How do I enable a simple flask authentication service for a bokeh application?

Question

So here's the scenerio. I have two servers, a flask server and a Bokeh Server running side by side. The Bokeh Server is being used to display interactive plots and I am trying to use the flask server to authenticate users before they can access to the Bokeh server. Here is my login POST script in the flask application. I've been following this link to set up the Bokeh Server(Simple username & password protection of a bokeh server). For the flask server, the code below is what I am using to authenticate users and redirect them to the Bokeh Server.

from bokeh.util import session_id

@auth.route('/login' , methods=['POST'])
def login_post():
    email = request.form.get('email')
    password = request.form.get('password')

    user = User.query.filter_by(email=email).first() # if this returns a user, then the email already exists in database
    if user and check_password_hash(user.password, password):
        print('user exists')

        s_id = session_id.generate_session_id()
        return redirect("http://localhost:5006/app?bokeh-session-id={}".format(s_id), code=302)
            print('user does not exist')
    return redirect(url_for('auth.login'))

However after authentication, I am being redirected to a page with the error 403: Invalid session ID. Note that in the link I provided, I am creating a secret key for the Bokeh Server but no way has been defined as to how to pass that secret key to the flask server. Does anyone have any idea how to fix this problem? I am open to better solutions for authentication to Bokeh Server other than this.

score 1 · Accepted Answer · answered Oct 31 '19 at 02:52

1

You have to generate the secret key outside of both the Flask and Bokeh server processes (e.g. by running bokeh secret) and pass that same secret value to both processes. Environment variables are typically used for this purpose.

answered Oct 31 '19 at 02:52

bigreddot

33,642
5
69
122

Ok. So how do you pass the secret value to both the processes? – Crabigator360 Oct 31 '19 at 02:54
Do you know what an environment variable is? I'm not sure how to judge what you know. – bigreddot Oct 31 '19 at 02:56
Yes I know what an env variable is. Im not actually sure whether the secret key is really the reason for getting that error. I followed the steps as mentioned in the link I provided and it should be working. – Crabigator360 Oct 31 '19 at 03:09
I checked this link out https://stackoverflow.com/questions/4906977/how-to-access-environment-variable-values. If the secret key is the reason for the error I am getting, should I explicitly import the env variable? And after importing, how do I construct the url so as to properly redirect to the Bokeh Server? – Crabigator360 Oct 31 '19 at 03:10
1

You don't need to access it yourself. You just need to set `BOKEH_SECRET_KEY` for *both* processes (with the same value) and Bokeh will use it. The secret key is the shared secret that is used to sign session id's so that not just anyone can make up whatever they want and get an open session without any effort. – bigreddot Oct 31 '19 at 03:14

score 0 · Answer 2 · answered Oct 31 '19 at 03:55

0

Thanks to @bigreddot I was able to make my authentication system work. As he mentioned in the comments, I was not exactly sure how env variables worked so only set up the env variables for the bokeh server. After setting the same values for the flask server, the authentication system is working as expected. :)

answered Oct 31 '19 at 03:55

Crabigator360

822
10
9

Can you please elaborate on how you set up the secret keys? – PSK Sep 11 '21 at 06:57

How do I enable a simple flask authentication service for a bokeh application?

2 Answers2