Hi,
Along the same lines… I now have a pretty happy couple of bokeh apps running on Azure essentially standalone:
bokeh serve \
--allow-websocket-origin="*" \
--index=/index.html \
--num-procs=${NUM_PROCS} \
--port 5006 \
ceoperformance \
electoralmaths
This web app is protected b y Azure app security (known MS logins only) which throws a MS login request if you try to hit the URL. All good but now I want to be a little more refined about what valid users can do (i.e. filter available stuff based on MS AAD user group) [apologies for getting all my terms wrong but hopefully relatively clear]
Now I have found what appears to be some useful guidance on how to pull user context into a Python/Flask app here which might be worthwhile if I can get a Flask/Bokeh link going in Azure in much the same way this does the job in Heroku.
So, I gather that
bokeh serve --address="0.0.0.0" --port=$PORT <bokeh-server-name> --allow-websocket-origin=<flask-app-name>.herokuapp.com
… is saying that the Bokeh server web app should ONLY accept connections from the Flask app URL (i.e a direct connection from a browser should fail) thus allowing me to ‘rely’ on the user credentials captured by the Azure/MS world and passed to the Flask app. Presumably those credentials (validated email) can be passed through to the Bokeh server as… not actually sure. Can they just be passed in the URL string? i.e. extend BOKEH_URL with [email protected]
Just asking before I open that pandoras box.
thanks