Limit Shiny access to a list of users

[rasnes]

What goes wrong

I can't seem to find any way to restrict access to Shiny apps for just a limited subset of gmail users, which one could provide e.g. by list or character vector. Is this possible?

I am using gar_shiny_auth to require login to access to Shiny dashboards, which works great, but I would like be able to specify which users that should get access.

Thanks for making and maintaining this great package!

[MarkEdmondson1234]

This used to be done via Google Plus but now that’s gone the API response scopes can be changed to also request an email - see this SO https://stackoverflow.com/questions/24442668/google-oauth-api-to-get-users-email-address/24510214 With that you could request a whitelist of emails that are authorized.

…

________________________________ From: rasnes <[email protected]> Sent: Sunday, February 9, 2020 8:08 PM To: MarkEdmondson1234/googleAuthR Cc: Subscribed Subject: [MarkEdmondson1234/googleAuthR] Limit Shiny access to a list of users (#175) What goes wrong I can't seem to find any way to restrict access to Shiny apps for just a limited subset of gmail users, which one could provide e.g. by list or character vector. Is this possible? I am using gar_shiny_auth to require login to access to Shiny dashboards, which works great, but I would like be able to specify which users that should get access. Thanks for making and maintaining this great package! — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<#175?email_source=notifications&email_token=AAYCPLBCMOERRKLHPBO6U4LRCBIDZA5CNFSM4KSDV3QKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IMC3GLQ>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAYCPLHLGPFRVXCHTWGKZFTRCBIDZANCNFSM4KSDV3QA>.

[rasnes]

Great! I think I already am requesting the email scope by specifying options(googleAuthR.scopes.selected = "email") before any gar_shiny_* functions are run.

Sorry, but I don't immediately see how to enable this. How can I make gar_shiny_auth check against emails in a provided whitelist? Or, are there any other function(s) in googleAuthR that I could use for this? Could you please point me in the right direction? Thanks!

[MarkEdmondson1234]

There is nothing specific in googleAuthR (at the moment, maybe it can be added) - you could also try looking at gargle to see if its implemented there https://github.com/r-lib/gargle

It would involve making an API call (to what endpoint?) and parsing out the email from the response, then checking against a whitelist you have configured somewhere.

You would probably want to specify the "email" scope and also any API scopes you need e.g. c("email", "bigquery")