Problems with Redirect JWT gated pages on edge

  1. The documentation inconcistently indicates in some places that redirection based Role gating is a Business team teir only feature. However I find it works on the following site.

https://deploy-preview-3--twam-gallant-swirles-d68516.netlify.app/
(AKA https://5f25d80e545f090008cbae72--twam-gallant-swirles-d68516.netlify.app/ )

That’s great as I need it for my charity project. I hope it should work as I see this a basic requirement of Jamstack - otherwise you need a function to gate content on demand - not very Jamstack at all, and definitely not on the edge! :frowning:

  1. The documentation gives examples with a _redirects file but not using the netlify.toml. I have not found the right syntax that works in the toml. The key problem is you do not need a to: path for the role gating but one is required by the syntax

  2. Most anoyingly it does not work with the awesome “netlify dev”. If I have no _redirects file then all is well but as soon as i add one with this rule

/rdm/* 200! Role=admin

then the /rdm/ page cannot be reached - whatever the role when logged in. The tab just endlessly shows a spinner (Firefox).

Thanks

The hanging may be the “!” in the redirect as when I have “force=true” in the toml I get the same effect. I’m guess the two do the same thing?

Hi @slim, do you have a fallback redirect rule after that Role-based one? It will likely remain in that loading state due to the request being rejected with a 401 but there is no fallback redirect rule so it’s got nowhere to go. Likely if you add the following, things would work:

/rdm/* / 401!

Let me know if that works for you.

1 Like

Thanks Dennis

I’ll give that a go but would much rather the the same behaviour as the deployed site - ie 404 if not the right user or else letting access the page.

As of right now I don’t have a good conceptual model for how the redirect rules work. Some doc would help. Perhaps just the algorythm used?

Sadly not. If I do not have he role (eg not logged in) it just spins.

I’m assuming the Netlify Dev must “phone home” to check the user roles so is that what is not working? Mind you what if i’m not logged in?

my mistake - the 401 redirect is working locally. I need

/rdm/* /404.html 401!

though for my custom 404 page, so is the netlify dev not performing the same auto 404 routing that the edge does? Could it for consistency?

Sadly though I’m still not getting access when I am logged in as a user with the rdm role :frowning:

Hey @slim,
Here’s an example of a netlify.toml for the kind of use case you’re talking about:

# access auth page regardless of whether you're authenticated
[[redirects]]
	from = "/auth.html"
	to = "/auth.html"
	status = 200

# if authenticated, access 404 page
[[redirects]]
	from = "/*"
	to = "/404.html"
	status = 404
	conditions = {Role = ["admin"]}

# if authenticated, access everything
[[redirects]]
	from = "/*"
	status = 200
	force = true
	conditions = {Role = ["admin"]}

# for everything else, you're pushed to the auth page with 401
[[redirects]]
	from = "/*"
	to = "/auth.html"
	status = 401
	force = true

Our toml and redirect files are parsed and applied top to bottom, so the final rule acts as a catch-all when the first three rules don’t apply. The number of rules needed can be a bit confusing, so wanted to share in case this is helpful.