Idiot's guide to Auth0 and Shinyproxy

Hi all,

I’m after a real Dummy’s guide to securing my Shinyproxy deployment with Auth0 (specifically). A complete step-by-step-nothing-can-go-wrong kind of guide. Does one exist? I’m relatively inexperienced in using Shinyproxy and any sort of 3rd party authentication system like Auth0. I spent most of yesterday trying to get my Auth0 system working with a test Shinyproxy server using a Digital Ocean droplet but either I couldn’t get the server to boot in the first place (presumably there was a problem with application.yml as I tried to define Auth0) or I got stuck in a weird redirect loop which I just couldn’t debug.

I read the very extensive documentation at https://www.shinyproxy.io/ but I’ll be frank - I think it assumes a bit too much knowledge for someone first dipping their toes into the world of Shiny Server and scaling using Shinyproxy. The documentation is clearly very detailed which is great…but it makes it quite inpenetrable in places (to me, at least).

What I really need is a guide on pulling penanalytics/shinyproxy-demo as a test while using Auth0 (not the default simple or LDAP authentication). I would to be able to see an example of using Auth0 to give certain users access to certain apps only (much like the way in which ‘mathematicians’ and ‘scientists’ can access different Shiny apps when using the default LDAP example in the shinyproxy-demo). I did find this guide https://auth0.com/blog/adding-authentication-to-shiny-server/ but this tutorial is about setting up a standalone Shinyserver (i.e. not using Shinyproxy) and I couldn’t make the transition across.

Thanks in advance.

Check out this guide I wrote: https://globalparametrics.github.io/SecuringShiny/

I struggled to get OIDC working with shinyproxy at my enterprise and I think there is a compatibility issue with the underlying spring security implementation. I moved on to try to get SAML to work but still no luck (again, I think this is a security nuance with my enterprise). I don’t have a path forward for you but it’s been very insightful for me to get more detailed logs about what is going on with the server. As I build up these authentication schemes I configure logging in application.yml like this:

logging:
  requestdump: true
  level:
    root: TRACE