Reputation: 414
Pass credentials to Dash's basic authentication so user doesn’t have to type it again
I have a Dash app (call it charts) that gets spawned from another dash app (call it main). The user is already signed in on the main page (using a custom login/pass form) and I would like to pass those credentials to the charts page when they are redirected so they don’t have to re-enter the user name and password.
The reason I have to have authentication on the charts page is so some rando can’t just type the url and gain access to the personalized charts page of another user.
Does anyone have any idea how I could get basic auth to accept credentials behind the scenes like that? (https://dash.plotly.com/authentication)
ADDITIONAL THOUGHTS:
Still looking for any suggestions. Unfortunately, I do not think I can use flask style endpoint security (@login_required, etc) because the target of the endpoint is a flask.redirect to a brand new and separate dash app with its own url:port. Flask endpoint security on the main page will not prevent someone from opening up a completely new browser with a fresh session and typing in the charts app address right into the URL.
I really like the idea of having basic auth on the charts app, and then if it is being accessed by a redirect from the main app, we somehow pass credentials to the basic auth (kind of like when you refresh a page you are already signed into, it doesn’t make you sign in again.)
Upvotes: 4
Views: 2223
Answers (3)
Reputation: 676
Well, considering that you have this multi app architecture and wish to preserve login - why don't you have a SingleSignOn backed design? Either make your own SSO app or use a provider.
Now when a user accesses any app in your ecosystem, they have to sign into the SSO provider which will give you an auth token or something(thats valid for some time) back and whenever there is a redirect between apps this token is shared and that app uses the token to re-authenticate the user (behind the scenes). And if someone reaches the app directly it triggers a SSO page (because no token).
There are multiple blogs/tutorials that cover setting up SSO in flask apps. Each have their pros/cons. Hope this helps.
Upvotes: 1
Reputation: 414
I ended up using flask-login and flask sessions to make sure the browser that goes to the chart page is the same browser session that was originally authenticated on the main page.
Upvotes: 0
Reputation: 595
Maybe you could generate a CSRF-like token, which is calculated from a secret, username, and timestamp (so the token isn't valid forever). Then pass that as a parameter to your other app. Django's source code should include a decent example how to create one.
Upvotes: 0
Related Questions
- How to combine Dash and Flask login without using iframe?
- dash_auth not working when app is deployed
- How to achieve LDAP authentication for DASH Plotly app?
- Plotly 'Dash Auth' Login Throws 401 Error. How to get 200?
- Authenticating a dash app within a flask app using firebase
- Integrate Google authentication with Python and Dash
- How to merge Flask login with a Dash application?
- Passing current_user from Flask-Login to Plotly Dash app
- How to secure Dash-Apps within Flask-App with Flask-Login?
- Python Dash Basic Auth - get username in app