Skip to content

Instantly share code, notes, and snippets.

@T4rk1n

T4rk1n/dash_username_auth.md

Created June 27, 2018 21:15
Show Gist options
  • Save T4rk1n/72874dd7255f49bd8f4eba225ede5a64 to your computer and use it in GitHub Desktop.
Save T4rk1n/72874dd7255f49bd8f4eba225ede5a64 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dash_username_auth.md

Additional auth cookies:

  • dash_user
    • signed with itsdangerous.
    • the username appear in clear text in the cookie as user.hjswEldasfkj
  • dash_user_data
    • json web signature with itsdangerous.
    • The json web signature is not entirely safe, do not put sensible data.

The users cookies have no expires, they are validated by itsdangerous.

New methods on Auth objects:

These methods must be called from a request context (a callback).

  • get_username
    • Get the username from the signed cookie.
  • set_username
    • PlotlyAuth call this from the auth response to get the plotly cloud username.
  • get_user_data
    • get the json metadata for the user.
    • Example: user_data = auth.get_user_data()
  • set_user_data
    • set custom json metadata for the user.
    • Example: auth.set_user_data({"last_login": time.time()})

is_authorized_hook

Use as a decorator to add a callback when is_authorized is called. Takes no args. Must return a boolean to indicate if the user is_authorized. Can have multiple hooks.

other

  • Added more options to Oauth.create_cookie
    • httponly - only access the cookie from the server (default=True)
    • SameSite - prevent the browser from sending the cookie to other site (default='Strict')

Example

import dash
import dash_auth
import dash_html_components as html
from dash.dependencies import Output, Input

import requests

app = dash.Dash()
auth = dash_auth.PlotlyAuth(
    app, 'my_app', 'private',
    'http://localhost:8050')


app.layout = html.Div([
    html.Div(id='content'),
    html.Button('Need perms', id='btn'),
    html.Div(id='authorized')],
    id='container')


@app.callback(Output('content', 'children'), [Input('content', 'id')])
def _give_name(_):
    username = auth.get_username()
    return username


@auth.is_authorized_hook
def _is_authorized():
    username = auth.get_username()
    # retrieve and set the perms for the user from an external service.
    perms = requests.post('http://localhost:5000/perms', json={'user': username})
    auth.set_user_data(perms.json())
    return True


@app.callback(Output('authorized', 'children'), [Input('btn', 'n_clicks')])
def _check_perms(n_clicks):
    if n_clicks:
        perms = auth.get_user_data()
        perm_click_button = perms.get('click_button')
        if not perm_click_button:
            return 'unauthorized'
        else:
            return 'authorized'


if __name__ == '__main__':
    app.run_server(debug=True)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment