Hi, I’m trying to secure access to my bokeh server. To this end, I found two options in the documentation: use signed session IDs, or provide a get_user function in an auth module. I tried both approaches, and can get neither to work:
With signed session IDs, it’s no problem to set up bokeh to only accept those, but when using server_document
, there is no way to provide session IDs. Is there something I am missing in terms of how I should use bokeh here?
I also want to implement an auth hook, but the documentation says my get_user
function should return None
in case the user is not authenticated – when I do that, the following exception occurs:
2020-08-22 15:24:09,948 Starting Bokeh server with process id: 139215
<Response [406]>
no user found!
2020-08-22 15:24:21,810 Uncaught exception GET /sensordata/autoload.js?bokeh-autoload-element=1002&bokeh-app-path=/sensordata&bokeh-absolute-url=http://127.0.0.1:5006/sensordata&userId=1&studyId=1&token=token (127.0.0.1)HTTPServerRequest(protocol=‘http’, host=‘127.0.0.1:5006’, method=‘GET’, uri=‘/sensordata/autoload.js?bokeh-autoload-element=1002&bokeh-app-path=/sensordata&bokeh-absolute-url=http://127.0.0.1:5006/sensordata&userId=1&studyId=1&token=token’, version=‘HTTP/1.1’, remote_ip=‘127.0.0.1’)
Traceback (most recent call last):
File “/home/…/venv/lib/python3.8/site-packages/tornado/web.py”, line 1703, in _execute
result = await result
File “/home/…/venv/lib/python3.8/site-packages/bokeh/server/views/autoload_js_handler.py”, line 60, in get
session = await self.get_session()
TypeError: object NoneType can’t be used in ‘await’ expression
It seems to me like the documentation is wrong here, and something other than None should be returned, but I’m not sure what, since I guess anything else would just create a new “default user”.
For reference: this is the code I’m trying to use as an auth provider:
import os
import requests
from dotenv import load_dotenv
from tornado.web import RequestHandler
from bokeh_server.sensordata.backend import Backend
def get_user(request_handler: RequestHandler):
user_id = request_handler.get_query_argument("userId")
token = request_handler.get_query_argument("token")
response = requests.get(
url=Backend.backend_url("users/{uid}".format(uid=user_id)),
headers=Backend.backend_headers(token=token),
)
print(str(response))
if response.status_code == 200:
return user_id
print("no user found!")
return None
def get_login_url(_: RequestHandler):
return "mylogin.de/login"