Logout with OpenID not working

ShinyProxy
#1

Dear shinyproxy support,

I’m having the same problem as gbisschoff on github in issue #87 (https://github.com/openanalytics/shinyproxy/issues/87):
I configured shinyproxy 2.0.4 to do authentication via Auth0. Login and group-based access to apps is working nicely, but logout does not work. Whenever I click the ‘Sign Off’ button in the navbar, it says ‘User logged out [user: aaa@bbb.cc]’ in the shinyserver log, but I stay logged in and get redirected to the landing page, where I can start the example app.
Here is my application.yml:

proxy:
title: Statistics Hub 1
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8081

hide-navbar: false

authentication: openid
admin-groups: scientists

openid:
auth-url: h!!ps://my-app.auth0.com/authorize
token-url: h!!ps://my-app.auth0.com/oauth/token
jwks-url: h!!ps://my-app.auth0.com/.well-known/jwks.json
client-id: *** my id ***
client-secret: *** my secret ***
roles-claim: h!!ps://shinyproxy.io/shinyproxy_roles

container-backend: docker
docker:
cert-path: /home/none
url: http://localhost:2375
port-range-start: 20000
port-range-max: 20099

specs:

  • id: 01_hello
    display-name: Hello Application
    description: Application which demonstrates the basics of a Shiny app
    container-cmd: [“R”, “-e”, “shiny::runApp(‘mnt/app’)”]
    container-image: default
    access-groups: [scientists, mathematicians]
    container-volumes: [ “/srv/shinyproxy/apps/hello:/mnt/app” ]

server:
servlet:
context-path: /hub1

(‘h!!ps:’ is intentional as I am not allowed to post that many links here)
I set the allowed callback URLs properly at Auth0 and as login is working well, I assume that everything is correct there. I also played around with the allowed logout URLs at Auth0, but still without success. With simple authentification everything worked well. Is there a setting that I missed or anything else that I should check to get logout working with OpenID?

#2

Dear @lug0si,

Thanks for the feedback. We will investigate and report back!

Kind regards,
Tobias

#3

Many thanks! :slight_smile:
I hope it is reproducible - please let me know, if you need more details.
Maybe it’s a concurrence of OpenID integration & the shinyproxy context-path: https://myserver.net/hub1 …?

Best wishes, Wolfgang

#4

I found a workaround for the time being:

  • create custom template with custom navbar.html
  • in navbar.html change
    <a role=“button” class=“btn btn-primary btn-sm” th:href="@{/logout}" th:if="${isLoggedIn}">Sign Out
    to
    <a role=“button” class=“btn btn-primary btn-sm” href=“https://myserver.auth0.com/v2/logout?returnTo=http%3A%2F%2Fshinyserverurl/logout” th:if="${isLoggedIn}">Sign Out

This really logs out the user from auth0 and from shinyserver.

#5

Hi @lug0si,

Thanks for checking this, and providing a workaround.
The github issue has been updated with new info.

#6

@lug0si, ShinyProxy 2.0.5 adds the possibility to specify the proxy.openid.logout-url for OpenID Connect based authentication; see https://www.shinyproxy.io/downloads/ and documentation under https://www.shinyproxy.io/configuration/#miscellaneous-settings

Best,
Tobias

#7

Great! :smiley:
With logout-url it’s working fine now and I went back to the original line in navbar.html.

Thanks a lot! Cheers, Wolfgang

1 Like
#8

Hi there,
I am having problems with this when using Auth0 as an OpenID authentication service. I have tried using @{/logout} and the href approach, specified above, but nothing happens when I click on the Sign Out button. My app is specified to be direct (/app_direct/app_name) in the yml file, so I have added the Sign Out button using Shiny’s HTML function.

Regards,
Will

#9

I found the solution here: Custom CSS Styling
See the comments by @fifthace and @fmichielssen on adding the logout button. Thanks guys!

Will

1 Like