Feedback, Please: Dash with AWS Cognito (Authentication, Authorization)

Dash Python
1

Hey guys, Please pick apart this idea and offer advice.

I have a Dash app hosted on AWS Elastic Beanstalk and want to only allow certain authenticated users to see it.

I have set up AWS Cognito to handle federated authentication.

The auth process results in a redirect (to my app) with a parameter containing a code that resulted from the auth process like this:
http://myapp/?code=123456

Now we’re back in the Dash app. My goal is to render the page for authenticated users and not for the others (or redirect them to login).

def auth_code(url): 
    ...
    return code

def code_is_valid(code):
    ...
    return result

def layout():
    # Get the URL that the user's browser requested after redirection from the Auth process 
    code = auth_code(flask.request.referrer)  
    if code_is_valid(code)  # make sure the code is valid
        return html.Div('Authenticated!') # Render the protected content
    else:
        return html.Div('Not Authenticated!') # Redirect to auth URL

app.layout = layout

Questions

Is this a reasonable way to get the URL requested by the user? flask.request.referrer

I see requests to the app like:

  • http://myapp/_reload-hash
  • http://myapp/_dash-layout
    which don’t tell me about the auth code, but the referrer for those requests contain what I want:
    http://myapp/?code=123456

is layout() a good place to place this logic?

Good idea?
I probably can’t redirect the user from this point, but I could render a login link.

Are there other endpoints that Dash creates that provide a way for a user to get around the Auth control?

How do you hack this thing?

Any other thoughts for me?

1 Like
2

Hey! Did you have any luck with this? Could you elaborate on how you accoplish the authentication through the code?

I went a different direction, I did everything from AWS’s console and I was able to only allow authenticated users to see the content. But I wasn’t able to set a custom domain for my app, I have to go to it through Application Load Balancer DNS which “breaks” my SSL certificate giving me that horrible “Potential risk ahead” SSL message. lol.

Thank you!

3

@samdev, no, I have not figured this out yet.
I’d love to know what you did - could you explain or pass on a link to anything that guided you?
I hear you on the custom domain / SSL issue. I hope you figure that out.

4

Hi @will.barley,

Did you succeed at solving your issue ? Really curious to know more as I plan to use Cognito for authentication / authorization.

On my side, I did everything through the console as @samdev did by placing the Cognito authentication portal to access the Application Load Balancer. This can be done in a few steps without modifying your code using existing AWS documentation resources (Authenticate users using an Application Load Balancer - Elastic Load Balancing and Simplify Login with Application Load Balancer Built-in Authentication | AWS News Blog).

That way, you have authentication with a customizable app portal, as well as secure and easy user management.