Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add possibility to authenticate preview only #274

Closed
tripodsan opened this issue Mar 3, 2023 · 6 comments · Fixed by #456
Closed

add possibility to authenticate preview only #274

tripodsan opened this issue Mar 3, 2023 · 6 comments · Fixed by #456
Labels
enhancement New feature or request released

Comments

@tripodsan
Copy link
Contributor

tripodsan commented Mar 3, 2023
edited
Loading

eg:

  • access.allow.live=*
  • or access.allow.live=anonymous

this would also allow for different creds:

access.allow.preview=authors.json
access.allow.live=viewers.json

better to reverse structure:

example of preview only auth:

access.preview.allow=authors.json

example of different access groups for preview and live; including api key for live

access.preview.allow=authors.json
access.live.allow=viewers.json
access.live.apiKeyId=xyz

only allow access via api key and authors

access.apiKeyId=xyz
access.live.allow=helix@adobe.com  // required for api key access
access.preview.allow=authors.json
access.preview.allow=helix@adobe.com // users don't inherit from access.allow

workaround

Pre-authenticate requests to .live via an API_KEY on the production CDN
@tripodsan tripodsan added the enhancement New feature or request label Mar 3, 2023
@amol-anand
Copy link
Contributor

I have a customer asking for authentication only for preview and not for live.

@auniverseaway
Copy link
Member

+1 to this request. This would be great for us on adobe.com

@davidnuescheler
Copy link

@tripodsan i think this is probably not a pipeline only issue or is it? if this has no impact on the delivery stack upstream that would be great.

@tripodsan
Copy link
Contributor Author

@tripodsan i think this is probably not a pipeline only issue or is it? if this has no impact on the delivery stack upstream that would be great.

@davidnuescheler both. ultimately, the .live requests need to be able to fetch the content unauthenticated. for that several things must happen:

  • the edge dicts on .live that mark authenticated sites needs to be removed (admin issue)
  • when .live fetches content via .page if needs to be able to do this unauthed. this can be done by not enforcing auth on the live partition. this is a html-pipeline issue

@davidnuescheler
Copy link

that's great thanks @tripodsan for the details.

tripodsan added a commit that referenced this issue Nov 14, 2023
@tripodsan
feat: implement partition specific auth
0a9359f 
fixes #274
@tripodsan tripodsan mentioned this issue Nov 14, 2023
Merged
tripodsan added a commit that referenced this issue Nov 15, 2023
@tripodsan
feat: implement partition specific auth (#456)
89fa4f1 
fixes #274
github-actions bot pushed a commit that referenced this issue Nov 15, 2023
@semantic-release-bot
chore(release): 5.2.0 [skip ci]
25f6f34 
# [5.2.0](v5.1.3...v5.2.0) (2023-11-15)

### Features

* implement partition specific auth ([#456](#456)) ([89fa4f1](89fa4f1)), closes [#274](#274)
@github-actions GitHub Actions
Copy link

🎉 This issue has been resolved in version 5.2.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: implement partition specific auth adobe/helix-html-pipeline
4 participants
@tripodsan @auniverseaway @davidnuescheler @amol-anand