The goal of auth0 is to implement an authentication scheme to Shiny using OAuth Apps through the freemium service Auth0.
You can install auth0 from CRAN with:
You can also install the development version from github with:
To create your authenticated shiny app, you need to follow the five steps below.
After logging into Auth0, you will see a page like this:
http://localhost:8100to the “Allowed Callback URLs”, “Allowed Web Origins” and “Allowed Logout URLs”.
http://localhost:8100to another port or the remote server you are going to deploy your shiny app. Just make sure that these addresses are correct. If you are placing your app inside a folder (e.g. https://johndoe.shinyapps.io/fooBar), don’t include the folder (
fooBar) in “Allowed Web Origins”.
Now let’s go to R!
_auth0.ymlfile should be like this:
usethis::edit_r_environ()and add these three environment variables:
AUTH0_USER=johndoe AUTH0_KEY=5wugt0W... AUTH0_SECRET=rcaJ0p8...
There’s how you identify each of them (see the image below):
AUTH0_USERis your username, which can be found on the top corner of the site.
AUTH0_KEYis your Client ID, which can be copied from inside the app page.
AUTH0_KEYis your Client Secret, which can be copied from the app page.
More about environment variables here. You can also fill these information directly in the
_auth0.yml file (see below). If you do so, don’t forget to save the
_auth0.yml file after editing it.
app.Rfile, like this:
Note: If you want to use a different path to the
auth0 configuration file, you can either pass it to
shinyAppAuth0() or set the
auth0_config_file option by running
options(auth0_config_file = "path/to/file").
Also note that currently Shiny apps that use the 2-file approach (
server.R) are not supported. Your app must be inside a single
If you are using
auth0 for just one shiny app or you are running many apps for the same user database, the recommended workflow is using the environment variables
However, if you are running many shiny apps and want to use different login settings, you must create many Auth0 apps. Hence, you’ll have many Cliend IDs and Client Secrets to use. In this case, environment variables will be unproductive because you’ll need to change them every time you change the app you are developing.
The best option in this case is to simply add the Client ID and Secret directly in the
Because RStudio is specialized in standard shiny apps, some features do not work as expected when using
auth0. The main issues are:
app.Rscript. That’s because RStudio searches for the “shinyApp” term in the code to identify a shiny app. A small hack to solve this is adding a comment containing “shinyApp” in the script:
If you run using
runApp() (or pressing the button) and the host has a port (like
localhost:8100), you must fix the port before running the app:
The steps above show how to configure the
_auth0.yml file setting
remote_url fields under
local_url is used when you are developing your app locally, so it will probably be something like
http://127.0.0.1. You will also need to set a default port, adding something like
:8888 after the
local_url, so that when you run the app it is accessible by your browser. Some of these ports are reserved and you should not use them. The default port in auth0 package is
:8100, so if you want to change it, make sure that you also added it to the callback/web origin/logout URLs in Auth0.
remote_url is used when you use your app in production. For example, if you set up your shiny-server to run through
https://johndoe.shinyapps.io/myapp, that is what you are going to put in
remote_url. Please make sure that you wrote the
https correctly, unless it won’t work.
Actually, it is also possible to replace
That will the case when you are developing the app to use locally or if you are developing directly inside a shiny-server folder.
You can manage user access from the Users panel in Auth0. To create a user, click on “+ Create users”.
You can also use many different OAuth providers like Google, Facebook, Github etc. To configure them, go to the Connections tab.
In the near future, our plan is to implement Auth0’s API in R so that you can manage your app using R.
After a user logs in, it’s possible to access the current user’s information using the
session$userData$auth0_info reactive object. Here is a small example:
You should see an object like this:
$sub  "auth0|5c06a3aa119c392e85234f" $nickname  "jtrecenti" $name  "email@example.com" $picture  "https://s.gravatar.com/avatar/1f344274fc21315479d2f2147b9d8614?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fjt.png" $updated_at  "2019-02-13T10:33:06.141Z"
Note that the
sub field is unique and can be used for many purposes, like creating customized apps for different users.
You can add a logout button to your app using
Auth0 is a freemium service. The free account lets you have up to 1000 connections in one month and two types of social connections. You can check all the plans here.
auth0_infoin the user session data (Issue #19).
config_fileoption (Issue #25).
shinyAppDirAuth0()function to work as