dash_username_auth.md

Additional auth cookies:

• dash_user
  • signed with itsdangerous.
  • the username appears in clear text in the cookie as user.TOKEN
• dash_user_data
  • json web signature with itsdangerous.
  • The json web signature is not entirely safe, do not add sensitive data.

The users cookies have no expiry, they are validated by the python package itsdangerous.

New methods on Auth objects:

These methods must be called from a request context (a callback).

• get_username
  • Get the username from the signed cookie.
• set_username
  • PlotlyAuth calls this from the auth response to get the plotly username.
• get_user_data
  • get the json metadata for the user.
  • Example: user_data = auth.get_user_data()
• set_user_data
  • set custom json metadata for the user.
  • Example: auth.set_user_data({"last_login": time.time()})

is_authorized_hook

Use as a decorator to add a callback when is_authorized is called. Takes a single argument which is the response from the auth service response. is_authorized is called only when a user logs in. It must return a boolean to indicate if the user is_authorized. Can have multiple hooks.

other

• Added more options to Oauth.create_cookie
  • httponly - only access the cookie from the server (default=True)
  • SameSite - prevent the browser from sending the cookie to other site (default='Strict')

Example

import dash
import dash_auth
import dash_html_components as html
from dash.dependencies import Output, Input

import requests

app = dash.Dash()
auth = dash_auth.PlotlyAuth(
    app, 'my_app', 'private',
    'http://localhost:8050')


app.layout = html.Div([
    html.Div(id='content'),
    html.Button('Need perms', id='btn'),
    html.Div(id='authorized')],
    id='container')


@app.callback(Output('content', 'children'), [Input('content', 'id')])
def _give_name(_):
    username = auth.get_username()
    return username


@auth.is_authorized_hook
def _is_authorized(data):
    active = data.get('is_active')
    if active:
        auth.set_user_data(data.get('ldap_dn'))
    return active

@app.callback(Output('authorized', 'children'), [Input('btn', 'n_clicks')])
def _check_perms(n_clicks):
    if n_clicks:
        perms = auth.get_user_data()
        perm_click_button = perms.get('click_button')
        if not perm_click_button:
            return 'unauthorized'
        else:
            return 'authorized'


if __name__ == '__main__':
    app.run_server(debug=True)

can't seem to get this to work, the app is getting this in the docker logs, just trying to spin up haven't even hit it yet:

send: b'GET /v2/files/lookup?path=dash-template HTTP/1.1\r\nHost: 10.39.94.88\r\nUser-Agent: python-requests/2.19.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nplotly-client-platform: dash-auth\r\ncontent-type: application/json\r\nAuthorization: Basic OnlvdXItcGxvdGx5LWFwaS1rZXk=\r\n\r\n' reply: 'HTTP/1.1 401 Unauthorized\r\n'

That seems to be the first error encountered, although after that a bunch of bad stuff happens. Happy to include the entire log if necessary :)

I followed this gist closely:

import dash
import dash_auth
import dash_html_components as html
import requests
import config

# from auth import auth


app = dash.Dash(
    __name__,
    # Serve any files that are available in the `static` folder
    static_folder='static'
)
# auth(app)
auth = dash_auth.PlotlyAuth(
    app, config.DASH_APP_NAME, 'public',
    'https://pa-dashboard.gene.com')
server = app.server  # Expose the server variable for deployments

app.layout = html.Div("dash app template for PA")


@auth.is_authorized_hook
def _is_authorized():
    res = requests.post(
        config.PORTAL_API_ENDPOINT, json={'username': auth.get_username(), 'appname': config.DASH_APP_NAME},
        headers={'Authorization': 'Bearer {}'.format(config.PORTAL_API_KEY)},
    )
    return res.status_code == 200


if __name__ == '__main__':
    app.run_server(debug=True)

Any ideas what could be wrong?

Figured it out - api key is required for these even though they are public apps.