search

osohq / oso

Oso is a batteries-included framework for building authorization in your application.
https://docs.osohq.com
Apache License 2.0
3.47k stars 174 forks source link

[Integration Request] dash-oso #1569

Open IcToxi opened 2 years ago

IcToxi commented 2 years ago

Hi there,

I'd like to invite you to take a look at this project.

It's built on top of Flask, but it doesn't have much in common with Flask in use. This is a way to write React in Python. However, it still doesn't have a good permission system. Given the characteristic of Dash, I believe OSO is a rare and awesome authorization system that fits it very well.

I only have some preliminary ideas at present, such as there may be a Dash component that integrated OSO to wrap other components for authentication, and there may be a decorator to decorate the Dash callbacks. Also to control the options of the drop-down with data filter. Alternatively, it might be a good idea to use Dash components to develop authorization GUI pages.

app.layout = dash_oso.Authorize([html.Div(), html.Div()], "", "")
@dash_oso.authorize(resource="table")
@app.callback(Output(), Input())
def submit():
    db.insert()
    return "success"

And because of the OSO's feature of multi-language support, my guess that the authorization system could work at the front and back ends at the same time with Dash.

I think this will probably be an interesting and challenging thing to do. I hope some of you are interested in this, how about we invite a couple of developers from both sides to talk about the feasibility of it? 😋

killpack commented 2 years ago

Hi @IcToxi,

Dash looks like a really cool project!

And because of the OSO's feature of multi-language support, my guess that the authorization system could work at the front and back ends at the same time with Dash.

This does sound possible, but the way you'd probably want to achieve the front end bit of that is via something like https://docs.osohq.com/guides/more/ui.html, where the authorization code and evaluation lives in the back end. If you're evaluating authorization decisions client-side, you leave yourself open to a malicious actor modifying the client-side code to grant themselves access to unauthorized resources.

I think this will probably be an interesting and challenging thing to do. I hope some of you are interested in this, how about we invite a couple of developers from both sides to talk about the feasibility of it? :yum:

Definitely interested in the idea of making it easier to set up authorization for Dash apps; would be happy to continue the conversation in this issue.

IcToxi commented 2 years ago

Hi @killpack,

This does sound possible, but the way you'd probably want to achieve the front end bit of that is via something like https://docs.osohq.com/guides/more/ui.html, where the authorization code and evaluation lives in the back end. If you're evaluating authorization decisions client-side, you leave yourself open to a malicious actor modifying the client-side code to grant themselves access to unauthorized resources.

You're right. But what I meant was expecting these front-end components to automatically send query requests when rendering, while in my exploration I had to raise authorization queries in callbacks.

I'm excited to see your interest in this. Hold on a minute, I'll grab a couple of Dash developers to join this conversation.

IcToxi commented 2 years ago

Hi @killpack,

Unfortunately, I'll let you know that I didn't get the support of their official team. So now it's entirely up to you guys to add this integration. Anyway, I'm still looking forward to this being made.

killpack commented 2 years ago

Hey @IcToxi -- this integration sounds like it could be really useful. I'm going to add this to our internal tracker. Right now we're focused on other things, so I can't promise that we'll work on this anytime soon.

For anyone else who's interested in a Dash integration, please 👍 the original post so we can gauge interest, and leave a comment with any requirements and use cases you might have.