I was able to successful configure shinyproxy with simple authentification but i would like to move to openid. I registered my application with google and this is my application.yml
shiny:
proxy:
openid:
auth-url: https://accounts.google.com/o/oauth2/v2/auth
token-url: https://www.googleapis.com/oauth2/v4/token
jwks-url: https://www.googleapis.com/oauth2/v3/certs
client-id: SUPERSECRETID.apps.googleusercontent.com
client-secret: SUPERSECRET
port: 8080
docker:
internal-networking: true
apps:
- name: STATSDC
display-name: Slides Stats DC
description: Interactive Slides for STATS DC 2018
docker-cmd: ["R", "-e", "SlidesSEDS::statsdc()"]
docker-image: slidesseds
docker-network: shinyproxy-net
logging:
file:
shinyproxy.log
Alas, when I go to my server i can access the applications that i’m hosting without having to authenticate. What am I doing wrong?
Hi @ignacio82,
OIDC is only supported since ShinyProxy 2.0.0 (we are at 2.0.3 currently) and this version also slightly changed the configuration in the application.yml
. If I’d transform your file to the new format it would look like:
proxy:
authentication: openid
openid:
auth-url: https://accounts.google.com/o/oauth2/v2/auth
token-url: https://www.googleapis.com/oauth2/v4/token
jwks-url: https://www.googleapis.com/oauth2/v3/certs
client-id: SUPERSECRETID.apps.googleusercontent.com
client-secret: SUPERSECRET
port: 8080
docker:
internal-networking: true
specs:
- id: STATSDC
display-name: Slides Stats DC
description: Interactive Slides for STATS DC 2018
container-cmd: ["R", "-e", "SlidesSEDS::statsdc()"]
container-image: slidesseds
container-network: shinyproxy-net
logging:
file:
shinyproxy.log
HTH,
Tobias
1 Like
Thanks a lot for the help @tverbeke , i’m new to this. I tried to make some changes but now shiny proxy shows me a white page (no logging option, nor app).
This is my updated dockerfile (to use 2.0.3)
FROM openjdk:8-jre
RUN mkdir -p /opt/shinyproxy/
RUN wget https://www.shinyproxy.io/downloads/shinyproxy-2.0.3.jar -O /opt/shinyproxy/shinyproxy.jar
COPY application.yml /opt/shinyproxy/application.yml
WORKDIR /opt/shinyproxy/
CMD ["java", "-jar", "/opt/shinyproxy/shinyproxy.jar"]
And this is my application.yml
shiny:
proxy:
authentication: openid
openid:
auth-url: https://accounts.google.com/o/oauth2/v2/auth
token-url: https://www.googleapis.com/oauth2/v4/token
jwks-url: https://www.googleapis.com/oauth2/v3/certs
client-id: SUPERSECRETID.apps.googleusercontent.com
client-secret: SUPERSECRET
port: 8080
docker:
internal-networking: true
specs:
- id: STATSDC
display-name: Slides Stats DC
description: Interactive Slides for STATS DC 2018
container-cmd: ["R", "-e", "SlidesSEDS::statsdc()"]
container-image: slidesseds
container-network: shinyproxy-net
logging:
file:
shinyproxy.log
To get everything up I run the following:
sudo docker network create shinyproxy-net
docker build . -t imshinyproxy
docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock --net shinyproxy-net -p 8080:8080 imshinyproxy
What am I doing wrong?
Thanks!
Hi,
you don’t need shiny:
on the top-level of the yaml-file, it should start with just proxy:
, see example mentioned in the answer above.
1 Like
Thanks! I can logging using my google account and see my shiny app. A couple of follow up questions:
- Is there a way I can manage users or anyone with a google account can logging into my shinyproxy server?
- Similarly, is there a way in which i can say these users can see app A and B while these other users can see B and C?
1 Like
@ignacio82 this may be a silly question, but how do you register an application with google?
@Gerard_Walsh, not a silly question at all, In fact, I do not really remember the steps because I did this a long time ago. I believe this tutorial might answer your questions.