search

datastorm-open / shinymanager

Simple and secure authentification mechanism for single shiny applications.
https://datastorm-open.github.io/shinymanager/
386 stars 79 forks source link

Token generation #35

Open MeganBeckett opened 4 years ago

MeganBeckett commented 4 years ago

Hi there

Thanks for this package - it has been so helpful for me to secure a Shiny app and I really like the backend admin and logging functionality.

I have a question about how the tokens are generated. The reason is that we want to be able to automatically log some users in if they have come to the shiny app through another web app that we have, where they already had to log in with their details. If they land on the normal url for the Shiny App, without going through our main web app, then they still need to log in and authenticate as normal.

Is this possible to set up with shinymanager? I have been looking at the source code for how tokens are generated and also using DevTools on my browser. But, can't quite see how the user name and password are sent to the server to then check the credentials in the sqlite DB and then generate a token.

Do you have any documentation or additional notes on this so I can understand it better?

pvictor commented 4 years ago

Hello,

Thanks for your interest in the package and your kind words!

For the moment, tokens are generated when a user log in and immediately destroy when access to the application has been granted. All this is done in the same R session, so I don't think that's possible to communicate between different apps currently.

But we could implement a mechanism to generate and store tokens with some expiration date in the SQLite database to grant access to a specific application. If those applications are on the same server it's doable, is this your case ?

This could solve this too https://github.com/datastorm-open/shinymanager/issues/31

Victor

MeganBeckett commented 4 years ago

Hi Victor, thanks for the reply.

The apps are not on the same server as the main app is a Flask web app for the website, which has an authentication, and then we want to be able to link to the Shiny apps hosted on a subdomain (on their own shiny server) which have used the shinymanager authentication. So, if the user has logged into the Flask app and clicks to go see the Shiny app, they should be logged in automatically (that's why trying to figure out how to automatically generate and pass a token). But, I think I might go with another solution.

However, I also just looked at issue #31, and this would be incredibly useful. I actually thought it might be possible as you can specify which app the user has access to when creating the SQLlite DB and using the optional applications argument, as explained here:

https://datastorm-open.github.io/shinymanager/reference/create_db.html

applications (optional) : the name of the applications to which the user is authorized, separated by a semicolon. The name of the application corresponds to the name of the directory, or can be declared using : options("shinymanager.application" = "my-app")

Furthermore, on the Admin logs page, I can see a dropdown option to select other apps, as shown here:

image

But, I was not able to link this all up and add other apps (which we have on the same server). I think the above code must be a placeholder for multiple apps on the same server with one login and not yet fully implemented?

I think this would be incredibly useful.

Thanks! Megan

dcont5512 commented 3 years ago

Hi there - just wondering if there has been any updates to this or issue #31 whereby people can access many apps after logging into to a parent directory app? Also, has any sort of cookie-structure been implemented within shinymanager to prevent people from having to re-login each time they close a window, perhaps with a defined time-out period?

Thanks!

deann88 commented 3 years ago

+1