GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → netlify-labs → netlify-gated-sites

netlify-labs / netlify-gated-sites

Licence: other
How to create Single Sign On flows with role based access controls & functions

Programming Languages

javascript
184084 projects - #8 most used programming language
HTML
75241 projects
CSS
56736 projects

Labels

identityfunctionsrole-based-access-control

Projects that are alternatives of or similar to netlify-gated-sites

auth
A GitHub Action for authenticating to Google Cloud.
Stars: ✭ 567 (+2600%)
Mutual labels:  identity
nuxt-lambda
Nuxt.js command to quickly & easily create an optimized lambda
Stars: ✭ 43 (+104.76%)
Mutual labels:  functions
openwhisk-runtime-java
Apache OpenWhisk Runtime Java supports Apache OpenWhisk functions written in Java and other JVM-hosted languages
Stars: ✭ 43 (+104.76%)
Mutual labels:  functions
gitemon
👾 Gotta Catch 'Em All!
Stars: ✭ 15 (-28.57%)
Mutual labels:  functions
MCW-Media-AI
MCW Media AI
Stars: ✭ 22 (+4.76%)
Mutual labels:  functions
My-Azure-AD-B2C-use-cases
Recopilation of Azure AD B2C use cases I use to find in customers, or are requested by peers
Stars: ✭ 23 (+9.52%)
Mutual labels:  identity
Authing
🔥Authing - IDaaS/IAM solution that can Auth to web and mobile applications.
Stars: ✭ 247 (+1076.19%)
Mutual labels:  identity
WeIdentity
基于区块链的符合W3C DID和Verifiable Credential规范的分布式身份解决方案
Stars: ✭ 1,063 (+4961.9%)
Mutual labels:  identity
assemblylift
The easiest way to build & deploy cloud native microservices! Written in Rust, powered by WebAssembly 🚀
Stars: ✭ 100 (+376.19%)
Mutual labels:  functions
blockstack-browser
The Blockstack Browser
Stars: ✭ 1,130 (+5280.95%)
Mutual labels:  identity
alkemio
START HERE! Cross project collaboration and shared documentation.
Stars: ✭ 22 (+4.76%)
Mutual labels:  identity
is-callable
Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.
Stars: ✭ 38 (+80.95%)
Mutual labels:  functions
AspNetCoreBackChannelLogout
ASP.NET Core Back-Channel Logout for Hybrid Clients, Redis, Key Vault, Azure
Stars: ✭ 17 (-19.05%)
Mutual labels:  identity
fnts
λ Minimal Functional Programming Utilities for TypeScript & JavaScript
Stars: ✭ 75 (+257.14%)
Mutual labels:  functions
MCW-OSS-PaaS-and-DevOps
MCW OSS PaaS and DevOps
Stars: ✭ 49 (+133.33%)
Mutual labels:  functions
token-cli
Command line utility for interacting with OAuth2 infrastructure to generate tokens
Stars: ✭ 19 (-9.52%)
Mutual labels:  identity
Mask-Aware-Face-Recognition-SDK-iOS
Fast, Accurate, Mask-Aware Face Recognition SDK with Liveness Detection
Stars: ✭ 113 (+438.1%)
Mutual labels:  identity
faas-rancher
[DEPRECATED] Enable Rancher as a backend for Functions as a Service (OpenFaaS) https://github.com/alexellis/faas
Stars: ✭ 30 (+42.86%)
Mutual labels:  functions
ms-identity-mobile-apple-swift-objc
An iOS sample in Swift that authenticates Microsoft Account and Azure AD users and calls the Graph API using OAuth 2.0
Stars: ✭ 61 (+190.48%)
Mutual labels:  identity
camunda-cloud-helm
Camunda Platform 8 Self-Managed Helm charts
Stars: ✭ 41 (+95.24%)
Mutual labels:  identity
View All Similar Projects ➔

Netlify Gated Sites

This repo demonstrates how you can use Role Based Access Controls, Netlify functions and role based _redirects to create single sign on flows.

TLDR; You can use netlify functions + any identity provider (Auth0, Okta, Netlify identity etc) to gate as many Netlify sites as they want!

Examples

How does it work?

The protected sites can only be access after logging in through the Login Portal site.

We are using a combination of Netlify functions, Access Control and role based _redirects


              ┌────────────────────────────────────┐                                                     
              │     User visits the gated site     │                                                     
              │                                    │                                                     
              │             gated.com              │◀───────────────────────────────────────────────────┐
              │                                    │                                                    │
              └────────────────────────────────────┘                                                    │
                                 │                                                                      │
                                 ▼                                                                      │
     ┌──────────────────────────────────────────────────────┐                                           │
     │             Netlify role based redirects             │                                           │
     │        check for 'nf_jwt' cookie + user role         │                                           │
     │                                                      │                                           │
     │            via Netlify `_redirect` rule:             │                                           │
     │                                                      │                                           │
     │                /* /:splat 200! Role=*                │                                           │
     └──────────────────────────────────────────────────────┘                                           │
                                 │                                                                      │
                   Has valid jwt + correct role?                                                        │
                                 │                                                                      │
                                 │                                                                      │
            ┌──────yes───────────┴──────────────No────────────┐                                         │
            │                                                 │                                         │
            │                                                 │                                         │
            │                                                 │                                         │
            ▼                                                 ▼                                         │
 ┌─────────────────────┐    ┌───────────────────────────────────────────────────────────────────┐       │
 │      Success!       │    │                                                                   │       │
 │                     │    │                                                                   │       │
 │   Show gated site   │    │                 Redirect to Login Portal Site via                 │       │
 │                     │    │                     Netlify `_redirect` rule:                     │       │
 └─────────────────────┘    │                                                                   │       │
                            │  /* https://login-portal.com/?site=https://gated.com/:splat 302!  │       │
                            │                                                                   │       │
                            │                                                                   │       │
                            └───────────────────────────────────────────────────────────────────┘       │
                                                              │                                         │
                                                              ▼                                         │
                                         ┌─────────────────────────────────────────┐                    │
                                         │                                         │                    │
                                         │       User logs into Portal Site        │                    │
                                         │                                         │                    │
                                         └─────────────────────────────────────────┘                    │
                                                              │                                         │
                                                              │                                         │
                                                              ▼                                         │
                                           ┌─────────────────────────────────────┐                      │
                                           │    Netlify function triggered to    │                      │
                                           │         verify Okta session         │                      │
                                           │                                     │                      │
                                           └─────────────────────────────────────┘                      │
                                                              │                                         │
                                                              │                                         │
                                                    is Okta session valid?                              │
                                                              │                                         │
                                                              │                                         │
                                 ┌───────────No───────────────┴─────yes─────┐                           │
                                 │                                          │                           │
                                 │                                          │                           │
                                 │                                          │                           │
                                 │                                          │                           │
                                 ▼                                          ▼                           │
               ┌──────────────────────────────────┐     ┌──────────────────────────────────────┐        │
               │  Redirect back to login portal   │     │                                      │        │
               │       & show error message       │     │     Generate `nf_jwt` cookie and     │        │
               │                                  │     │   set cookie in function response    │        │
               │        "Session invalid"         │     │                                      │        │
               └──────────────────────────────────┘     └──────────────────────────────────────┘        │
                                                                            │                           │
                                                                            │                           │
                                                                            │                           │
                                                                            ▼                           │
                                                       ┌─────────────────────────────────────────┐      │
                                                       │     Then redirect back to original      │      │
                                                       │  referrer to set cookie on gated site   │      │
                                                       │                                         │      │
                                                       │   gated-site.com/set-cookie Function    │      │
                                                       └─────────────────────────────────────────┘      │
                                                                            │                           │
                                                                            ▼                           │
                                                          ┌───────────────────────────────────┐         │
                                                          │                                   │         │
                                                          │  Set nf_jwt cookie on gated.com   │         │
                                                          │                                   │         │
                                                          └───────────────────────────────────┘         │
                                                                            │                           │
                                                                            │                           │
                                                                            └─────────────┐             │
                                                                                          │             │
                                                                                          ▼             │
                                                                              ┌──────────────────────┐  │
                                                                              │                      │  │
                                                                              │ Redirect to original │  │
                                                                              │    URL requested     │──┘
                                                                              │                      │   
                                                                              └──────────────────────┘

Demo

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].