Using JWT from custom authentication to protect certain pages

Here’s what I already have:

  1. A custom web app that already has user authentication. It already leverages JWT for authentication.
  2. A semi-public site on Netlify that has certain pages I would like to only expose to authenticated users of my web app.

I would like to redirect users who are not authenticated to my web app login page to authenticate and then redirect back to their requested (protected) page on my public site.

Is this even possible? If so, what’s the best option? I’ve read as much documentation as I can find, but it seems like this might not be possible. And if it is, would I need to upgrade to the Business plan (likely cost-prohibitive)?

Thanks in advance!

Hey, and welcome to the forum :slight_smile:

If I’m understanding your description correctly, then yes this is possible with Netlify. I know you said you’ve read all the docs already, but in case you were looking for something other than “Netlify Identity” you may not have found these, so posting here:

You’ll see that there are two options for registration: open vs. invitation-only, and there are a few different auth options. If you go the open registration route, you get 1,000 authenticated users free, and 5 invite-only users for free. More on that here, under “Identity”:

Not sure if I answered your question here- feel free to post follow-ups if not!

1 Like

Last thing! This is about role-based access specifically:

1 Like

Jen, thanks for the response, but it looks like I didn’t explain myself well enough.

I don’t want to require my users to have to create an additional account for the Netlify site. They already have an account within the web app that I would like to leverage.

Thanks!

Thanks so much for clarifying! I was definitely confusing authentication (Netlify Identity, or an external provider, which you mentioned you already have) with authorization (role-based access).

So, based on your current setup, the role-based access docs I posted above are in fact what you’re interested in. You’re right that you would need a Business plan to access that feature.

Thanks, Jen. But I still don’t see how this is possible based on the docs, even with a business plan. According to the docs, there are only 4 supported external providers. Is there a way to do a custom (my web app) external provider that I’m not seeing?

I need to know how to do this (if possible) before I can make a decision.

As far as I know, those external providers are examples of auth providers we support but are not required- you can bring your own JWTs. My colleague @futuregerald set up a small example of how this would work:


My understanding of this is that when someone clicks “Sign In” on login.html, the auth.js script in functions/ is called, which sets a cookie for that user. Since you’ll enter your JWT_SECRET environment var in the Netlify UI, Netlify can then check that cookie and redirect accordingly.

Let me know if this answers your question or if we can help further!

2 Likes