tapLock
Seamless Single Sign-on for 'shiny'

Package index
Search the tapLock package
Vignettes
Functions
83
Source code
12
Man pages
24
Home
/
CRAN
/
tapLock
/
(English) Securing Shiny with Google Auth

(English) Securing Shiny with Google Auth
In tapLock: Seamless Single Sign-on for 'shiny' 

knitr::opts_chunk$set(
  collapse = TRUE,
  comment = "#>"
)

Introduction

This vignette provides a step-by-step tutorial on how to secure a Shiny application using Google authentication through the tapLock R package. tapLock simplifies the integration of OpenID Connect and OAuth 2.0 into Shiny applications, ensuring robust security with minimal coding effort.

Prerequisites

Before proceeding, ensure you have the following: - A basic understanding of R and Shiny. - A Shiny application ready for deployment. - Access to Google Developer Console for OAuth credentials. - (Optional) A server with HTTPS enabled.

Step 1: Install tapLock

Install tapLock from GitHub using the pak package:

install.packages("tapLock")

Step 2: Create Google OAuth Credentials

  1. Go to the Google Developer Console.
  2. Create a new project or select an existing one.
  3. Navigate to 'Credentials' and create 'OAuth client ID' credentials.
  4. Set the Authorized JavaScript origins to your Shiny application URL.
  5. Set the Authorized redirect URIs to your Shiny application URL with the suffix /login.
  6. Note down the client_id and client_secret.

Step 3: Configure Authentication in R

Load tapLock and set up the authentication configuration:

library(taplock)

auth_config <- new_openid_config(
  provider = "google",
  client_id = Sys.getenv("GOOGLE_CLIENT_ID"),
  client_secret = Sys.getenv("GOOGLE_CLIENT_SECRET"),
  app_url = Sys.getenv("SHINY_APP_URL")
)

Replace GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, and SHINY_APP_URL with your actual credentials and application URL in your environment variables.

Step 4: Modify Shiny Application

Modify your Shiny app to use sso_shiny_app:

library(shiny)
library(tapLock)

# Authentication configuration
auth_config <- new_openid_config(
  provider = "google",
  client_id = Sys.getenv("GOOGLE_CLIENT_ID"),
  client_secret = Sys.getenv("GOOGLE_CLIENT_SECRET"),
  app_url = Sys.getenv("SHINY_APP_URL")
)

# UI
ui <- fluidPage(
  tags$h1("Welcome to the Secure Shiny App"),
  textOutput("userInfo")
)

# Server
server <- function(input, output, session) {
  output$userInfo <- renderText({
    user_email <- get_token_field(token(), "email")
    glue::glue("Logged in as: {user_email}")
  })
}

# Secure Shiny app with tapLock
sso_shiny_app(auth_config, ui, server)

Step 5: Deploy the Application

Deploy your Shiny application as you normally would. The tapLock package handles the authentication process. We recommend deploying your application with a solution like Shiny Server (Open Source or Pro) or with faucet. Solutions like Posit Connect already include authentication and do not require tapLock.

Conclusion

By following these steps, you have successfully secured your Shiny application with Google authentication using tapLock. This ensures that only authenticated users can access your application, enhancing its security and privacy.



Try the tapLock package in your browser

Any scripts or data that you put into this service are public.

tapLock documentation built on Oct. 30, 2024, 9:13 a.m.

R Package Documentation

rdrr.io home R language documentation Run R code online

Browse R Packages

CRAN packages Bioconductor packages R-Forge packages GitHub packages

We want your feedback!

Note that we can't provide technical support on individual packages. You should contact the package authors for that.
GitHub issue tracker
ian@mutexlabs.com
Personal blog

 
Embedding an R snippet on your website

Add the following code to your website.

For more information on customizing the embed code, read Embedding Snippets.

Close