Open CrazyPython opened 1 year ago
maybe more of a feature request than a question
Actually, I think I'll use auth0 instead, and use its roles system. Is it possible to assign caddy-security roles from auth0 roles?
I am trying to do this too in https://community.auth0.com/t/roles-not-added-to-token/139895/6?u=qrkourier
https://docs.authcrunch.com/docs/authorize/acl-rbac#sources-of-role-information says Caddy Security AuthZ looks in the app_metadata.authorization.roles
list for strings that represent roles, but they're not being added/noticed by Caddy Security, and I'm unsure how to inspect the token's claims to verify they are present.
I have a service using Discord and SMS auth. I also have an Airtable that has an allowlist of users permitted to access the application. Is it possible to use an external data source other than guild membership to determine caddy security roles? I want to be able to permit only allowlisted users to log-in.
For example, Discord roles or a JSON file with a list of allowed Discord user IDs.