Authorization and user state funcionality

Hello everyone,

I have been investigating Hugo for a couple of weeks and have been really impressed at all of its functionality. One thing I haven’t been able to figure out is how to handle Authorization (not by FB or Google) and user state which would allow for user management (much like the process of registering/logging in for this website). I would like to have a section of my site where someone can purchase a subscription and be able to login etc. Has anyone implemented functionality like this and how did they do it?

Many thanks!


I don’t think it’s in scope, as it’s not in the nature of a static site to do so. I will keep an eye on this though, as user interaction to determine content is something I’m attempting to make happen now…

A subscription to the content of the website itself, you mean? Or are you looking to sell a product-based subscription on your site?


You are right, it is not in the nature of a static site to do so. But neither are comments, search etc. Someone suggested to me using hugo along with Meteor, but I don’t know if this would be too complex. I wanted to keep things as simple as possible.


I would like to sell access to a certain part of my site, say They could use the data for a day, week, month, whatever at different subscription prices. I guess something like a paywall, if you want to use that term. I can integrate a shopping cart for subscriptions but it is the logging in/out, being able for the user to administer their account that I need.



I use a paywall on one of my Hugo sites with Piano’s Go/Tinypass product. Implementation is reasonably simple (just JavaScript, with managing the paywall in their backend), and they take care of user accounts, invoicing, and paywalling the content (and even basic customer support). Here is more information about their product.

I’m not aware of viable alternatives besides Piano. Unfortunately the choice of paywall products that work with static websites is severely limited since most membership plugins require WordPress.

You may also want to know for your research that the paywall industry for regular publishers like you and me isn’t in a very good shape. CoinTent, which offered a paywall suitable for static sites, closed in the beginning of this year. And Drizzle, also suitable for static websites, recently changed course and now offers their software open source to manage, fix, and deploy yourself.

Let me know if you have more questions; happy to help where I can.

1 Like

At the very least, you are likely to need a minimal web application in front of your Hugo site that deals with authentication and user management.

Being a static website builder, Authentication is not part of Hugo’s tool set. Things like comments rely on embedding javascript tools from external sites. For most security models, Javascript runs too late in the in the web page loading to protect content.

Now static web servers do have a variety of ways to deal with authentication. Using HTTP Basic Auth or other tools. These can be set to only require authentication for a specific file path. However, Basic Auth is not very friendly to site visitors or site managers. (And yes, I remember building CGI authentication systems with Basic Auth). That said, a web server could provide much more sophisticated authentication services. There maybe add-ons to Apache or Nginx that do what you want.



There is a slightly more advanced authentication system included among the featured extensions to the Caddy web server.

Additionally some static hosting/deployment services such as Netlify provide forms of authentication.

None of these will deal with your payment needs.

I can point you to a couple of things that might spark some ideas:

Lots of functionality here on top of a static site:

And, there are other tools like this, but Google’s Firebase has a set of functionality that can be incorporated into a static site:

Jura, leejoramo, and budparr,

Thank you all for the suggestions and advice. I will check them all out and write back what/how I implemented a solution!

1 Like

Hey @mark_smith, could you update us on how the authorisation in your project went? It’s been a couple of months, do you still use the same user management tool? Any insights and experience to share?

Thanks in advance for your reply and look forward to learn from it. :slight_smile:

Hey @mark_smith and @Jura - I would also be quite interested how authentication of a section of a static site is implemented successfully. At present I am thinking to protect with a simple shared password, because this is not information that I want to paywall - just restrict to people who change every 6 months - therefore password will be changed every 6 months too. I am thinking of a basic .htaccess file but I am also keen to see what can be done with more sophisticated tool. How much approximately is it for tinypass if requirements are as basic as mine?