Question: Auth
See original GitHub issue(related: #1418. Separate issue b/c this is just me asking if my approach makes sense, and this got a bit too long-form for our internal chat)
So I’m starting to write docs for LH on authenticated pages. I know little about auth stuff. I see some stuff on JWT. And cookies. and then there’s Basic auth. and feeling a bit lost, so let my run this by y’all.
- So for basic auth, you just need to set an
Authorization: Basic ...
header (--extra-headers=./path/to/secret/headers.json
). - For token/JWT stuff, same thing but
Authorization: Bearer ...
- For cookie based auth,
--extra-headers "{\"Cookie\":\"test=true\"}"
is needed. There are some issues with this, see https://github.com/GoogleChrome/lighthouse/pull/9170 . The current proper way to set cookies (without overwriting what already exists) is via pupeteer / CDP - #9170 would make this much simpler.
I want to make a local server that does a few different methods of auth to test stuff out. Here’s a simple basic auth server in python: https://gist.github.com/dragermrb/108158f5a284b5fba806 . I’ll probably make a cookie / token based one too.
- Does this sound right - am I missing anything?
- An alternative to setting headers / cookies via LH CLI flags is to use a custom Chrome profile, and set it up however you want, then instruct LH to use that. I don’t know if that actually covers anything more than the header flags would - does it?
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (2 by maintainers)
Top Results From Across the Web
Security questions authentication method - Azure
Learn about using security questions in Azure Active Directory to help improve and secure sign-in events.
Read more >7 Must-Ask Questions When Selecting An Authentication ...
MIRACL Technologies Ltd · 1. Is the authentication truly two factor? · 2. Is the authentication solution immune to phishing attacks? · 3....
Read more >Set Up Security Questions as an Authentication Method
The authentication methods available to you appear on the Select Your Default 2-Step Verification Method page. Click Security Questions. The number of security ......
Read more >Interview Questions and Answers for 'Authentication'
Q2. What is the difference between authentication and authorization ? Ans. Authentication is the process of verifying the identity and credentials of the...
Read more >What is challenge-response authentication? - TechTarget
In its simplest form, challenge-response authentication is composed of two basic components: a question and a response. The goal of the question, ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
It’s true that user account/login state can be defined in lots of different ways. localStorage, cookies, indexedDB, etc.
Stepping back, I don’t see users actually asking for this. In fact, looking at #1418, it’s us who are suggesting setting cookies/headers as a means to do this.
Meanwhile, when an example of using puppeteer to login was posted, it quickly got the most 👍 reactions in the thread.
Similarly, the WPT scripting language is mostly used to fill in login forms.
My suspicion is that folks who currently have integration tests on their login-based webapp are logging into them with forms rather than prefilling *storage state or setting request headers. I also think this is far more user-friendly.
IMO the ask here is to document using pptr to login and handing off to lighthouse. This comment laid the groundwork, but it could afford to be generalized.
We should also mention the two backup solutions of… A) extra-headers and B) chrome profile reuse.
fixed by #9628
https://github.com/GoogleChrome/lighthouse/blob/master/docs/authenticated-pages.md https://github.com/GoogleChrome/lighthouse/blob/master/docs/recipes/auth/README.md