I have a static site of internal documentation hosted on AWS CloudFront at a subdomain we own (https://docs.example.com). We don’t have a VPN or private network, so I want a simple way to check for a cookie from Auth0, and if not found redirect to Auth0. Once authenticated set the cookie in a redirect back so that other pages in the doc site are considered to be authenticated.
CloudFront provides the options to create functions that do various checks on requests. However I don’t want Auth0 secrets embedded in the code. I mainly want a basic way to have some confidence that a user has authenticated with my Auth0 app. This is not a high-security situation.
Is there a way that I can configure Auth0 so there’s an endpoint I can request, and have it redirect back with some value that I can save in a cookie?
(I do understand that such a strategy is simplistic and easily spoofed. All I want is a way to make it a tad more difficult to view our internal docs.)