Implement User Authentication in Shiny with Auth0

Looking to take your Shiny app to the global stage while ensuring it remains accessible only to the right audience? The key lies in mastering the art of authentication and authorization!

In this blog you will learn everything you need to implement user authentication in Shiny with Auth0.

Auth0: an Identity and Access Management (IAM) framework

Let’s talk about Auth0 – a tool that makes your app more secure by managing who gets in and what they can do. Think of it like a digital bouncer for your app.

Auth0 is an Identity and Access Management (IAM) framework. IAM is like the master controller of access in the digital world. Imagine it as the gatekeeper of your app, deciding who gets to enter and what they’re allowed to do once inside. It’s the set of rules and tools that ensure only the right people have access to your app’s resources, whether it’s a web application or an API. IAM is not just about keeping the bad actors out; it’s also about ensuring that legitimate users have the right level of access to do what they need to do.

Auth0 simplifies the complex processes of authentication (verifying who users are) and authorization (deciding what they can access).

Auth0 protocols

Protocols are like the secret languages that devices and applications speak to ensure secure communication. They set the rules for how data is transmitted and verified.  Auth0 supports a variety of protocols. This versatility ensures that developers have the flexibility to choose the best-fit protocol for their specific needs.

One of the most well-known protocols for web and mobile development is OpenID Connect, which builds on top of OAuth 2.0.

OAuth 2.0 is a framework facilitating secure access to a user’s resources by third-party applications without exposing the user’s credentials. It helps to authorize users and it is widely used for securing web application and API access.

Now, OpenID Connect (OIDC) builds on OAuth 2.0 to provide user authentication along with authorization. It introduces an identity layer, allowing the client to obtain information about the authenticated user. OIDC includes an additional ID token, which is a JSON Web Token containing user information. This makes OIDC suitable for scenarios where both authentication and authorization are essential, such as single sign-on (SSO) systems.

OIDC is the default authentication and authorization protocol used by Auth0.

Shiny + Auth0

If you’re reading this, you’re probably a Shiny developer, and not necessarily a security expert. It is therefore not advised to build your own authentication mechanism in Shiny. Making use of proven and secure protocols saves you a lot of development, and makes sure that you leave security to the experts. Luckily, you can implement user authentication in Shiny with Auth0!

With just a couple of simple steps and some changes in the configuration of your Shiny app you redirect users to your Auth0 tenant, instead of your Shiny app directly. All of this is made possible by the auth0 package, which is a wrapper around the Auth0 API.

The steps are simple:

  1. Create an account + tenant on Auth0
  2. Create an application within that tenant
  3. Add some users that are allowed to access your app
  4. Configure your application in your Auth0 tenant (to add the right callback URLs and disable sign-ups for example)
  5. Adjust your Shiny app so it includes an _auth.yml file (which can be generated with auth0::use_auth0()), and use auth0::shinyAppAuth0 (instead of the  regular shinyApp() call)
  6. Run your app on your configured port, and you will be redirected!

 

Easy as that!

Watch the tutorial on YouTube

This 10-minute tutorial will walk you through everything you need to know about Shiny and Auth0! Learn how to set up your tenant, create your first users, integrate Auth0 with Shiny, and get user information in your Shiny app.

The repo is available here.

Wrap up

In this article and video you hopefully learned a bit more about Auth0 + Shiny.

☕️ Was this useful to you and would you like to support me? You can buy me a coffee!

I provide R and Shiny consultancy. Do you need help with a project? Reach out and let’s have a chat!

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *