Feedback, Please: Dash with AWS Cognito (Authentication, Authorization)


#1

Hey guys, Please pick apart this idea and offer advice.

I have a Dash app hosted on AWS Elastic Beanstalk and want to only allow certain authenticated users to see it.

I have set up AWS Cognito to handle federated authentication.

The auth process results in a redirect (to my app) with a parameter containing a code that resulted from the auth process like this:
http://myapp/?code=123456

Now we’re back in the Dash app. My goal is to render the page for authenticated users and not for the others (or redirect them to login).

def auth_code(url): 
    ...
    return code

def code_is_valid(code):
    ...
    return result

def layout():
    # Get the URL that the user's browser requested after redirection from the Auth process 
    code = auth_code(flask.request.referrer)  
    if code_is_valid(code)  # make sure the code is valid
        return html.Div('Authenticated!') # Render the protected content
    else:
        return html.Div('Not Authenticated!') # Redirect to auth URL

app.layout = layout

Questions

Is this a reasonable way to get the URL requested by the user? flask.request.referrer

I see requests to the app like:

  • http://myapp/_reload-hash
  • http://myapp/_dash-layout
    which don’t tell me about the auth code, but the referrer for those requests contain what I want:
    http://myapp/?code=123456

is layout() a good place to place this logic?

Good idea?
I probably can’t redirect the user from this point, but I could render a login link.

Are there other endpoints that Dash creates that provide a way for a user to get around the Auth control?

How do you hack this thing?

Any other thoughts for me?