shinyapps.io Authentication and Authorization Model

shinyapps.io Authentication and Authorization Model

With Shinyapps.io, you can limit access to your application by enabling authentication. To enable authentication in the administrative UI, select the application to modify and click on the Users tab. If you currently use the pre-beta authentication scheme, please follow the instructions to upgrade to the new system here.

Here is a sample application with the default visibility settings (Public):

Change the Application Visibility to Private and click on Save Settings. Changing the visibility of your application will require a restart of the application. The Owner of the account and other members of the account will automatically be included in the list of authorized users.

After the application is restarted you can add authorized users by entering their email addresses and clicking on Add User.

Each user will receive an email from shinyapps.io with an invite to view your application. If a user does not already have an authenticated account on shinyapps.io, they will be able to create one by authenticating through one of the following three methods:

  • Google Authorization
  • GitHub authorization
  • Shinyapps.io authentication

Shinyapps.io will prompt each visitor to your app for a username and password if they have not been authenticated. Only users who log-in with valid credentials will be able to view or use the app.

If you currently use the pre-beta authentication scheme, please upgrade to the new system right away. We will be deprecating support for the old authentication system during the beta. For instructions on how to upgrade, please read the guide below.

Migrating from our older authentication system

The beta release of shinyapps.io introduces a new mechanism for authentication and authorization. This system replaces the existing rscrypt based approach and provides a more flexible and manageable flow.

The new authentication system provides several advantages:

  • Adding or removing authorized users no longer requires restarting the application thereby preserving the sessions of logged in users.
  • Managing application access can now be handled through the admin interface.
  • Security has been improved by leveraging Google or Github authentication for your users.
  • Your users are no longer burdened with the task of managing and maintaining user authentication information.

To migrate your application from the old authentication system to the new one you will need to follow these steps:

  1. Set the Application Visibility setting to Private in the Users tab for that application and click Save Settings. This will restart the application and apply the new setting. Note, once you do this, none of the existing users will be able to authenticate.
  2. On your local system, rename the passwords.txt file in /shinyapps to old_passwords.txt.
  3. Re-deploy your application using shinyapps::deployApp()
  4. In the Users tab, add the email addresses for the individuals that were in your old_passwords.txt file. If you were not using email addresses before, you will need to do so at this time. Don’t worry if your users don’t have Google or GitHub accounts, they can always use local authentication through shinyapps.io.
  5. Your users should now be able to authenticate and see your application.

FAQ

Question: Can a given application have both the old and new authentication systems active at the same time?

Answer: Yes, it is possible during the beta until we deprecate the old system. The user would be prompted to authenticate twice. We will disable the old authentication system in the weeks before the general availability of the service.