Local database based authorization in apache?

magwas · October 4, 2019, 9:14am

Hi There,

(I’n not sure whether this is the right topic to ask this. Which would be the right one?)

I have an apache server which runs fine, accepting github and google logins, based on the associated email address.

I would like to modify the setup such that I have a postgres database of users and their roles, and I would like to authorize the roles to access some directories below webroot.

What configuration should I use to achieve this?

For reference, my current configuration looks like this:

    DocumentRoot /var/www/repo

OIDCProviderMetadataURL https://kode-konveyor.eu.auth0.com/.well-known/openid-configuration
OIDCClientID <my client id>
OIDCClientSecret '<my client secret>'

OIDCScope "openid name email"
OIDCRedirectURI https://repo.kodekonveyor.com/auth/callback
OIDCCryptoPassphrase <password>

    <Directory /var/www/repo>
            DirectoryIndex off
            RewriteEngine Off
            AllowOverride None
            AuthType openid-connect
            Require claim email:<github email address>
            Require claim email:<another github email address>
            LogLevel debug
    </Directory>

James.Morrison · October 14, 2019, 3:26pm

Good morning @magwas and welcome back!

Would it be possible to leverage the Role Based Access Control (RBAC) feature in Auth0 for your desired goal?

Also it’s important to note that custom databases are an enterprise feature when evaluating this option.

Thanks!

James.Morrison · October 28, 2019, 7:26pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.