I recently took over managing a small static site for a volunteer org running on a rather limited PHP host. I would like to upgrade it to something more modern than trivial PHP and static HTML. Grav appears to run on the provided PHP, but I have a requirement to link up to an Apache Basic Authentication external provider. It currently works fine for static HTML files located in a subdirectory and protected through .htaccess. However, going to a CMS that creates a virtual directory tree through mod_rewrite doesn’t trigger the default .htaccess behavior.
Is there any way to delegate authentication to the external provider such that only one section of the Grav site requires Basic Auth to reach?
(Note: Please don’t suggest trying to recreate the authentication information within Grav. The host specifically forbids this. I have to delegate authentication to their provider without copying any usernames or passwords into my instance(s).)