From f53f661634c55a8f7dcd45e4943e6178c6103c6a Mon Sep 17 00:00:00 2001 From: David Dal Busco Date: Sat, 26 Jul 2025 15:16:23 +0200 Subject: [PATCH 1/6] docs: authorized users Signed-off-by: David Dal Busco --- docs/build/authentication/management.md | 61 ++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/docs/build/authentication/management.md b/docs/build/authentication/management.md index 41b6ae64..8d79babf 100644 --- a/docs/build/authentication/management.md +++ b/docs/build/authentication/management.md @@ -10,7 +10,7 @@ The built-in authentication feature allows developers to ban or unban users with :::note -A ban is not a deletion. The user’s authentication entry remains in the system, and they can be unbanned at any time. +A ban is not a deletion. The user's authentication entry remains in the system, and they can be unbanned at any time. ::: @@ -26,3 +26,62 @@ To ban a user, follow these steps: Once banned, the user will not be able to sign in, create, update, or delete data in Datastore or Storage. ![A screenshot of the Juno Console's Authentication section, displaying the user management interface with options to ban or unban users](../../img/satellite/user-management-ban.webp) + +--- + +## Setup + +The Authentication tab in the Console (or the CLI config) lets you customize how users sign in to your app and who's allowed to access it. Here are the available options: + +--- + +### Main Domain ("Derivation Origin") + +This setting helps you control how users are identified when signing in with Internet Identity. It makes sure users get the same identity across different domains or subdomains of your app. + +For example, if you set it to "hello.com", a user signing in at https://hello.com will receive the same identifier (principal) as when signing in at https://www.hello.com. In other words, the user will be recognized as the same person. + +This is useful because, by design, it creates a different identity for each domain to protect user privacy and prevent tracking. + +Use this if your app runs on multiple subdomains and you want a consistent user experience. + +--- + +### Max Updates Per Minute + +This lets you limit how many new users can sign up per minute. It's helpful to prevent abuse or unexpected spikes (like bots flooding your app). + +For example, setting this to `10` means only `10` new users can be created per minute. + +Default is `100`. + +--- + +### Authorized Users + +This option gives you full control over who's allowed to use your app. + +If you enable this, only the identities you list (in user key, format, like `bj4r4-5cdop-...`) will be allowed to sign in or use any features like Datastore or Storage. + +- If someone's not on the list, they can't even register. +- If they are, they can use the app just like any other user (unless they're banned). + +Use this if you want to limit access to a private group — for example, for internal testing or early access users. + +#### How to Get the User Identities + +There are two common ways to manage the list of authorized users: + +1. After sign-in + +You can share your app link with a few users, let them sign in, and then add their keys to the authorized list. The user table will show their identity once they've signed in at least once. + +2. Before sign-in + +If you want to block all sign-ins except for those explicitly allowed before hand, start by adding your own developer ID (shown in the Console) to the list. + +This activates the restriction: once at least one identity is listed, only those identities can sign in. If the list is empty, then everyone can sign in. + +You can then share the app link with others. When they attempt to sign in and are blocked, you can show a message that displays their user key (e.g. using the `unsafeIdentity` function from `@junobuild/core`). + +They can send you their key, and you can add them to the list manually to grant access. From 7b5c787414fdb4df36fbdeea49f7b895ea67c415 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 26 Jul 2025 13:18:03 +0000 Subject: [PATCH 2/6] =?UTF-8?q?=F0=9F=93=84=20Update=20LLMs.txt=20snapshot?= =?UTF-8?q?=20for=20PR=20review?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .llms-snapshots/llms-full.txt | 61 ++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/.llms-snapshots/llms-full.txt b/.llms-snapshots/llms-full.txt index b205c04e..41b5e420 100644 --- a/.llms-snapshots/llms-full.txt +++ b/.llms-snapshots/llms-full.txt @@ -917,7 +917,7 @@ The built-in authentication feature allows developers to ban or unban users with **Note:** -A ban is not a deletion. The user’s authentication entry remains in the system, and they can be unbanned at any time. +A ban is not a deletion. The user's authentication entry remains in the system, and they can be unbanned at any time. ### How to Ban a User @@ -932,6 +932,65 @@ Once banned, the user will not be able to sign in, create, update, or delete dat ![A screenshot of the Juno Console's Authentication section, displaying the user management interface with options to ban or unban users](/assets/images/user-management-ban-90535848bf31b97659d5fecd4e4d54f1.webp) +--- + +## Setup + +The Authentication tab in the Console (or the CLI config) lets you customize how users sign in to your app and who's allowed to access it. Here are the available options: + +--- + +### Main Domain ("Derivation Origin") + +This setting helps you control how users are identified when signing in with Internet Identity. It makes sure users get the same identity across different domains or subdomains of your app. + +For example, if you set it to "hello.com", a user signing in at [https://hello.com](https://hello.com) will receive the same identifier (principal) as when signing in at [https://www.hello.com](https://www.hello.com). In other words, the user will be recognized as the same person. + +This is useful because, by design, it creates a different identity for each domain to protect user privacy and prevent tracking. + +Use this if your app runs on multiple subdomains and you want a consistent user experience. + +--- + +### Max Updates Per Minute + +This lets you limit how many new users can sign up per minute. It's helpful to prevent abuse or unexpected spikes (like bots flooding your app). + +For example, setting this to `10` means only `10` new users can be created per minute. + +Default is `100`. + +--- + +### Authorized Users + +This option gives you full control over who's allowed to use your app. + +If you enable this, only the identities you list (in user key, format, like `bj4r4-5cdop-...`) will be allowed to sign in or use any features like Datastore or Storage. + +* If someone's not on the list, they can't even register. +* If they are, they can use the app just like any other user (unless they're banned). + +Use this if you want to limit access to a private group — for example, for internal testing or early access users. + +#### How to Get the User Identities + +There are two common ways to manage the list of authorized users: + +1. After sign-in + +You can share your app link with a few users, let them sign in, and then add their keys to the authorized list. The user table will show their identity once they've signed in at least once. + +2. Before sign-in + +If you want to block all sign-ins except for those explicitly allowed before hand, start by adding your own developer ID (shown in the Console) to the list. + +This activates the restriction: once at least one identity is listed, only those identities can sign in. If the list is empty, then everyone can sign in. + +You can then share the app link with others. When they attempt to sign in and are blocked, you can show a message that displays their user key (e.g. using the `unsafeIdentity` function from `@junobuild/core`). + +They can send you their key, and you can add them to the list manually to grant access. + # Collections You can create or update a collection in the "Collections" tab in Juno's console under the [datastore](https://console.juno.build/datastore) view. From f56f34b7b68220b53bb6482859565ea0e77b17be Mon Sep 17 00:00:00 2001 From: David Dal Busco Date: Sat, 26 Jul 2025 15:20:14 +0200 Subject: [PATCH 3/6] chore: merge main Signed-off-by: David Dal Busco --- docs/build/authentication/management.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/build/authentication/management.md b/docs/build/authentication/management.md index 60606365..8d79babf 100644 --- a/docs/build/authentication/management.md +++ b/docs/build/authentication/management.md @@ -14,7 +14,6 @@ A ban is not a deletion. The user's authentication entry remains in the system, ::: - ### How to Ban a User To ban a user, follow these steps: From ce8fcbe3f76883275f49352844662494c5ec6d48 Mon Sep 17 00:00:00 2001 From: David Dal Busco Date: Sun, 3 Aug 2025 07:18:37 +0200 Subject: [PATCH 4/6] docs: configuration and rename to allowed callers Signed-off-by: David Dal Busco --- docs/build/authentication/management.md | 2 +- docs/reference/configuration.mdx | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/docs/build/authentication/management.md b/docs/build/authentication/management.md index 8d79babf..ed6943d8 100644 --- a/docs/build/authentication/management.md +++ b/docs/build/authentication/management.md @@ -57,7 +57,7 @@ Default is `100`. --- -### Authorized Users +### Allowed Callers This option gives you full control over who's allowed to use your app. diff --git a/docs/reference/configuration.mdx b/docs/reference/configuration.mdx index cfe27d8a..d87849d5 100644 --- a/docs/reference/configuration.mdx +++ b/docs/reference/configuration.mdx @@ -240,6 +240,31 @@ export default defineConfig({ }); ``` +#### Allowed Callers + +This option gives you control over who is allowed to use your app, whether they are already registered or not. + +```javascript +import { defineConfig } from "@junobuild/config"; + +export default defineConfig({ + satellite: { + ids: { + production: "qsgjb-riaaa-aaaaa-aaaga-cai" + }, + authentication: { + rules: { + allowedCallers: [ + "eunqq-ctbep-mwing-6cwte-f5frt-qe7tu-ilmgk-wmy3m-mdi3j-mcsvx-zae" + ] + } + } + } +}); +``` + +For more explanation, see the related [section](../build/authentication/management.md#allowed-callers) in Authentication. + ### Assertions import Assertions from "../build/components/assertions.mdx"; From f17938c971cd5d0f788d0605d831520fc0c9c77a Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 3 Aug 2025 05:20:16 +0000 Subject: [PATCH 5/6] =?UTF-8?q?=F0=9F=93=84=20Update=20LLMs.txt=20snapshot?= =?UTF-8?q?=20for=20PR=20review?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .llms-snapshots/llms-full.txt | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.llms-snapshots/llms-full.txt b/.llms-snapshots/llms-full.txt index 41b5e420..0da1aa0b 100644 --- a/.llms-snapshots/llms-full.txt +++ b/.llms-snapshots/llms-full.txt @@ -962,7 +962,7 @@ Default is `100`. --- -### Authorized Users +### Allowed Callers This option gives you full control over who's allowed to use your app. @@ -7933,6 +7933,16 @@ For example, if you set `derivationOrigin` to "hello.com", a user signing in at import { defineConfig } from "@junobuild/config";export default defineConfig({ satellite: { ids: { production: "qsgjb-riaaa-aaaaa-aaaga-cai" }, authentication: { internetIdentity: { derivationOrigin: "hello.com" } } }}); ``` +#### Allowed Callers + +This option gives you control over who is allowed to use your app, whether they are already registered or not. + +``` +import { defineConfig } from "@junobuild/config";export default defineConfig({ satellite: { ids: { production: "qsgjb-riaaa-aaaaa-aaaga-cai" }, authentication: { rules: { allowedCallers: [ "eunqq-ctbep-mwing-6cwte-f5frt-qe7tu-ilmgk-wmy3m-mdi3j-mcsvx-zae" ] } } }}); +``` + +For more explanation, see the related [section](/docs/build/authentication/management.md#allowed-callers) in Authentication. + ### Assertions The CLI conducts several assertions when interacting with your Satellite, one of which involves monitoring the heap memory size. Typically, the CLI checks to ensure that the heap memory does not exceed the 1 GB limit before deployment. For instance, if your heap memory usage is close to 900 MB, the CLI will prompt you to confirm the deployment. From b47881ca6c33bb176943fe78465208f8e56313aa Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 4 Aug 2025 10:43:28 +0000 Subject: [PATCH 6/6] =?UTF-8?q?=F0=9F=93=84=20Update=20LLMs.txt=20snapshot?= =?UTF-8?q?=20for=20PR=20review?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .llms-snapshots/llms-full.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.llms-snapshots/llms-full.txt b/.llms-snapshots/llms-full.txt index 93bfda2d..9e6ebf76 100644 --- a/.llms-snapshots/llms-full.txt +++ b/.llms-snapshots/llms-full.txt @@ -7101,7 +7101,7 @@ For most applications, we recommend using the default subnets and staying on the | Subnet ID | Type | Canisters (Running/Stopped) | Nodes (Up/Total) | | --- | --- | --- | --- | -| 6pbhf-qzpdk-kuqbr-pklfa-5ehhf-jfjps-zsj6q-57nrl-kzhpd-mu7hc-vae | Juno's Subnet | 35216/689 | 13/13 | +| 6pbhf-qzpdk-kuqbr-pklfa-5ehhf-jfjps-zsj6q-57nrl-kzhpd-mu7hc-vae | Juno's Subnet | 35340/692 | 13/13 | | pzp6e-ekpqk-3c5x7-2h6so-njoeq-mt45d-h3h6c-q3mxf-vpeq5-fk5o7-yae | Fiduciary | 3030/8 | 34/34 | | bkfrj-6k62g-dycql-7h53p-atvkj-zg4to-gaogh-netha-ptybj-ntsgw-rqe | European | 24912/593 | 13/13 | | brlsh-zidhj-3yy3e-6vqbz-7xnih-xeq2l-as5oc-g32c4-i5pdn-2wwof-oae | | 35034/728 | 13/13 |