Skip to content

docs: allowed callers #484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
peterpeterparker merged 8 commits into from
Aug 4, 2025
Merged

docs: allowed callers #484

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
f53f661
docs: authorized users
peterpeterparker Jul 26, 2025
7b5c787
📄 Update LLMs.txt snapshot for PR review
github-actions[bot] Jul 26, 2025
612d140
chore: merge main
peterpeterparker Jul 26, 2025
f56f34b
chore: merge main
peterpeterparker Jul 26, 2025
ce8fcbe
docs: configuration and rename to allowed callers
peterpeterparker Aug 3, 2025
f17938c
📄 Update LLMs.txt snapshot for PR review
github-actions[bot] Aug 3, 2025
abb4592
Merge branch 'main' into docs/auth-users
peterpeterparker Aug 4, 2025
b47881c
📄 Update LLMs.txt snapshot for PR review
github-actions[bot] Aug 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 42 additions & 1 deletion .llms-snapshots/llms-full.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -960,6 +960,37 @@ For example, setting this to `10` means only `10` new users can be created per m

Default is `100`.

---

### Allowed Callers

This option gives you full control over who's allowed to use your app.

If you enable this, only the identities you list (in user key, format, like `bj4r4-5cdop-...`) will be allowed to sign in or use any features like Datastore or Storage.

* If someone's not on the list, they can't even register.
* If they are, they can use the app just like any other user (unless they're banned).

Use this if you want to limit access to a private group — for example, for internal testing or early access users.

#### How to Get the User Identities

There are two common ways to manage the list of authorized users:

1. After sign-in

You can share your app link with a few users, let them sign in, and then add their keys to the authorized list. The user table will show their identity once they've signed in at least once.

2. Before sign-in

If you want to block all sign-ins except for those explicitly allowed before hand, start by adding your own developer ID (shown in the Console) to the list.

This activates the restriction: once at least one identity is listed, only those identities can sign in. If the list is empty, then everyone can sign in.

You can then share the app link with others. When they attempt to sign in and are blocked, you can show a message that displays their user key (e.g. using the `unsafeIdentity` function from `@junobuild/core`).

They can send you their key, and you can add them to the list manually to grant access.

# Collections

You can create or update a collection in the "Collections" tab in Juno's console under the [datastore](https://console.juno.build/datastore) view.
Expand Down Expand Up @@ -7070,7 +7101,7 @@ For most applications, we recommend using the default subnets and staying on the

| Subnet ID | Type | Canisters (Running/Stopped) | Nodes (Up/Total) |
| --- | --- | --- | --- |
| 6pbhf-qzpdk-kuqbr-pklfa-5ehhf-jfjps-zsj6q-57nrl-kzhpd-mu7hc-vae | Juno's Subnet | 35216/689 | 13/13 |
| 6pbhf-qzpdk-kuqbr-pklfa-5ehhf-jfjps-zsj6q-57nrl-kzhpd-mu7hc-vae | Juno's Subnet | 35340/692 | 13/13 |
| pzp6e-ekpqk-3c5x7-2h6so-njoeq-mt45d-h3h6c-q3mxf-vpeq5-fk5o7-yae | Fiduciary | 3030/8 | 34/34 |
| bkfrj-6k62g-dycql-7h53p-atvkj-zg4to-gaogh-netha-ptybj-ntsgw-rqe | European | 24912/593 | 13/13 |
| brlsh-zidhj-3yy3e-6vqbz-7xnih-xeq2l-as5oc-g32c4-i5pdn-2wwof-oae | | 35034/728 | 13/13 |
Expand Down Expand Up @@ -7902,6 +7933,16 @@ For example, if you set `derivationOrigin` to "hello.com", a user signing in at
import { defineConfig } from "@junobuild/config";export default defineConfig({ satellite: { ids: { production: "qsgjb-riaaa-aaaaa-aaaga-cai" }, authentication: { internetIdentity: { derivationOrigin: "hello.com" } } }});
```

#### Allowed Callers

This option gives you control over who is allowed to use your app, whether they are already registered or not.

```
import { defineConfig } from "@junobuild/config";export default defineConfig({ satellite: { ids: { production: "qsgjb-riaaa-aaaaa-aaaga-cai" }, authentication: { rules: { allowedCallers: [ "eunqq-ctbep-mwing-6cwte-f5frt-qe7tu-ilmgk-wmy3m-mdi3j-mcsvx-zae" ] } } }});
```

For more explanation, see the related [section](/docs/build/authentication/management.md#allowed-callers) in Authentication.

### Assertions

The CLI conducts several assertions when interacting with your Satellite, one of which involves monitoring the heap memory size. Typically, the CLI checks to ensure that the heap memory does not exceed the 1 GB limit before deployment. For instance, if your heap memory usage is close to 900 MB, the CLI will prompt you to confirm the deployment.
Expand Down
31 changes: 31 additions & 0 deletions docs/build/authentication/management.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,34 @@ This lets you limit how many new users can sign up per minute. It's helpful to p
For example, setting this to `10` means only `10` new users can be created per minute.

Default is `100`.

---

### Allowed Callers

This option gives you full control over who's allowed to use your app.

If you enable this, only the identities you list (in user key, format, like `bj4r4-5cdop-...`) will be allowed to sign in or use any features like Datastore or Storage.

- If someone's not on the list, they can't even register.
- If they are, they can use the app just like any other user (unless they're banned).

Use this if you want to limit access to a private group — for example, for internal testing or early access users.

#### How to Get the User Identities

There are two common ways to manage the list of authorized users:

1. After sign-in

You can share your app link with a few users, let them sign in, and then add their keys to the authorized list. The user table will show their identity once they've signed in at least once.

2. Before sign-in

If you want to block all sign-ins except for those explicitly allowed before hand, start by adding your own developer ID (shown in the Console) to the list.

This activates the restriction: once at least one identity is listed, only those identities can sign in. If the list is empty, then everyone can sign in.

You can then share the app link with others. When they attempt to sign in and are blocked, you can show a message that displays their user key (e.g. using the `unsafeIdentity` function from `@junobuild/core`).

They can send you their key, and you can add them to the list manually to grant access.
25 changes: 25 additions & 0 deletions docs/reference/configuration.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,31 @@ export default defineConfig({
});
```

#### Allowed Callers

This option gives you control over who is allowed to use your app, whether they are already registered or not.

```javascript
import { defineConfig } from "@junobuild/config";

export default defineConfig({
satellite: {
ids: {
production: "qsgjb-riaaa-aaaaa-aaaga-cai"
},
authentication: {
rules: {
allowedCallers: [
"eunqq-ctbep-mwing-6cwte-f5frt-qe7tu-ilmgk-wmy3m-mdi3j-mcsvx-zae"
]
}
}
}
});
```

For more explanation, see the related [section](../build/authentication/management.md#allowed-callers) in Authentication.

### Assertions

import Assertions from "../build/components/assertions.mdx";
Expand Down