Azure Static Web Apps auth

Auth go-live checklist

This page tracks the worker/admin privacy gate before the RaveFocus worker hub becomes a real production site. It confirms the protected route plan is prepared, while keeping the live site in public preview until Microsoft Entra roles are ready.

4 roles
3 protected routes prepared
5 section policies
0 protected routes active now
Status: prepared; not enforced. Do not apply protected mode until Microsoft Entra users and roles are configured and you are ready to test worker/admin sign-in.

Checklist

#ItemStatusProof needed
1 configure Microsoft Entra authentication for Azure Static Web Apps manual required Azure Static Web Apps authentication provider is configured for Microsoft Entra ID
2 assign users to authenticated, worker, and admin roles manual required approved workers can sign in and admin-only users are assigned admin role
3 keep sensitive output files admin-only prepared, not active protected config gates /outputs/* to admin
4 keep data manifests signed-in only prepared, not active protected config gates /assets/data/* to authenticated/admin
5 replace preview password behavior with Microsoft sign-in status manual/frontend follow-up profile area displays signed-in Microsoft user state, not a mock password field
6 deploy protected config after roles are ready waiting set-static-web-app-auth-mode.ps1 -Mode apply has been run and deployed
7 verify authenticated and admin access waiting signed-in worker can reach worker areas and non-admin cannot reach /outputs/*

Roles

anonymous

preview-only access before worker login is enforced

Allowed

  • #start
  • #levels
  • #role-quiz
  • #role-guide
  • #workers
  • #guides

Blocked

  • #profile
  • #quests
  • #forms
  • #proof
  • #admin

authenticated

approved worker baseline after Microsoft sign-in

Allowed

  • #profile
  • #quests
  • #forms
  • #echo
  • #systems
  • #proof

Blocked

  • #admin

worker

assigned worker role; actual quest access still depends on role seat and admin approval

Allowed

  • #profile
  • #quests
  • #forms
  • #proof

Blocked

  • #admin

admin

Jupiter/admin operations, review queues, setup guides, proof routing, and sensitive index oversight

Allowed

  • #admin
  • #systems
  • #proof
  • #forms
  • #profile
  • #quests

Blocked

  • none

Protected route plan

#RouteAllowed rolesCurrent state
1 /outputs/*
  • admin
prepared only
2 /assets/data/*
  • authenticated
  • admin
prepared only
3 /api/*
  • authenticated
  • admin
prepared only