knitr::opts_chunk$set( collapse = TRUE, comment = "#>" )
This vignette provides a step-by-step tutorial on how to secure a Shiny application using Google authentication through the tapLock R package. tapLock simplifies the integration of OpenID Connect and OAuth 2.0 into Shiny applications, ensuring robust security with minimal coding effort.
Before proceeding, ensure you have the following: - A basic understanding of R and Shiny. - A Shiny application ready for deployment. - Access to Google Developer Console for OAuth credentials. - (Optional) A server with HTTPS enabled.
Install tapLock from GitHub using the pak
package:
install.packages("tapLock")
Authorized JavaScript origins
to your Shiny application URL.Authorized redirect URIs
to your Shiny application URL with
the suffix /login
.client_id
and client_secret
.Load tapLock and set up the authentication configuration:
library(taplock) auth_config <- new_openid_config( provider = "google", client_id = Sys.getenv("GOOGLE_CLIENT_ID"), client_secret = Sys.getenv("GOOGLE_CLIENT_SECRET"), app_url = Sys.getenv("SHINY_APP_URL") )
Replace GOOGLE_CLIENT_ID
, GOOGLE_CLIENT_SECRET
, and SHINY_APP_URL
with your actual credentials and application URL in your environment variables.
Modify your Shiny app to use sso_shiny_app
:
library(shiny) library(tapLock) # Authentication configuration auth_config <- new_openid_config( provider = "google", client_id = Sys.getenv("GOOGLE_CLIENT_ID"), client_secret = Sys.getenv("GOOGLE_CLIENT_SECRET"), app_url = Sys.getenv("SHINY_APP_URL") ) # UI ui <- fluidPage( tags$h1("Welcome to the Secure Shiny App"), textOutput("userInfo") ) # Server server <- function(input, output, session) { output$userInfo <- renderText({ user_email <- get_token_field(token(), "email") glue::glue("Logged in as: {user_email}") }) } # Secure Shiny app with tapLock sso_shiny_app(auth_config, ui, server)
Deploy your Shiny application as you normally would. The tapLock package handles the authentication process. We recommend deploying your application with a solution like Shiny Server (Open Source or Pro) or with faucet. Solutions like Posit Connect already include authentication and do not require tapLock.
By following these steps, you have successfully secured your Shiny application with Google authentication using tapLock. This ensures that only authenticated users can access your application, enhancing its security and privacy.
Any scripts or data that you put into this service are public.
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.