Open teodesian opened 2 years ago
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
We should use an entirely 3rdparty auth solution such as keycloak -- this will allow us to have nginx handle route restriction, and have tcms consult ACLs.
Other options: https://github.com/apereo/cas https://github.com/gate-sso/gate https://www.keycloak.org/ SQRL at the GRC
Example of using the nginx stuff: https://tailscale.com/blog/tailscale-auth-nginx/
https://metacpan.org/pod/Dancer2::Plugin::Argon2
github ory/kratos might also be a good thing to consider supporting.