Registration: A user registers with their name, latname, email, organization and agreement. The agreement is a checkbox that states something like "By registering the user agrees to 1) adhere to our terms-and-conditions, 2) use the data according to its license, 3) allow us to collect this private information. We store this data in e.g. a GoogleForm + GoogleSheet.
Validation: The user provides a valid token that the systems sends via email.
Access: The user can access the app and download the data.
Comparing authentication versus registration
What's the conceptual and implementation difference between a service that requires users registration versus user authentication?
User registration and user authentication serve distinct purposes in managing user access to a service. Registration involves collecting and validating user information to create a new account, often including steps like email verification and storing hashed passwords securely in a database. Authentication, on the other hand, is the process of verifying a user's identity using stored credentials, typically by comparing a provided password with the hashed version in the database, and managing user sessions upon successful login.
https://chatgpt.com/share/0f31f2c1-0759-453c-a6a7-d2337629fa84
Authentication
The service providers (tilt) maintains a list of authorized users. Only those users can access the service (web tool).
This gives us maximum control over who can access the service, but it costs us the effort in managing authorized users, and potentially the monetary cost of the authentication service (e.g. the standard plan of shinyapps.io).
Registration
The users register themselves to the service (web tool). Any user can register, as long as they provide the minimum information we need from them (e.g. name, email, agree to use the data only for research).
This gives no control over who can access the service. I haven't researched this yet but it seems to cost us no effort or money.
Ideas
What might be the simplest way to implement access to a shiny app but only after the user registers and verifies their email?
I'd be happy to use something like GoogleForms and R packages to handle emails and tokens.
To enable authentication on shinyapps.io (Standard and Professional plans), set the app's visibility to Private in the admin interface. Add authorized users by inviting them via email. Users authenticate using Google, GitHub, or shinyapps.io credentials. An authentication prompt appears for new visitors, requiring valid credentials. For logout, include a specific URL format in your app.
In the last tech sprint we realized that we seem to require lower security than what an authentication service provides.
Requirements (Anne/Tilman):
Registration: A user registers with their name, latname, email, organization and agreement. The agreement is a checkbox that states something like "By registering the user agrees to 1) adhere to our terms-and-conditions, 2) use the data according to its license, 3) allow us to collect this private information. We store this data in e.g. a GoogleForm + GoogleSheet.
Validation: The user provides a valid token that the systems sends via email.
Access: The user can access the app and download the data.
Comparing authentication versus registration
What's the conceptual and implementation difference between a service that requires users registration versus user authentication?
Authentication
The service providers (tilt) maintains a list of authorized users. Only those users can access the service (web tool).
This gives us maximum control over who can access the service, but it costs us the effort in managing authorized users, and potentially the monetary cost of the authentication service (e.g. the standard plan of shinyapps.io).
Registration
The users register themselves to the service (web tool). Any user can register, as long as they provide the minimum information we need from them (e.g. name, email, agree to use the data only for research).
This gives no control over who can access the service. I haven't researched this yet but it seems to cost us no effort or money.
Ideas
What might be the simplest way to implement access to a shiny app but only after the user registers and verifies their email?
I'd be happy to use something like GoogleForms and R packages to handle emails and tokens.
ChatGTP: https://chatgpt.com/share/d7f0bdf2-5956-46b9-9ed1-f7b22d1567b2
rOpenSci: The answer I got refer to authentication, not registration. It suggests approaches covered in https://github.com/2DegreesInvesting/tiltWebTool/issues/6
Authentication and User Management in shinyapps.io
https://docs.posit.co/shinyapps.io/guide/authentication_and_user_management/
Summary (ChatGTP):
For detailed instructions, refer to the shinyapps.io documentation.