Accessing authenticated user from Bokeh app

Oystein_Torget · April 29, 2021, 1:09pm

Hi,

I am trying to access the identify of the authenticated user within a Bokeh app. I have setup OAuth authentication by implementing the get_user, LoginHandler and login_url and the authentication process works, but I want to get access to the authenticated user within the context of the Bokeh app as it is used in data request.

Looking at the curdoc().session_context only the logout_url information is available and the request_handler that is used in get_user() I cannot find available in the context of the Bokeh app.

Is there a way to get the access to the user provided by the auth module in the Bokeh app?

Bryan · April 29, 2021, 3:51pm

cc @Philipp_Rudiger

AFAIK it would be up to your auth handler to add headers or cookies to the request, which would then be made available in curdoc().session_context.request Bokeh does not enforce any particular policy or scheme here because different users want different things.

Oystein_Torget · April 29, 2021, 5:48pm

Yes, the cookies are there and I could probably get the user info info from that, but it appears a bit cumbersome as I would have to copy the get_secure_cookie() implementation from Tornado to get it out.

If there isn’t a recommended way of doing this I am fine with that, I just didn’t want to hack something in if there was an built-in way of getting the result of get_user() inside of the Bokeh app.

Bryan · April 29, 2021, 6:20pm

@Oystein_Torget There’s not currently. Finding a way to expose get_secure_cookie seems reasonable to look into though, so please feel free to open a GitHub Issue about it.

Oystein_Torget · April 30, 2021, 10:39am

Adding the following to main.py file of the Bokeh app works to get the user given that the BOKEH_COOKIE_SECRET is set in the environment, the user cookie is name “user” and set using set_secure_cookie in the LoginHandler.

from tornado.web import decode_signed_value
def get_user():
    user = decode_signed_value(
        os.environ.get('BOKEH_COOKIE_SECRET'),
        "user",
        curdoc().session_context.request.cookies["user"],
        max_age_days=31,
        min_version=None,
    )
    return user

Bryan · April 30, 2021, 5:03pm

@Oystein_Torget This would probably be a nice note to add to the docs in case you want to make a GitHub Issue with that information.

Oystein_Torget · April 30, 2021, 6:12pm

I added an issue here: [FEATURE] Add standard way for LoginHandler to add user information available to the Bokeh app · Issue #11229 · bokeh/bokeh · GitHub

If would be interesting to see how it could be combined with some kind of Bokeh auth provider package similar to what the Panel project provides for different OAuth providers.