no authentication

[njfamirm]

I need to use decap CMS with minimum complexity, authentication complexities are too much for me!

I think the best method is to use the htpasswd file
Very simply, I put this file in /admin and authenticate without using a special service
for github access is possible to hard code token in client?

and can create feature for no authentication backend?

[martinjagodic]

Hi @njfamirm, thanks for submitting.

First, the feature description is lacking explanation, please fill out all the fields in the issue template

Second, I think that hardcoding GitHub tokens is a security violation and that there is no place for it in Decap.

For these reasons, I'm closing the issue for now. Once you add the missing information, I can open it again.

[njfamirm]

Thank you for your response @martinjagodic
I tried to provide additional explanations, this is all I could relate...

Of course, I came up with a better idea
If we can restrict user access to ‍/admin
Is it possible to get a secret token on the client-side and log in after returning?

[martinjagodic]

I'm not sure what you're suggesting. Perhaps sharing more details about your project could enlighten someone.

[iamolegga]

@martinjagodic authentication could be made on a lower level, for example, we could have cloudflare zero trust turned on for all paths that start with /admin so only identified by Cloudflare (kind of similar to Netlify identity) users will have access to admin panel, of course hardcoding GH token still is not ideal but that's a good tradeoff imho if you trust such users

[martinjagodic]

This seems like a viable idea, but I am not familiar with Cloudflare Zero Trust. It appears that there is some interest in this, so we would gladly accept a contribution in the form of docs/tutorial or a PR.