Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.5K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.5

Łukasz Wójcik

Has anyone implemented user authentication system to a static site (think: / / anything that ends up as a bunch of HTML pages)?

I'd love to restrict access to one of my semi-public sites to a specific group of friends and assign them their own user-password pairs.

I'd love something nicer than plain .htpasswd.

I'd love it to be as plain and simple as possible. Only a login form. No user sign up, no password reminders. Maybe magic links via email or even static user-password pairs stored in a secure manner on some external backend server.

Of course, I want to self-host it, I want to spend as little time as possible maintaining it, but I could pay a reasonable sum for a nice out-of-the-box solution.

Any suggestions?

(I know Authorizer - authorizer.dev/ - but I wonder if there's anything else I haven't discovered)

authorizer.devAuthorizer | Your data your controlOpen Source Authentication and Authorization solution for your business. Easy to integrate and quick to implement with available SDKs
Jan 03, 2025, 10:05 PM·Public·Web
1boost·1favorite
Quiet public
Emil Oppeln-Bronikowski

@lukem Client-side it will be always a wash, if I had to do it I'd go for something simpler, a passphrase based descrambler. Add a tag to your static generator to take the content, AES it with a passphrase and base64 it to avoid browsers acting up. Dump it onto screen as is with "descramble". Grab the pass from user, get text from div, descramble, update and done.

Quiet public
Emil Oppeln-Bronikowski

@lukem You can make add key to URL's partial if you want to distribute it in clickable form, but that's like leaking a passphrase (same with BASIC AUTH)

Public
James Cridland

@lukem Going to be hard on a static website.

.htpasswd would allow you to send a link with username:password in the URL, so the user need only know that this is their special link. You’d need to be running Apache or similar to achieve this though (ie not a “serverless” solution like S3).

I guess you could write a bit of JavaScript that builds that URL for you from a static login page? Similarly, I guess you could also use JavaScript to echo back the username on the page, and a “log out” function that removes those from the URL.

Public
WTL

@lukem @jcrabapple 🤔 I think for the effort, using the .htpasswd is the easiest way to do this.

Public
Łukasz Wójcik

@bobmonsour catching up with notifications...

Thanks for this! Will have a look.

ExploreLive feeds
About