Looking to take your Shiny app to the global stage while ensuring it remains accessible only to the right audience? The key lies in mastering the art of authentication and authorization!
In this blog you will learn everything you need to implement user authentication in Shiny with Auth0.
Auth0: an Identity and Access Management (IAM) framework
Let’s talk about Auth0 – a tool that makes your app more secure by managing who gets in and what they can do. Think of it like a digital bouncer for your app.
Auth0 is an Identity and Access Management (IAM) framework. IAM is like the master controller of access in the digital world. Imagine it as the gatekeeper of your app, deciding who gets to enter and what they’re allowed to do once inside. It’s the set of rules and tools that ensure only the right people have access to your app’s resources, whether it’s a web application or an API. IAM is not just about keeping the bad actors out; it’s also about ensuring that legitimate users have the right level of access to do what they need to do.
Auth0 simplifies the complex processes of authentication (verifying who users are) and authorization (deciding what they can access).
Protocols are like the secret languages that devices and applications speak to ensure secure communication. They set the rules for how data is transmitted and verified. Auth0 supports a variety of protocols. This versatility ensures that developers have the flexibility to choose the best-fit protocol for their specific needs.
OAuth 2.0 is a framework facilitating secure access to a user’s resources by third-party applications without exposing the user’s credentials. It helps to authorize users and it is widely used for securing web application and API access.
Now, OpenID Connect (OIDC) builds on OAuth 2.0 to provide user authentication along with authorization. It introduces an identity layer, allowing the client to obtain information about the authenticated user. OIDC includes an additional ID token, which is a JSON Web Token containing user information. This makes OIDC suitable for scenarios where both authentication and authorization are essential, such as single sign-on (SSO) systems.
OIDC is the default authentication and authorization protocol used by Auth0.
Shiny + Auth0
If you’re reading this, you’re probably a Shiny developer, and not necessarily a security expert. It is therefore not advised to build your own authentication mechanism in Shiny. Making use of proven and secure protocols saves you a lot of development, and makes sure that you leave security to the experts. Luckily, you can implement user authentication in Shiny with Auth0!
With just a couple of simple steps and some changes in the configuration of your Shiny app you redirect users to your Auth0 tenant, instead of your Shiny app directly. All of this is made possible by the auth0 package, which is a wrapper around the Auth0 API.
The steps are simple:
- Create an account + tenant on Auth0
- Create an application within that tenant
- Add some users that are allowed to access your app
- Configure your application in your Auth0 tenant (to add the right callback URLs and disable sign-ups for example)
- Adjust your Shiny app so it includes an
_auth.ymlfile (which can be generated with
auth0::use_auth0()), and use
auth0::shinyAppAuth0(instead of the regular
- Run your app on your configured port, and you will be redirected!
Easy as that!
Watch the tutorial on YouTube
This 10-minute tutorial will walk you through everything you need to know about Shiny and Auth0! Learn how to set up your tenant, create your first users, integrate Auth0 with Shiny, and get user information in your Shiny app.
The repo is available here.