Shiny app authentication flow on R Studio Connect

[alabeli]

Thank you for developing this amazing package and providing a vignette on how to use some of the functions in a Shiny app.

Is there any guideline on how to establish authentication flow on R Studio Connect? I tried providing my R Studio Connect app URL as redirect URI in the app as well as on Azure portal where my app is registered. I am following the shiny vignette by just changing app ID, tenant, and redirect URI. However, server returns nothing because session$clientData$url_search is blank. Is there something that our R Studio Connect server setting might be missing? (may be OAuth2 settings?)

When I try to follow client_credentials authentication method, which doesn't require redirect URI etc., I have no issues accessing the Teams files. However, this type of authentication uses application level permissions and not delegated ones. You have mentioned in your vignette that For a Shiny app, note that you want delegated permissions from the Microsoft Graph API, not application permissions. Could I understand the reason behind it? On R Studio Connect, you can limit the access by user so only the users that should access certain files could access them. So, using client_credentials authentication should be secure in my understanding unless I missed something.

Just as an extra reference, the R Studio Connect at my organization is setup at a single user level, meaning each user may need to log in but it runs on the server as single user.

Sorry if this issue is not appropriate for this package. I can try to connect with RSC next. Thank you for your time!

[hongooi73]

You're probably best talking to RSC. I'm not an AAD guru by any means.