fastapi-plotly-dash
fastapi-plotly-dash copied to clipboard
Question: did you test dash-addons like dash-uploader, and did you try to add an authentication mechanism?
Hi,
I have tried the django-plotly-dash integration before, but some elements where difficult to get working. For example, the dash-uploader, needed some specific endpoints. And it was not so straigthforward to let the dash app know about the current user regarding authorization. I wonder, do you have experience with these things using fastapi-plotly-dash
?
Hi @sorenwacker !
First a note: While similarly named, this repo and django-plotly-dash
serve different purposes, in that the Django project is an actual library to ease that integration, whereas this is just a sample project demonstrating how one might wire a Dash app into a FastAPI webserver.
With that said, to your specific question of "how to let the dash app know about the current user", I've solved this in a commercial project and it did require some non-trivial hoop jumping:
- Add session middleware to your FastAPI app and ensure it serializes sessions in a Flask-compatible way
-
Starlette's
starlette.middleware.sessions.SessionMiddleware
and Flask'sflask.sessions.SecureCookieSession
are not compatible, so if you create sessions using Starlette, you will be unable to usefrom flask import session
to access the Session - To solve this, I just updated FastAPI's session serializer to use the same effective internal calls as Flask's sessions to simplify session access from the Dash app
-
Starlette's
- Add auth middleware to the FastAPI app which updates the
session
with user info - From the Dash app, just use
from flask import session
and access the user info from the session
I'm a little swamped today, but if I have time later this week I'll come back an share an example (or just update this project to contain a few example setups, one of which shows how to wire in shared auth)
That would be amazing. I implemented something like that, using a Flask server for the auth, before, for a scientific application, but looks quite bumpy, and I found some security issues as well.
That would be amazing. I implemented something like that, using a Flask server for the auth, before, for a scientific application, but looks quite bumpy, and I found some security issues as well.
It's not terribly bumpy and definitely doable, but it is delicate from a security standpoint (relatively easy to misconfigure, IMO).
I'll keep you posted when I find the spare time 😄
Hey! Any updates on this?