-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues with Shinyapps.io when we have more than one worker #76
Comments
Hi @sada1993 , thanks for the issue. I have a basic plan on shinyapps.io and never faced this issue. Do you have an open source example? Thanks? |
@sada1993 Did you ever find a solution to this issue? I'm also experiencing a similar problem. |
Apologies, I need to come up with a simple reproducible example for this. |
I had a working example and submited tickets to Auth0 and was in a discussion with Julio about this. Looks like an issue that cant really be solved for now: Here is what Auth0 said @sada1993. "it is not processing the callback correctly, it should be trying to exchange the authorization code for a token after receiving the callback, but it is just starting another /authorize request. I can see when this issue is occurring that no attempt to call the /oauth/token endpoint is being made. They also suggested this: "Whilst I couldn't find anything documented for shinyapps.io, I did find this blog post - https://auth0.com/blog/adding-authentication-to-shiny-server/ F. |
Thanks @ferguskeatinge . I Guess we can close this issue then? |
Faced this issue recently where if we have access to more than one worker process (Basic and above plans on shinyapps.io) then the authentication does not work as expected and enters a loop. This is because initially, shiny redirects the user to Auth0 for verification, and after authentication Auth0 redirects the user back to the app. In this redirect, there is no guarantee that the user will connect to the same process they left from and hence the internal check of the
state
variable fails and triggers the app to reauthenticate. This process is repeated a random number of times. We can see this reauthentication in the URL which changes repeatedly.Unsure how we can solve this problem without removing the condition to check the state of the app, this is also not recommended for security reasons. This may be a fundamental limitation in scaling this solution. If you guys have any ideas on how we can overcome this hurdle lets discuss.
The text was updated successfully, but these errors were encountered: