Background
I’ve got a Azure Static Web App serving a React SPA with a connected Azure Functions backend on a custom domain (let’s call it mysite.com). It uses Azure basic auth (aka EasyAuth). Now I have a VM serving Postgres and pg_tileserv. On that VM I have oauth2_proxy in front of pg_tileserv on a subdomain (tiles.mysite.com). If I open tiles.mysite.com in a browser then I can authenticate just fine and, on a standalone basis, it works.
My problem
I want to be able to fetch tiles from the VM from the webapp but I can’t auth to the tileserv from the session on the main site.
What I’ve tried
I tried adding an iframe on my mysite.com that goes to tiles.mysite.com. The iframe will login from existing cookies without user intervention but when I fetch tiles it doesn’t bring those cookies to the fetch requests so those fail (get 302).
Trying to avoid
I know I could put nginx and uvicorn on my VM and host the webapp and api there so that all the auth is in one place but I kind of like having the resource separation.
Desired Solution
I’m open to almost any other approach. I’d prefer to stay away from having to subscribe to even more Azure services (like Front Door) though. I don’t mind switching from oauth2_proxy or adding nginx if that would solve my issue somehow.