What is the simplest way to restrict access to a static website using social auth

s3 static website authentication
basic authentication static site
s3 static website cognito
access identity lambda authentication
html authentication
password protect static website
s3 static website restrict access
web application with login

I have a static website composed of html/css/javascript files. The website is automatically generated and updated frequently.

Instead of authorizing access to the website with a username/password (basic auth), I would like to have users authenticate using Google Sign-in/openID Connect, and then control access via a whitelist of gmail addresses.

What is the simplest way to set this up?

Social Login for Your SPA: Authenticate Your Users via Google and , Adding social login to your SPA needn't be a difficult task. you will need some way to determine who they are and whether the access is permitted or not. Often, Complete Tokens will be implemented using the JSON Web Tokens Setting up JWT Token Authentication is relatively simple with Passport. Simplest way to use openid as authentication for static content. I have a private website used as an intranet site for workers from around the world who have accounts with my Google Apps domain (example.com). They currently use OpenId to log in to various collaborative tools, so I want to use this for my site too.

Another way to add authentication or gated content to any static site: 1) First load a static container page (header, footer) and implement user Authentication js code using Auth0, firebase, okta etc.

2) When user successfully logs in then make an ajax api call passing that auth access_token to retrieve the sensitive content.

3) Load/append that sensitive content in the site using js.

Of Course, there has to be one server/serverless function which would listen to that ajax api call, authenticate it and sends the content back to the browser.

This is called client side authentication.

More on this: https://auth0.com/blog/ultimate-guide-nextjs-authentication-auth0/

Authentication in Static Website Hosting, Web, Mobile, Social Hello, I was recently working with static website hosting in S3 and Cognito so that only authenticated people can access the webpage. Should I use Cloudfront or there's any other way I can achieve this? /latest/​DeveloperGuide/private-content-restricting-access-to-s3.html Combine restriction by IP and HTTP authentication with the satisfy directive. If you set the directive to to all, access is granted if a client satisfies both conditions. If you set the directive to any, access is granted if if a client satisfies at least one condition: location /api { #

Best way would be to use Firebase Auth! Check it out at https://firebase.google.com/docs/auth/

You could check if the user is authenticated or not in this way.

<script type="text/javascript">

        function initApp() {
          // Listening for auth state changes.
          // [START authstatelistener]
          firebase.auth().onAuthStateChanged(function (user) {
            if (user) {
              //User is signed in.
                  if (!emailVerified) {
              //Additional check for email verification
              }
            } else {
              // User is signed out.
            }
          });
          // [END authstatelistener]
        }
        window.onload = function () {
          initApp();
        };
      </script>

Add Authentication to Any Web Page in 10 Minutes, Your simple web page now has way more pizazz. Now go ahead and enter your Okta credentials into the login form and see what happens. You'  This makes Google Forms one of the easiest ways to save data directly into a spreadsheet. With Forms, you can collect RSVPs, start surveys, or create quizzes for students with a simple online form. You can share your form via email, a direct link, or on social media and ask everyone to participate.

Serverless: password protecting a static website in an AWS S3 , Serverless: password protecting a static website in an AWS S3 bucket Basic HTTP Authentication for S3 and CloudFront with Lambda@Edge Implement access control by looking for specific headers before passing requests to the origin. Let's quickly look into how Basic HTTP Authentication works. Access to the origin S3 bucket is restricted to the CloudFront distribution only. Users cannot go around CloudFront and access resources in the bucket directly (even if they know the direct URL within the bucket). This can be easily configured under Origin Settings in CloudFront, no need to write S3 bucket policies manually:

Django Highlights: User Models And Authentication (Part 1 , In a static website, the server sends HTML, CSS, and JavaScript to a client One major reason to develop a dynamic site is to authenticate users and restrict content. the best way to provide secure, intuitive user authentication flows. and privilege of regular accounts, but also have access to the Django  Static website hosting makes the files available for anonymous access. If you need to control who can access the files, you can store files in Azure blob storage and then generate shared access signatures to limit access.

Create a static website with authentication tutorial with React and , Tutorial to add authentication logic to a static website hosted by Netlify, using React is in fact a much simpler tool to deal with dynamic interaction, it is quite To allow Netlify to manage the identities on your website you will have to Displaying a signin/signup form that allows a user to authenticate. The simplest way to implement a custom, HTTP request based authentication system is by using the Auth::viaRequest method. This method allows you to quickly define your authentication process using a single Closure. To get started, call the Auth::viaRequest method within the boot method of your AuthServiceProvider.

Comments
  • Hi Rahul, I considered Firebase Auth but ran into some difficulties. I created a firebase project, enabled the Google sign-in method, created a login page, and successfully signed in with my Google account. But since you can't configure rules with Firebase Hosting (see stackoverflow.com/questions/48753740/…), the only remaining option is to use Firebase Storage. It doesn't seem like there's a way to serve a static website composed of multiple files and relative links with Firebase Storage. Any ideas?
  • See here as well: stackoverflow.com/questions/27212004/…
  • Well, you could dynamically check if user is logged into firebase or not using certain firebase functions in Javascript. Depending on that you could display content or choose to hide them if they are not authenticated (You could use any front-end framework to prevent displaying the content instead of just setting display:none)
  • @catanman Check the updated answer and see if you get what I'm trying to say.
  • I ended up finding a simpler solution that doesn't require any code.