shinyproxy icon indicating copy to clipboard operation
shinyproxy copied to clipboard
verified publisher icon openanalytics

OpenID Callback URL Configuration with Docker-based Operator in ShinyProxy 3.2.0

Open zhaohongxin0 opened this issue 5 months ago • 2 comments

Hi ShinyProxy team, I've recently upgraded to ShinyProxy 3.2.0 and switched to using the Docker-based Operator. Previously, with the non-Operator setup, I was using OpenID authentication, and the callback URL in my OpenID provider was configured as http://ip:8080/login/oauth2/code/shinyproxy, which worked fine. Now, with the Operator, the official documentation only provides an example for authentication: simple, and I'm unsure if OpenID is fully supported in this new setup. I've tried updating the callback URL to http://ip/login/oauth2/code/shinyproxy (removing the port since the Operator might handle it differently), but it doesn't seem to work—I'm getting redirection issues or authentication failures. Could you please advise on the correct way to configure the OpenID callback URL when using the Docker-based Operator? Is OpenID supported, and if so, what should the exact format of the callback URL be? Any configuration tips or examples for OpenID with the Operator would be greatly appreciated. Thanks in advance for your help! Environment Details:

ShinyProxy Version: 3.2.0 Deployment: Docker-based Operator Authentication: OpenID Connect Previous Setup: Non-Operator, callback worked with port 8080

zhaohongxin0 avatar Aug 01 '25 23:08 zhaohongxin0

Hi, I'm running ShinyProxy using the Docker-based Operator, and I also use OpenID for authentication (AWS Cognito). Everything is working fine for me, so I can confirm that the Operator works with OpenID. I have enabled TLS in my setup, so it looks slightly different, but I believe you need to use whatever you specified as fqdn in your ...shinyproxy.yaml file in your callback URL: http://{fqdn_entry}/login/oauth2/code/shinyproxy.

Following the example in the documentation, where fqdn: localhost, the callback URL should be http://localhost/login/oauth2/code/shinyproxy.

However, it might be a good idea to change the documentation in section 3.3. Currently, authentication: simple is listed as a 'mandatory' configuration. This could create the impression that only the simple authentication backend is supported.

stefanlinner avatar Aug 08 '25 09:08 stefanlinner

@stefanlinner thanks for confirming openid works for you! Indeed the authentication: simple shouldn't be part of the mandatory config, I just removed it. Thanks for pointing this out!

@zhaohongxin0 I hope you get it to work with the extra info.

LEDfan avatar Aug 08 '25 11:08 LEDfan