3

It is my understanding that the open source version of Shiny Server does not support authentication.

We have an environment that uses the WebSEAL proxy service for authenticating user and channelling their access through to web applications.

We wish to expose a Shinyapp to authenticated users with the content served up being dependent on user group membership. WebSEAL is able to set the iv_user and iv_group variables in the HTTP Headers to pass onto the shinyapp via the junction, but the Open Source Shiny Server seems to be unable to access them (I.E. via the session$clientData object).

I’m wondering if anyone has worked out a way for an Open Source Shiny Server app to access the HTTP Headers to determine the user and groups.

Uwe
  • 41,420
  • 11
  • 90
  • 134
Luc
  • 899
  • 11
  • 26

1 Answers1

2

If you just want to access HTTP headers, the UI can be a function that accepts a single argument for a request object that implements the Rook specification.

library(shiny)

ui <- function(request) {
  print(as.list(request))
  # get HTTP headers like request$HTTP_HEADER_NAME (all caps)

  fluidPage(
    tags$pre(
      paste(capture.output(as.list(request)), collapse = "\n")
    )
  )
}

server <- function(input, output) {
}

shinyApp(ui, server)

One way to serve different pages depending on an HTTP header could be like this -

unauthorizedPage <- function() {
  "Unauthorized"
}

memberPage <- function() {
  fluidPage(
    "Member page"
  )
}

ui <- function(request) {
  # serve memberPage() if request contains header `iv_group: member`
  # otherwise serve unauthorizedPage()
  if (!identical(request$HTTP_IV_GROUP, "member"))
    return(unauthorizedPage())

  memberPage()
}

server <- function(input, output) {
}

shinyApp(ui, server)
greg L
  • 4,034
  • 1
  • 19
  • 18