Auth0 Home Blog Docs

Webflow and Lock

lock

#1

I want to know if it’s possible to secure a webflow.com website using https://auth0.com/lock and https://webtask.io/

I looking to create an online course for my client and as we’re building their website in Webflow I’d ideally like to host the client’s online course with Webflow as well.

To create and manage the course we’ll use the Webflow CMS. The course will be a ‘collection’ in the Webflow CMS—see https://help.webflow.com/article/what-is-webflow-cms

The idea then is to password protect the course section of the website using Auth0. To do this it looks like we’d need to:

So, do you think this is possible?


#2

Disclaimer: Don’t take this as a definitive answer as I never used Webflow.


From their docs they seem to support site-wide password protection, but I fail to see how this could be used to implement end-user based authentication. In general, to accomplish such a thing Webflow itself should support configuring authentication based on a standard protocol like OpenID Connect. This would then allow user authentication to be integrated not just with Auth0, but with any certified provider.

In conclusion, using their built-in hosting and the features they have available I don’t see a good way of implementing your scenario. If you just used Webflow for the content and design management and then host it yourself then it should be possible to integrate as you would have full control to implement a flow based on OpenID Connect in order to achieve user authentication.


#3

Thanks for your reply @jmangelo

You’re right in that their site-wide password protection is not what I’m after as it’s just a single password rather than separate login details for every user.

I’m using the Webflow CMS and so I need to host the website with Webflow.

I guess my question really is: can Auth0 and Webtask.io be used if I can only insert Javascript into my website, or is there no way to get this to work unless I can run server side code like Node.js or PHP?

Many thanks,
David


#4

Thanks for your reply @jmangelo

You’re right in that their site-wide password protection is not what I’m after as it’s just a single password rather than separate login details for every user.

I’m using the Webflow CMS and so I need to host the website with Webflow.

I guess my question really is: can Auth0 and Webtask.io be used if I can only insert Javascript into my website, or is there no way to get this to work unless I can run server side code like Node.js or PHP?

Many thanks,
David


#5

Technically, you can implement the implicit grant only with Javascript and that would allow to perform end-user authentication/authorization. However, that will only be helpful if the content you want to protect can then only be accessible by performing an additional call with the access token issued as part of end-user authentication. If the content to be protected is static or is behind an AJAX call and you can’t protect it access with an OAuth access token then it may not be of any help the fact that you can perform the implicit grant with just JS.


#6

That makes sense, thanks @jmangelo


#7