Hello fellow selfhoster! on my debian server I use Caddy as reverse proxy, and would like to protect some services and files with a password. I would like, however, to be able to access some protected files programmatically, from a script. using Caddy’s built-in basic_auth works as intended, but I’d like to be able to use a login form instead of just a browser prompt. This is AFAIK not possible, so I’m looking for alternatives. Any idea?
Yeah, I believe you don’t need to extend Caddy at all for that.
Add a properly-formatted Authorization header to any requests you make to the server and it’ll work. See Wikipedia page for header string format:
https://en.wikipedia.org/wiki/Basic_access_authentication
On the webpage side, I’d have the login form make a POST to your login endpoint using a basic auth header to pull a JWT that acts as a “real” auth key for other pages.
This is all assuming you want to stick with basic auth as opposed to a more heavyweight option.