Git Product home page Git Product logo

shiny-token-auth's Introduction

Shiny Token Auth

Shiny Token Auth makes it easy to authenticate between a remote server and a Shiny server application. This can be useful in situations where a user authenticates through a web-app, and you want to embed a Shiny application in an iframe in your website, but otherwise lock-down someone directly accessing the Shiny application.

Usage

Your remote application should generate a token each time it loads the Shiny application. That token should then be appended to the Shiny application url using the parameter t. For example:

http://some-shiny-app.example?t=some_unique_token

Shiny Token Auth will then check the passed t argument, in this case some_unique_token against the remote server by sending it back to the remote server at a specified callback url (covered in the next section on configuring your settings).

If the token is valid, then the Shiny Token Auth method isValidToken returns TRUE. Otherwise, it returns FALSE.

Configure your settings

The settings.json file is a simple JSON file with two keys.

  • check_token_url - This is the URL the token passed to your Shiny server should check against to make sure the token is valid.
  • success_value - This is the value your remote application will provide if authentication is succesful. For example, your server might return "200" or "OK".

Securing your Shiny application

Once you have configured your settings.json and setup your remote application to generate and check the validity of tokens, you can Shiny Token Auth by invoking the isValidToken method.

isValidToken takes the full URL used to access your Shiny application as an argument. The method then checks whether the passed token, demarked as t in the URL paremeters, is valid.

In your Shiny application, you can wrap isValidToken in a reactive method and assign it to a variable. For example:

shinyServer(function(input, output, session) {
  	# determine if the user is authenticated
  	isAuth <- reactive({ isValidToken(session$clientData$url_search) })
  	
  	# the rest of your code below
}

You can now use the value of isAuth (which is either TRUE or FALSE), to determine whether your user is authenticated or not. If a user is not authenticated, you could cut off access to the datasource, or change the UI displayed in your ui.R file.

Dependencies

Shiny Token Auth depends on the following libraries:

  • shiny
  • jsonlite
  • curl

shiny-token-auth's People

Contributors

dhenderson avatar

Watchers

Peter Solymos avatar

Forkers

cmatos-knok

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.