hlinden
commented
1 year ago Yep. This or mutual TLS which, tbh, would be my preferred way.
You can kinda do this now by using the https://user:password@yourdomain.tld-Notation, however that probably means that your credentials will end up somewhere in non-secure storage on the phone.
Funny enough: If you disable basic auth on your server, set up the app and then re-enable basic auth with the same credentials as paperless uses it will just work™, probably because this app uses the Authorization-header in its requests anyway and that just happens to auth against the reverse proxy as well as the paperless app behind it.
This will break when the author switches to token auth but for now, eh.
Is your feature request related to a problem? Please describe. It would be nice of the app supported a SECOND frontend http auth login/password step
Describe the solution you'd like Putting things on the internet is a bit scary, so whenever possible I enable http auth in front of the apps exposed on the internet. This at least stops bots that are testing for know exploits in popular apps from finding anything on the backend.
It of course means I have two user/password prompts before I can access the application. This is fine, unless I am trying to use a mobile app to access the back-end service.
It would be nice if there was an [x] enable second http auth login (and username/password fields).
The app would use the new username/password to get past the standard http auth, and then just login to the paperless app as it normally would.
Describe alternatives you've considered N/A
Additional context Awesome App!