Skip to content

Commit 811587c

Browse files
docs: allowed callers (#484)
* docs: authorized users Signed-off-by: David Dal Busco <david.dalbusco@outlook.com> * 📄 Update LLMs.txt snapshot for PR review * chore: merge main Signed-off-by: David Dal Busco <david.dalbusco@outlook.com> * docs: configuration and rename to allowed callers Signed-off-by: David Dal Busco <david.dalbusco@outlook.com> * 📄 Update LLMs.txt snapshot for PR review * 📄 Update LLMs.txt snapshot for PR review --------- Signed-off-by: David Dal Busco <david.dalbusco@outlook.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
1 parent 3d00cf4 commit 811587c

3 files changed

Lines changed: 98 additions & 1 deletion

File tree

.llms-snapshots/llms-full.txt

Lines changed: 42 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -960,6 +960,37 @@ For example, setting this to `10` means only `10` new users can be created per m
960960

961961
Default is `100`.
962962

963+
---
964+
965+
### Allowed Callers
966+
967+
This option gives you full control over who's allowed to use your app.
968+
969+
If you enable this, only the identities you list (in user key, format, like `bj4r4-5cdop-...`) will be allowed to sign in or use any features like Datastore or Storage.
970+
971+
* If someone's not on the list, they can't even register.
972+
* If they are, they can use the app just like any other user (unless they're banned).
973+
974+
Use this if you want to limit access to a private group — for example, for internal testing or early access users.
975+
976+
#### How to Get the User Identities
977+
978+
There are two common ways to manage the list of authorized users:
979+
980+
1. After sign-in
981+
982+
You can share your app link with a few users, let them sign in, and then add their keys to the authorized list. The user table will show their identity once they've signed in at least once.
983+
984+
2. Before sign-in
985+
986+
If you want to block all sign-ins except for those explicitly allowed before hand, start by adding your own developer ID (shown in the Console) to the list.
987+
988+
This activates the restriction: once at least one identity is listed, only those identities can sign in. If the list is empty, then everyone can sign in.
989+
990+
You can then share the app link with others. When they attempt to sign in and are blocked, you can show a message that displays their user key (e.g. using the `unsafeIdentity` function from `@junobuild/core`).
991+
992+
They can send you their key, and you can add them to the list manually to grant access.
993+
963994
# Collections
964995

965996
You can create or update a collection in the "Collections" tab in Juno's console under the [datastore](https://console.juno.build/datastore) view.
@@ -7070,7 +7101,7 @@ For most applications, we recommend using the default subnets and staying on the
70707101

70717102
| Subnet ID | Type | Canisters (Running/Stopped) | Nodes (Up/Total) |
70727103
| --- | --- | --- | --- |
7073-
| 6pbhf-qzpdk-kuqbr-pklfa-5ehhf-jfjps-zsj6q-57nrl-kzhpd-mu7hc-vae | Juno's Subnet | 35216/689 | 13/13 |
7104+
| 6pbhf-qzpdk-kuqbr-pklfa-5ehhf-jfjps-zsj6q-57nrl-kzhpd-mu7hc-vae | Juno's Subnet | 35340/692 | 13/13 |
70747105
| pzp6e-ekpqk-3c5x7-2h6so-njoeq-mt45d-h3h6c-q3mxf-vpeq5-fk5o7-yae | Fiduciary | 3030/8 | 34/34 |
70757106
| bkfrj-6k62g-dycql-7h53p-atvkj-zg4to-gaogh-netha-ptybj-ntsgw-rqe | European | 24912/593 | 13/13 |
70767107
| brlsh-zidhj-3yy3e-6vqbz-7xnih-xeq2l-as5oc-g32c4-i5pdn-2wwof-oae | | 35034/728 | 13/13 |
@@ -7902,6 +7933,16 @@ For example, if you set `derivationOrigin` to "hello.com", a user signing in at
79027933
import { defineConfig } from "@junobuild/config";export default defineConfig({ satellite: { ids: { production: "qsgjb-riaaa-aaaaa-aaaga-cai" }, authentication: { internetIdentity: { derivationOrigin: "hello.com" } } }});
79037934
```
79047935

7936+
#### Allowed Callers
7937+
7938+
This option gives you control over who is allowed to use your app, whether they are already registered or not.
7939+
7940+
```
7941+
import { defineConfig } from "@junobuild/config";export default defineConfig({ satellite: { ids: { production: "qsgjb-riaaa-aaaaa-aaaga-cai" }, authentication: { rules: { allowedCallers: [ "eunqq-ctbep-mwing-6cwte-f5frt-qe7tu-ilmgk-wmy3m-mdi3j-mcsvx-zae" ] } } }});
7942+
```
7943+
7944+
For more explanation, see the related [section](/docs/build/authentication/management.md#allowed-callers) in Authentication.
7945+
79057946
### Assertions
79067947

79077948
The CLI conducts several assertions when interacting with your Satellite, one of which involves monitoring the heap memory size. Typically, the CLI checks to ensure that the heap memory does not exceed the 1 GB limit before deployment. For instance, if your heap memory usage is close to 900 MB, the CLI will prompt you to confirm the deployment.

docs/build/authentication/management.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,3 +54,34 @@ This lets you limit how many new users can sign up per minute. It's helpful to p
5454
For example, setting this to `10` means only `10` new users can be created per minute.
5555

5656
Default is `100`.
57+
58+
---
59+
60+
### Allowed Callers
61+
62+
This option gives you full control over who's allowed to use your app.
63+
64+
If you enable this, only the identities you list (in user key, format, like `bj4r4-5cdop-...`) will be allowed to sign in or use any features like Datastore or Storage.
65+
66+
- If someone's not on the list, they can't even register.
67+
- If they are, they can use the app just like any other user (unless they're banned).
68+
69+
Use this if you want to limit access to a private group — for example, for internal testing or early access users.
70+
71+
#### How to Get the User Identities
72+
73+
There are two common ways to manage the list of authorized users:
74+
75+
1. After sign-in
76+
77+
You can share your app link with a few users, let them sign in, and then add their keys to the authorized list. The user table will show their identity once they've signed in at least once.
78+
79+
2. Before sign-in
80+
81+
If you want to block all sign-ins except for those explicitly allowed before hand, start by adding your own developer ID (shown in the Console) to the list.
82+
83+
This activates the restriction: once at least one identity is listed, only those identities can sign in. If the list is empty, then everyone can sign in.
84+
85+
You can then share the app link with others. When they attempt to sign in and are blocked, you can show a message that displays their user key (e.g. using the `unsafeIdentity` function from `@junobuild/core`).
86+
87+
They can send you their key, and you can add them to the list manually to grant access.

docs/reference/configuration.mdx

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -240,6 +240,31 @@ export default defineConfig({
240240
});
241241
```
242242

243+
#### Allowed Callers
244+
245+
This option gives you control over who is allowed to use your app, whether they are already registered or not.
246+
247+
```javascript
248+
import { defineConfig } from "@junobuild/config";
249+
250+
export default defineConfig({
251+
satellite: {
252+
ids: {
253+
production: "qsgjb-riaaa-aaaaa-aaaga-cai"
254+
},
255+
authentication: {
256+
rules: {
257+
allowedCallers: [
258+
"eunqq-ctbep-mwing-6cwte-f5frt-qe7tu-ilmgk-wmy3m-mdi3j-mcsvx-zae"
259+
]
260+
}
261+
}
262+
}
263+
});
264+
```
265+
266+
For more explanation, see the related [section](../build/authentication/management.md#allowed-callers) in Authentication.
267+
243268
### Assertions
244269

245270
import Assertions from "../build/components/assertions.mdx";

0 commit comments

Comments
 (0)