You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Caddy is a reverse-proxying web server like NGINX. It automatically sets up HTTPS transparently. Caddy-security is a Caddy plugin that allows creating an auth portal that supports email-based registration as well as OAuth providers like Google or Discord and passwordless authentication via email and SMS.
Because caddy-security has verified the user, there is no need for Mycorrhiza itself to store any authentication credentials.
I would like to add Mycorrhiza to add support for header-based authentication compatible with caddy-security, as a third option to no auth and password auth. To implement support, a user should be logged into the username corresponding to X-Token-Subject, and if an account does not exist, it should be created.
You could point Mycorrizha users to using caddy-security as the default method, so that you don't need to implement any of this yourself. Caddy can be set up behind or in front of an existing web server and is a statically linked Go executable.
I'm not a Caddy developer, I just think this is the easiest and most ergonomic way to add security to Mycorrhiza.
The text was updated successfully, but these errors were encountered:
Caddy sounds fun. I guess one can already use this system, if they set up the wiki to be anonymous and set up this portal. It's like Basic Auth advanced replacement, right?
Would the following be enough to implement the feature?:
Add a toggle in configuration: “Enable Caddy portal”.
If there is that username header, authorize with that username.
Deny the usual login procedure (ie /login and /register) would do nothing.
The only thing missing would be assigning Mycorrhiza groups based on X-Token-User-Roles. You'd detect myco/editor, myco/trusted, myco/moderator, and myco/admin and give the user the highest role in the header.
However, this only adds a little bit of value, and if it's at all difficult to implement, I'd much prefer you just implement username authentication.
Hi,
I'm using caddy-security to authenticate requests: https://authp.github.io/
Caddy is a reverse-proxying web server like NGINX. It automatically sets up HTTPS transparently. Caddy-security is a Caddy plugin that allows creating an auth portal that supports email-based registration as well as OAuth providers like Google or Discord and passwordless authentication via email and SMS.
Once authenticated, caddy-security can pass information downstream: https://authp.github.io/docs/authorize/headers
Because caddy-security has verified the user, there is no need for Mycorrhiza itself to store any authentication credentials.
I would like to add Mycorrhiza to add support for header-based authentication compatible with caddy-security, as a third option to no auth and password auth. To implement support, a user should be logged into the username corresponding to X-Token-Subject, and if an account does not exist, it should be created.
You could point Mycorrizha users to using caddy-security as the default method, so that you don't need to implement any of this yourself. Caddy can be set up behind or in front of an existing web server and is a statically linked Go executable.
I'm not a Caddy developer, I just think this is the easiest and most ergonomic way to add security to Mycorrhiza.
The text was updated successfully, but these errors were encountered: