2

I want to include authorization into my Bokeh-Web Application. (The app works nicely). However, if I try to do it via the session-id: bokeh serve stocks --session-ids external-signed and the add the created key to http://localhost:5006/stocks/?bokeh-session-id=... I get the errors / messages:

bokeh serve stocks --session-ids external-signed
2019-06-18 15:57:24,923 Starting Bokeh server version 1.2.0 (running on Tornado 5.0.2)
2019-06-18 15:57:24,926 Bokeh app running at: 

http://localhost:5006/stocks

2019-06-18 15:57:24,926 Starting Bokeh server with process id: 29518

2019-06-18 15:57:36,811 403 GET /stocks (::1) 1.64ms

2019-06-18 15:57:46,800 200 GET /stocks/?my_key (::1) 417.40ms

2019-06-18 15:57:46,812 404 GET /stocks/static/css/bokeh.min.css?v=8a37df7874e86834c87075ee096f36b7 (::1) 1.14ms
2019-06-18 15:57:46,826 404 GET /stocks/static/js/bokeh-gl.min.js?v=237dac0049e0a21220ba02fa552173a1 (::1) 1.75ms
2019-06-18 15:57:46,829 404 GET /stocks/static/css/bokeh-widgets.min.css?v=5fb15c2fc1344abfe5fa3615a34beae7 (::1) 1.10ms
2019-06-18 15:57:46,834 404 GET /stocks/static/css/bokeh-tables.min.css?v=69a9e725f277a6c569c9261b8ffe50eb (::1) 4.46ms
2019-06-18 15:57:46,836 404 GET /stocks/static/js/bokeh.min.js?v=1bfbafacfa847bc6589a4af73a904fef (::1) 1.29ms
2019-06-18 15:57:46,838 404 GET /stocks/static/js/bokeh-widgets.min.js?v=d568632a768b6d5e0dcc8c423778d737 (::1) 0.98ms
2019-06-18 15:57:46,840 404 GET /stocks/static/js/bokeh-tables.min.js?v=e840bf73f9fef1bffb5540a1aab13c0d (::1) 1.55ms
2019-06-18 15:57:46,854 404 GET /stocks/static/js/bokeh-gl.min.js?v=237dac0049e0a21220ba02fa552173a1 (::1) 2.11ms
NOhs
  • 2,780
  • 3
  • 25
  • 59
Sebastian Wieser
  • 61
  • 3

1 Answers1

1

It's not really clear what you are ultimately trying to accomplish. Signed sessions are really intended for the case when you want to embed Bokeh server apps in another webapp, but want to limit session creation. Typically you would start a Bokeh server similar to this: 

BOKEH_SECRET_KEY=`bokeh secret` bokeh serve --session-ids external-signed --show app.py

Then in some other webapp where you want to embed the Bokeh server app (but only allow sessions to open when session ids are signed by you), you would do something like:

from bokeh.util.session_id import generate_session_id

script = server_session(
    url='http://111.222.333.444/app', 
    session_id=generate_session_id()
)
return render_template("embed.html", script=script, template="Flask")

Note that this other app that is embedding the Bokeh server app will need the same BOKEH_SECRET_KEY set so that generate_session_id will be able to create IDs that that Bokeh server will actually successfully validate the session ids.

It probably bears mentioning explicitly, in case this is the problem: the IDs must be cryptographically signed with BOKEH_SECRET_KEY, it can't just be some random arbitrary value you choose. The intent is to limit session creation only to authorized webapps that know the secret key.

bigreddot
  • 33,642
  • 5
  • 69
  • 122
  • Thanks a lot for your answer! what I try to achieve is basically described in the link below, i.e. I want potential users of my bokeh app to sign in, before they can use the app: https://stackoverflow.com/questions/43183531/simple-username-password-protection-of-a-bokeh-server?answertab=active#tab-top However, if I follow the steps I receive what is stated above in my question and the loaded page is blank. – Sebastian Wieser Jun 19 '19 at 07:01
  • 2
    So I found the problem. It was the slash: http://localhost:5006/stocks?bokeh-session-id=... works; http://localhost:5006/stocks/?bokeh-session-id=... does not :) – Sebastian Wieser Jun 19 '19 at 11:30