajs/basic-auth for koa? Or is there a smarter solution without modifying frontity core for me?
Thank you!

Hello @cobra!

Just to be sure, you are asking for a way to restrict the access to your site so only those users with credentials can visit your dev deploy, am I right?

I mean, your frontity site, not your WordPress REST API.

Hey! Jep, absolutely right @David

Well, you are correct, ZEIT Now doesn’t provide the authentication feature you want. :sweat_smile:

In the future the idea is to make the server extensible using packages, so there could be an authentication package for Frontity. Until that, I guess it could be done using the middleware you mentioned, or you can wait for this feature that adds Koa’s context to the beforeSSR function, I think it may help you as well (though in this case you would have to implement the authentication logic).

1 Like

Maybe authentication should be done client-side only, with something like the JWT pluguin, because private content is not indexed by Google so it doesn’t need SSR.

My raw idea right now is to create a new auth namespace. Packages implementing the auth namespace can expose a state.auth.header prop with the header needed to authenticate the REST API requests. Something like

state.auth.header = "Authorization: Bearer mF_s9.B5f-4.1JqM";

If state.auth.header exists, the source namespace packages include it on each request to the REST API.

It’s up to the auth package to manage the retrieval of a valid token. In the JWT case, that is done with a REST API request to a new endpoint exposed by the JWT plugin:

/jwt-auth/v1

but other auth plugins could use other methods, like OAuth for example.


Would that be useful for your use-case @cobra?

@cobra what do you want to authenticate against? Is it private WordPress posts or is it something external to WordPress?

Thank you, @luisherranz! I think there is a small misunderstanding here - I would like to have an authentication against my frontity page, not the WordPress REST API. I think the best solution for this is to wait for the Koa context available in beforeSSR function right now.

However, I’m indeed also interested in authentication against REST API and also saw that there is already another post existing. For that, I would really like the solution you suggested (having the header prop. Thanks guys!

1 Like

But which service is going to store the information about the users?