I am building a Dash application that is mounted on my Flask server. I am integrating all requests to my Flask web service with an Identity Provider, so my frontend code reaches out to my IdP to generate a JWT and send through the headers to my Flask service. I am validating the JWT in the backend using a before request validator like so:
@app.before_request
def validate_session():
# Intercept all requests to the Flask server (aside from the home API)
if request.path != "/":
# All calls should have an access token in the Authorization header. The Auth token must be present
auth_header = request.headers.get("Authorization")
if not auth_header:
raise UnauthorizedError(message="Authorization header is missing")
(...)
# Authenticate the jwt with IdP
signing_key = jwks_client.get_signing_key_from_jwt(jwt_access_token)
decoded_jwt = jwt.decode(jwt=jwt_access_token, key=signing_key.key, audience=audience, algorithms=algorithms, options=options if options else {})
if not decoded_jwt:
raise UnauthorizedError(message="User is not authenticated.")
This will function as expected for all endpoints outside of my Dash application because my frontend code ensure the token is generated and added to the headers. My concern is how I can ensure that all of my Dash application’s callback functions successfully complete the same authentication that will also hit this @app.before_request validator. I’ve read some useful information here about the possibilities of using cookies or creating a custom DashRenderer and modifying the request before it is made.
Would others suggest creating a custom DashRenderer that reaches out to my IdP and adds the token to the headers of every callback request so my @app.before_request validation completes successfully? Or would there be more merit to achieving the same validation through cookies if we can ensure there is a cookie with the required information?
I don’t have much experience with cookies so I would appreciate all feedback or considerations to make. Thanks!