My wife and I are making a photos website for our families, she will be making the app itself (next.js and mongoDB) and I’m going to host it on our proxmox server from home. Just to preface I’m aware we could use something like Authelia but I don’t want to have to manage a database of accounts/passwords for so many people and don’t want people to have to make a new sign in which will undoubtedly end up with unsafe passwords, so we have decided to go the SSO route if we can. I’m just wanting to check I’m on the right track with the following questions:
- I understand I can use cloudflare tunnels with google SSO to restrict access to the page, and this will mean we need a list of email accounts that will be able to access the page. Is there any way we can allow users who have access to invite other users to access the website, or is the only option to have people who want access to reach out to us and we add them ourselves? (Our thought is it will reach the extended family, so this will save us a bit of maintenance giving people access)
- Will providing access this way allow us to have any userID from the SSO that we can use to facilitate user settings like favourites? Or would this mean moving the google sign in from cloudflare to the site itself?
Thanks in advance!
AFAIK, You’ll have to implement SSO in your app and handle what “invite” means there. If you use cloudflare you’ll need to put the list of emails there.
Your app will get
Cf-Access-Authenticated-User-EmailsandCf-Access-Jwt-Assertionheaders for the user. Would that be enough to implement what you need?