Protect private pages hosted on Heroku by authenticating with Github using Flask-Dance. Also, attack rabbits.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

3.4 KiB


What’s this business all about, then?

This repository helps you put access control into place to protect your secret pages by (deep breath):

hosting your secret page of static and/or dynamic content by using a free Heroku app
running a Python Flask server that uses Flask-Dance to authenticate visitors
with Github using OAuth which allows you fine-grained access control for your pages
using user attributes like organization or team membership or even things like how many
vowels a user has in their username.

Also, did I mention the attack rabbits?

warning: attack rabbits ahead

Where is everything?

Final pages:

Two branches in this repo compose the github-heroku-attack-rabbits documentation:

Two branches illustrate github-heroku-attack-rabbits in practice:

  • The secret branch contains the files needed to create the secret page.
    This repository is public, so obviously these aren’t actually secret,
    but in practice this would be in a protected repository.

  • The heroku-pages branch
    contains the content that is actually pushed to Heroku - that is,
    the final Flask app.


An overview of the steps:

Get Started with Heroku

Get Started with Github

Initialize Repository: Branches

Create a Flask App using Flask-Dance

Test Flask App Locally

Deploying Flask App to Heroku

Custom Domains

Python software used:

Commercial services:


This is released under the WTFPL.