OK, here comes one of my newbie questions again… sorry!
I’ve got my Caddy Web Server running nicely and was wanting to secure one of my servers. I deployed basic_auth which worked for 95% of my case scenarios. But when the site is accessed through an app client (fyi… Home Assistant Companion - ios + android ) - I get a 401 Unauthorised error. I suppose the app won’t allow the input of user credentials and just tries to force it’s way through.
I tried providing a URL as follows. but they failed also…
So I am now thinking perhaps a token-based approach might work, something like…
I have looked at the jwt and login plugins and they are a bit over my head and seeking help on the simplest way to deploy this security feature. The token-url will end up being hard coded into my Home Assistant configuration (in a place that is secure); so I am not too concerned with dynamically creating the tokens securely or applying expiries.
I basically want to create a token-url in a leave-and-forget situation and have caddy interpret the directive. What is the simplest way I can do this? Or should I be considering something else?