For our project we want to pass tokens (JWT) from a Keycloak Gatekeeper, to have access control on the bokeh app. Our initial solution was to pass these tokens via the headers. Bokeh 1.4.0 documentation currently states:
When a session is created for a Bokeh application, the session context is made available as
curdoc().session_context. The most useful function of the session context is to make the Tornado HTTP request object available to the application as
session_context.request. Due to an incompatibility issue with the usage of
argumentsattribute can be accessed. Attempting to access any other attribute on
requestwill result in an error.
Can someone clarify the details on the incompatibility issue and whether this is something that might be fixed in the foreseeable future?
We have successfully managed to access the headers, however, not all headers are accessible.