Help with openid


#1

I was able to successful configure shinyproxy with simple authentification but i would like to move to openid. I registered my application with google and this is my application.yml

shiny:
  proxy:
    openid:
    auth-url: https://accounts.google.com/o/oauth2/v2/auth
    token-url: https://www.googleapis.com/oauth2/v4/token
    jwks-url: https://www.googleapis.com/oauth2/v3/certs
    client-id: SUPERSECRETID.apps.googleusercontent.com
    client-secret: SUPERSECRET
    port: 8080
    docker:
      internal-networking: true
  apps:
  - name: STATSDC
    display-name: Slides Stats DC
    description: Interactive Slides for STATS DC 2018
    docker-cmd: ["R", "-e", "SlidesSEDS::statsdc()"]
    docker-image: slidesseds
    docker-network: shinyproxy-net


logging:
  file:
    shinyproxy.log

Alas, when I go to my server i can access the applications that i’m hosting without having to authenticate. What am I doing wrong?


#2

Hi @ignacio82,

OIDC is only supported since ShinyProxy 2.0.0 (we are at 2.0.3 currently) and this version also slightly changed the configuration in the application.yml. If I’d transform your file to the new format it would look like:

proxy:
  authentication: openid
  openid:
    auth-url: https://accounts.google.com/o/oauth2/v2/auth
    token-url: https://www.googleapis.com/oauth2/v4/token
    jwks-url: https://www.googleapis.com/oauth2/v3/certs
    client-id: SUPERSECRETID.apps.googleusercontent.com
    client-secret: SUPERSECRET
  port: 8080
  docker:
    internal-networking: true
  specs:
  - id: STATSDC
    display-name: Slides Stats DC
    description: Interactive Slides for STATS DC 2018
    container-cmd: ["R", "-e", "SlidesSEDS::statsdc()"]
    container-image: slidesseds
    container-network: shinyproxy-net

logging:
  file:
    shinyproxy.log

HTH,
Tobias


#3

Thanks a lot for the help @tverbeke , i’m new to this. I tried to make some changes but now shiny proxy shows me a white page (no logging option, nor app).

image

This is my updated dockerfile (to use 2.0.3)

FROM openjdk:8-jre

RUN mkdir -p /opt/shinyproxy/
RUN wget https://www.shinyproxy.io/downloads/shinyproxy-2.0.3.jar -O /opt/shinyproxy/shinyproxy.jar
COPY application.yml /opt/shinyproxy/application.yml

WORKDIR /opt/shinyproxy/
CMD ["java", "-jar", "/opt/shinyproxy/shinyproxy.jar"]

And this is my application.yml

shiny:
   proxy:
     authentication: openid
     openid:
       auth-url: https://accounts.google.com/o/oauth2/v2/auth
       token-url: https://www.googleapis.com/oauth2/v4/token
       jwks-url: https://www.googleapis.com/oauth2/v3/certs
       client-id: SUPERSECRETID.apps.googleusercontent.com
       client-secret: SUPERSECRET
     port: 8080
     docker:
       internal-networking: true
     specs:
     - id: STATSDC
       display-name: Slides Stats DC
       description: Interactive Slides for STATS DC 2018
       container-cmd: ["R", "-e", "SlidesSEDS::statsdc()"]
       container-image: slidesseds
       container-network: shinyproxy-net

   logging:
     file:
       shinyproxy.log

To get everything up I run the following:

sudo docker network create shinyproxy-net
docker build . -t imshinyproxy
docker run -d  --restart=always -v /var/run/docker.sock:/var/run/docker.sock --net shinyproxy-net -p 8080:8080 imshinyproxy

What am I doing wrong?

Thanks!


#4

Hi,
you don’t need shiny: on the top-level of the yaml-file, it should start with just proxy:, see example mentioned in the answer above.


#5

Thanks! I can logging using my google account and see my shiny app. A couple of follow up questions:

  1. Is there a way I can manage users or anyone with a google account can logging into my shinyproxy server?
  2. Similarly, is there a way in which i can say these users can see app A and B while these other users can see B and C?