Duo 2FA Integration?

Hey everyone! So I was just wondering whether anyone has had success trying to integrate this in with a solution like @AnnMarieW has created with her Dash + Flask Login setup? I was hoping to handle authentication with that + user authorization with @stu suggested OSO library, which should get me 90% of the way there if everything works properly, but the solution would get me the extra 10% of the way there if I were able to plug into a library like this one. I get tripped up on performing the redirects within a Dash app. Thanks in advance for any help! :slight_smile:

It looks like the Plotly team wants to include this part in their paid module, so you probably won’t get much official support. I’m sry.

1 Like


What type of 2FA are you looking for?

You can either have a code emailed to you that can be entered to confirm your identity. Or use an Authenticator app which uses a secret key and generates a one-time password for 30 seconds.

These are some I’ve done, don’t know if there is a library that you wanted to use though.

Well so I think I have a Duo Push subscription, but I think an authenticator app with an OTP code would work perfectly fine as well if that’s a solution that you’re familiar with? Does the solution you’re referring to have anything to do with the pyotp library?

(I realized that I have to rework a bit of my redesigned app because it probably won’t be feasible to handle page routing with flask-login in a seamless fashion for the user while using the new multipage component, so I’ll have to rebuild the index router, but that’s a bit of an aside from the main issue of 2FA.)


As far as I understand it, you can build your auth process in flask-login, and routing in flask as well.

Then pass the final server over to dash as the server argument. From there, Dash adds on it’s own routings if there is no conflict, in a tie, the flask server will win out.

Yes, I was referring to the pyotp library. You’d have to have a way to associate the secret key with a user in a database in order to store when they’ve verified the code through an interface.


So I think I understand what you mean and that would be perfect for me, but I guess I don’t have any experience using Flask as the overarching router, so I’m not entirely sure how that would function. Do you happen to have a minimum example or something that I could look at to get a better idea? I’m imagining that I would be able to define auth_required -esque decorators on each of the flask routes and a dash callback that populates the page based on the url? I imagine there would be some issues with that but I’ve never tried it myself.

Do you already have flask-login working on your existing app?

Well, I had tried to create a flask-login setup using the Dash multipages example, but I ran into some issues in that I wasn’t able to handle user management very well, so I decided that I would use a router in Dash using the dcc.Location() component, which I haven’t set up yet, but which I figure should work ok (within the callback, check the desired url and check if a user is authenticated – g.user.is_authenticated --, and if not authenticated yet, just push them to the /login url page as the output). Haven’t tried it yet but was going to give it a go on Friday or this weekend when I have a bit more time.