posts/django-auth-server-for-shiny/

[utterances-bot]

Django application as an authentication / authorization server for Shiny - pawamoy's website

Findings, thoughts, tutorials, work. Pieces of my mind!

https://pawamoy.github.io/posts/django-auth-server-for-shiny/

[pawamoy]

Original author: Shane
Original date: 2018-09-21T01:48:59Z

This is really great ! Thank you for posting. Excellent quality document. Had a few issues with the Dockerfile.shiny (probably me), but I ended up using a modified one based on the dockerfile here https://www.shinyproxy.io/d...

[pawamoy]

Original date: 2018-09-21T13:28:44Z

Thank you for the kind words :) I hope you resolved all your issues!

[pawamoy]

Original author: patrick Sharma
Original date: 2018-09-24T08:20:13Z

This is a wonderful idea thanks for post. I am trying to use the same for oxidized application. The only problem I am facing is unlike shiny my application has multiple pages is there a way to handle that? Or do I have to hardcode every url of my application to Django url?

[pawamoy]

Original date: 2018-09-24T14:48:03Z

Thanks!

So, you want to wrap an oxidized app into a django app right? I guess you could write a generic view that is called for every "oxidized" requests, for example requests like "/oxi/something". This view would internally request the contents of the real oxidized page (like we did in this post with requests + beautifoul soup), in this case "/something" would be the oxi url. And then render a generic template that wraps the real page contents in a iframe!

In fact it's exactly what we did in this post but in a more generic way, to handle multiple pages (with multiple URLs).

It seems hacky but I don't know any other way to wrap a web application into another :/

[pawamoy]

Original author: Shane
Original date: 2019-02-19T21:36:02Z

Hi again, thanks for your reply.

I'm wondering if I may ask you, if I was to run a shiny app wired Django in this way, would the end user still be able to access the shiny app content on port 8100 directly and not go through django authorization ?

[pawamoy]

Original date: 2019-02-19T23:29:52Z

If you allow so, yes! Just set your firewall so it allows incoming connections on port 8100.

If you do this through Docker, this would need a bit more modifications, like adding ports: 8100:8100 to the shinyapp service.

[pawamoy]

Original author: Mait Mait @mait_mait
Original date: 2019-04-19T20:04:56Z

Hello! Thanks for the insightful tutorial. I haven’t used the Django web framework before, nor I am knowledgeable in full-stack web development, but I have in-depth analytical experience in R, complex Shiny dashboard building and scientific use of Python. Therefore, also maybe my “rookie” question in terms of Django.

Is it possible to control the data that user can access via Embedded Shiny app through Django’s user authentication and user
permission system? I.e., to change certain values in Shiny app’s server code depending on the data that is stored in Django app’s for a given user.

Thanks in advance,

[pawamoy]

Original author: Tyler Bobik
Original date: 2019-09-05T16:24:50Z

I am trying to get this working with shiny-server so I can access my shiny apps that are served in my srv/shiny-server directory. I have posted more details on stackoverflow https://stackoverflow.com/q...

[pawamoy]

Original author: Tyler Bobik
Original date: 2019-09-05T16:30:39Z

I am attempting to do this via Auth0 by passing the URL's that you want to give permissions for through the Users metadata, which I think should work

[pawamoy]

Original date: 2019-09-05T17:50:23Z

I commented on StackOverflow :)

[pawamoy]

Original date: 2019-10-17T18:27:40Z

Hi! I realize now that I didn't reply to your comment, so sorry!
However I really don't know Shiny and R enough to answer. I have no idea if this is even possible :/ Shiny is pretty closed, I don't see how you could change the behavior of a Shiny app from Django, except maybe by injecting some identifiers or values in the iframe, that the Shiny javascript code could then read?

[pawamoy]

Original author: Katja Hoffmann
Original date: 2020-02-07T22:16:05Z

Many Thanks for your great Tutorial! I`m wondering, if it would be possible to show the shiny app embedded within the django app. I mean similar to the representation when accessing http://localhost:8000 but with just a nice look and the expected shiny behavior.

Another thought to achieve the goal was to embed the shiny app via <iframe> tag directly in the django template and only allow the access to the shiny server from the django server by firewall setting. Would this also be possible or is there anything against it?

Thanks in advance.

[pawamoy]

Original date: 2020-02-12T20:34:43Z

You're welcome!

I'm not sure to understand what you mean, as it seems to be exactly what we are already doing here (injecting the shiny page in an iframe).

About the firewall, both NginX and Django must be able to communicate with the Shiny server, so as long as you setup your firewall to allow that, it should be fine.

[pawamoy]

Original author: Tas Lanous @taslanous
Original date: 2020-03-13T23:50:06Z

Hi I have a potentially naive question. Is nginx strictly required to do this? Could one just have a django web app where upon login they are simply forwarded to a page where the shiny app is running? Thanks :)

[pawamoy]

Original date: 2020-03-14T13:28:10Z

Hmmm, I think the reverse proxy (nginx, apache, or else) is required, yes.

If you just have a Django app, and you just want to redirect users once they signed in, then you lose subsequent authentication. It means users could directly go to the URL you redirect them to, without needing to sign in. Even if you manage to generate "random" URLs for the shiny app, so a user cannot guess where the shiny app is served, they could just sign in to get it, then share it to anybody, effectively giving access to everyone without authentication, for a limited period of time at least.

In summary: no auth in Shiny. You need another app, such as Django for example. They must both be secured behind a reverse proxy to, first, prevent direct access to Shiny, and two, make the communications transparent (same IP, domain name, URLs, etc.).

I hope it helps!

[pawamoy]

Original author: Tas Lanous @taslanous
Original date: 2020-03-16T20:27:33Z

Thanks so much for your response. It makes a lot of sense! And again thanks for the great blog post :)

[pawamoy]

Original author: Paolo Cozzi @paolo_cozzi
Original date: 2020-04-18T11:56:53Z

Thank you, @pawamoy, for your guide, I was finally able to set authentication on my shiny server (I made a public repository at GitHub, if you want to take a look). Just a few comments to your great work:
By defining a model for each of your shiny applications, you could restrict applications to specific user or make them public for everyone. Second, if you write the location inside the model, you could exploit it within the django template, without using beautifoulsoup to pre-load the application. You can display also the shiny application outside the django template, the nginx and the django backend will ensure the user authentication. By returning the 401 status code for un-authorized user, you could create a redirect to the django login page using a custom nginx location
Ty again for your guide!
All the best,
Paolo

[pawamoy]

Original author: Code Kraft
Original date: 2020-06-04T10:10:53Z

Hi and thanks for the great blog post! It really closed my knowledge gap for me when searching for a way to add authentication to the free version of Shiny Server.

However I wondered why parsing the content returned by Shiny necessary. Without having tried it I'd say why can't we just pass the data on as it comes from Shiny?

[pawamoy]

Original date: 2020-06-04T16:15:29Z

Hi, thank you! Honestly, I'm not sure anymore haha. I think that when I tried without BeautifulSoup it didn't work. Maybe you could try again with "return JsonResponse({'html_contents': response.text})" instead and report back if it works correctly?

[bill-ash]

This is hilarious and amazing. I can't believe this works lol. Really great post.

Made a few changes to get it going from a different server since the Docker file wouldn't go for me.

https://github.com/bill-ash/shiny-django

[pawamoy]

Haha yes I couldn't believe I was able to pull this up :smile: Glad you were able to build upon my example :slightly_smiling_face:

[codeandstuf]

I am having trouble proxying shiny requests to the shiny app. Currently I can pull my unformatted shiny app up in my Django website, but I am having trouble using nginix to create a link. I run a windows os. Do you happen to know what changes when using windows for this instead? I have switched all of the file paths in nginix from (for example) /etc/nginx/sites-available/djangoshiny to C:\nginx\sites-available\djangoshiny

I also created a soft link between sites-available\djangoshiny and sites-enabled\djangoshiny using mklink /d

not sure if anyone knows what I'm doing wrong but id appreciate any help. Also is there a way of testing if nginx is actually linking without running the website?

Thanks! (sorry if this is a bad explanation of my problem to, I'm new to nginix)

[pawamoy]

Hello, unfortunately I won't be able to help you as I don't use Windows. Since your issue seems more related to NginX than to the actual content of the post, I suggest you ask for help on StackOverflow or any other forum where people know about NginX + Windows :slightly_smiling_face: Good luck!