Sveltia CMS Authenticator
This simple Cloudflare Workers script allows Sveltia CMS (or Netlify/Decap CMS) users to authenticate with GitHub or GitLab.
You don’t have to use it if you previously had Netlify/Decap CMS and your site is still being deployed to Netlify or if you have already used another 3rd party OAuth client.
You can use it if your site is hosted (or has been moved to) somewhere else, such as Cloudflare Pages or GitHub Pages, and you don’t have any other 3rd party client yet.
How to use it
Step 1. Deploy this project to Cloudflare Workers
Sign up with Cloudflare, and click the button below to start deploying.
Alternatively, you can clone the project and run wrangler deploy locally.
Once deployed, open your Cloudflare Workers dashboard, select the sveltia-cms-auth service, then the worker URL (https://sveltia-cms-auth.<SUBDOMAIN>.workers.dev) will be displayed. Copy it for Step 2. It will also be used in Step 4.
Step 2. Register the Worker as an OAuth app
GitHub
Register a new OAuth application on GitHub (details) with the following properties, including your Worker URL from Step 1:
- Application name:
Sveltia CMS Authenticator(or whatever) - Homepage URL:
https://github.com/sveltia/sveltia-cms-auth(or whatever) - Application description: (can be left empty)
- Authorization callback URL:
<YOUR_WORKER_URL>/callback
Once registered, click on the Generate a new client secret button. The app’s Client ID and Client Secret will be displayed. We’ll use them in Step 3 below.
GitLab
Register a new OAuth application on GitLab (details) with the following properties, including your Worker URL from Step 1:
- Name:
Sveltia CMS Authenticator(or whatever) - Redirect URI:
<YOUR_WORKER_URL>/callback - Confidential: Yes
- Scopes:
apionly
Once registered, the app’s Application ID and Secret will be displayed. We’ll use them in Step 3 below.
Step 3. Configure the Worker
Go back to the sveltia-cms-auth service page on the Cloudflare dashboard, select Settings > Variables, and add the following Environment Variables to your worker (details):
GitHub
GITHUB_CLIENT_ID: Client ID from Step 2GITHUB_CLIENT_SECRET: Client Secret from Step 2; click the Encrypt button to hide itGITHUB_HOSTNAME: Required only if you’re using GitHub Enterprise Server. Default:github.com
GitLab
GITLAB_CLIENT_ID: Application ID from Step 2GITLAB_CLIENT_SECRET: Secret from Step 2; click the Encrypt button to hide itGITLAB_HOSTNAME: Required only if you’re using a self-hosted instance. Default:gitlab.com
Both GitHub and GitLab
ALLOWED_DOMAINS: (Optional) Your site’s hostname, e.g.www.example.com- Multiple hostnames can be defined as a comma-separated list, e.g.
www.example.com, www.example.org - A wildcard (
*) can be used to match any subdomain, e.g.*.example.comthat will matchwww.example.com,blog.example.com,docs.api.example.com, etc. (but notexample.com) - To match a
www-less naked domain and all the subdomains, useexample.com, *.example.com
- Multiple hostnames can be defined as a comma-separated list, e.g.
Save and deploy.
Step 4. Update your CMS configuration
Open admin/config.yml locally or remotely, and add your Worker URL from Step 1 as the new base_url property under backend:
backend:
name: github # or gitlab
repo: username/repo
branch: main
+ base_url: <YOUR_WORKER_URL>Commit the change. Once deployed, you can sign into Sveltia CMS remotely with GitHub or GitLab!
FAQ
Why do I have to set this thing up in the first place?
Technically, we could host Sveltia CMS Authenticator on our own server and let anyone use it, just like Netlify does. The cost probably wouldn’t matter because it’s just a small, short-lived script. However, running such a service certainly comes with legal, privacy and security liabilities that we cannot afford. Remember that Sveltia CMS is nothing more than @kyoshino’s personal project. That’s why the authenticator is not offered as SaaS and you have to install it yourself.
Acknowledgements
This project was inspired by netlify-cms-oauth-firebase.