openanalytics
Use public apps without authentication + optional login
I would like to be able to allow anyone to use the public apps in my ShinyProxy server without authentication. However, I would also like to add optional authentication so users would be able to access certain private apps.
As far as I know, this is currently not possible, but would love this option!
Hi
Thanks for opening this issue. We understand the use-case (it was already asked before), but currently it's not possible. We would have to modify large parts of the authentication code of ShinyProxy in order to implement this. We aren't sure if this feature is important enough to warrant the additional complexity. For example, currently, in ShinyProxy an user is either anonymous or authenticated. I believe that changing this principle will make things complex both for the ShinyProxy code base, but also for app-developers and the administrator of ShinyProxy. For instance, what if an app can be used both by authenticated and anonymous users? What happens when an anonymous person logs-in, can they still access their apps they started as an anonymous user?
The current alternative we propose is to setup two ShinyProxy servers. One private server and one public server. Most of the time you are using ShinyPorxy with a reverse-proxy (e.g. nginx, apache, traefik, skipper ...) and this should make it is easy to have a seamless setup. Some ideas how you can do this:
- launch two ShinyProxy servers (when using docker, make sure to change the port-range and the
server.port) - create two entries in your reverse proxy:
https://example.org/-> forward it to the public ShinyProxy serverhttps://example.org/private-> forward to the private ShinyProxy server
- create a button in the navbar of the public ShinyProxy server with
Sign inorPrivate apps - create a button in the navbar of the private ShinyProxy server with
Public apps
I hope this works for you. We welcome any feedback on this!
Hey @LEDfan, I understand. The solution you purpose is certainly a possibility, although it would mean I would have to have separate server configurations (but maybe I can use the same configuration file with different apps somehow...) I will think about it. Thanks for considering this!
I just want to mention another use case here: with the new option of saving specific data for each user (using the user ID via SpEL as the example presented in that page), it would be great to optionally allow people to login to use public apps so users have their data when logged in (and would still be able to access the app as guests). The two ShinyProxy servers workaround wouldn't work well for this use case.
Thanks for the additional information.
it would mean I would have to have separate server configurations (but maybe I can use the same configuration file with different apps somehow...) I will think about it.
Yes indeed, in our deployments this is not a big problem since we use our operator (https://github.com/openanalytics/shinyproxy-operator).
Regarding the storage of data; please be aware that if you configure this without authentication, every user accessing your ShinyProxy server will create a directory on your server (and possible some files in it).
Please also see https://github.com/openanalytics/shinyproxy-config-examples/issues/33#issuecomment-1274197718 for more information why this is difficult to achieve.