Hey guys, Please pick apart this idea and offer advice.
I have a Dash app hosted on AWS Elastic Beanstalk and want to only allow certain authenticated users to see it.
I have set up AWS Cognito to handle federated authentication.
The auth process results in a redirect (to my app) with a parameter containing a code that resulted from the auth process like this:
http://myapp/?code=123456
Now we’re back in the Dash app. My goal is to render the page for authenticated users and not for the others (or redirect them to login).
def auth_code(url):
...
return code
def code_is_valid(code):
...
return result
def layout():
# Get the URL that the user's browser requested after redirection from the Auth process
code = auth_code(flask.request.referrer)
if code_is_valid(code) # make sure the code is valid
return html.Div('Authenticated!') # Render the protected content
else:
return html.Div('Not Authenticated!') # Redirect to auth URL
app.layout = layout
Questions
Is this a reasonable way to get the URL requested by the user? flask.request.referrer
I see requests to the app like:
http://myapp/_reload-hash
-
http://myapp/_dash-layout
which don’t tell me about the auth code, but the referrer for those requests contain what I want:
http://myapp/?code=123456
is layout()
a good place to place this logic?
Good idea?
I probably can’t redirect the user from this point, but I could render a login link.
Are there other endpoints that Dash creates that provide a way for a user to get around the Auth control?
How do you hack this thing?