Skip to main content
ngrok makes it easy to add authentication to any endpoint without modifying your application code. Using Traffic Policy, you can require visitors to authenticate before they can access your local app.

Add OAuth with Traffic Policy

The quickest way to protect your endpoint is with the OAuth Traffic Policy action. Add the following to your Traffic Policy configuration to require Google authentication:

Using a Managed Provider

The following Traffic Policy configuration will provide your app with a google authentication step. 
on_http_request:
  - actions:
      - type: oauth
        config:
          provider: google
  - expressions:
      - "!actions.ngrok.oauth.identity.email.endsWith('@acme.com')"
    actions:
      - type: deny
The provider value can be replaced with any of the Supported Providers that have an a managed app available.
This example uses a managed Google OAuth application owned by ngrok. This is useful for testing and development, but you should use your own OAuth application when moving to production. See the OAuth action documentation for details.

Supported authentication methods

MethodDescription
OAuthRequire login via Google, GitHub, Microsoft, and other providers
OpenID ConnectIntegrate with any OIDC-compliant identity provider
SAMLUse SAML-based SSO for enterprise authentication
Basic AuthRequire a username and password

Restrict access to specific users

You can restrict access to specific email addresses by defining your Traffic Policy in your ngrok configuration file:
ngrok.yml
on_http_request:
  - actions:
      - type: oauth
        config:
          provider: google
  - expressions:
      - "actions.ngrok.oauth.identity.email == 'teammate@acme.com'"
    actions:
      - type: deny
This is ideal for sharing your app with a specific teammate while keeping it private from everyone else.

Next steps