Authentication

This chapter covers two forms of authentication maintained by Plotly:

• dash-enterprise-auth, the authentication and authorization layer built-in to Plotly’s commercial product, Dash Enterprise.
• dash-auth, a simple basic auth implementation.

Dash Enterprise can be installed on the Kubernetes services of AWS, Azure, GCP, or an on-premise Linux Server. Find out if your company is using Dash Enterprise

Dash Enterprise Auth

If your company has licensed Dash Enterprise, then view authentication documentation by visiting

https://<your-dash-enterprise-platform>/Docs/dash-enterprise

(Replace <your-dash-enterprise-platform> with the hostname of your licensed Dash Enterprise platform in your VPC)

Look up the hostname of your company’s license.

Dash Enterprise provides an authentication middleware that is configured by your administrator. This authentication middleware connects to your organization’s SAML or LDAP identity provider, allows your end users to log in with SSO, verifies if the user has permission to view the application, and then passes along user information like their username or group.

The dash-enterprise-auth package provides an API to access the username of the viewer of your Dash app. Use this username to implement conditional logic depending on who is logged in or use it in your API or database calls (row level security).

Dash Enterprise automatically implements app authorization if your Dash app’s privacy is set to Restricted or Authenticated, but not if it is set to Unauthenticated.

Using dash-enterprise-auth in an Existing Dash App

If you have previously deployed your Dash app to Dash Enterprise, add dash-enterprise-auth to your requirements.txt file.

dash-enterprise-auth includes the method create_logout_button, which allows you to add a logout button to your app’s layout. It also includes the methods get_username and get_user_data, which provide information about the app’s viewer and so must be called from within callbacks.

The example below demonstrates how to use these callbacks. Note that in order to use create_logout_button locally you will have to set an environment variable called DASH_LOGOUT_URL. You can do this by running your code with DASH_LOGOUT_URL=plot.ly python app.py.

Dash Enterprise Auth Example

import dash
from dash.dependencies import Input, Output
import dash_core_components as dcc
import dash_html_components as html
import dash_enterprise_auth as auth

external_stylesheets = ['https://codepen.io/chriddyp/pen/bWLwgP.css']

app = dash.Dash(__name__, external_stylesheets=external_stylesheets)

server = app.server  # Expose the server variable for deployments

# Standard Dash app code below
app.layout = html.Div(className='container', children=[

    html.Div([
        html.H2('Sample App', id='header-title', className='ten columns'),
        html.Div(auth.create_logout_button(), className='two columns', style={'marginTop': 30})
    ]),
    html.Div(id='dummy-input', style={'display': 'none'}),

    html.Div([
        html.Div(
            className='four columns',
            children=[
                dcc.Dropdown(['LA', 'NYC', 'MTL'], 'LA', id='dropdown')
        ]),
        html.Div(
            className='eight columns',
            children=[
                dcc.Graph(id='graph')
            ])
    ])
])

@app.callback(Output('header-title','children'),
              Input('dummy-input', 'children'))
def update_title(_):

    # print user data to the logs
    print(auth.get_user_data())

    # update header with username
    return 'Hello {}'.format(auth.get_username())

@app.callback(Output('graph', 'figure'),
              Input('dropdown', 'value'))
def update_graph(value):
    return {
        'data': [{
            'x': [1, 2, 3, 4, 5, 6],
            'y': [3, 1, 2, 3, 5, 6]
        }],
        'layout': {
            'title': value,
            'margin': {
                'l': 60,
                'r': 10,
                't': 40,
                'b': 60
            }
        }
    }

if __name__ == '__main__':
    app.run_server(debug=True)

Basic Auth

The dash-auth package provides a HTTP Basic Auth.

As a Dash developer, you hardcode a set of usernames and passwords in your code and send those usernames and passwords to your viewers. There are a few limitations to HTTP Basic Auth:

• Users can not log out of applications
• You are responsible for sending the usernames and passwords to your viewers over a secure channel
• Your viewers can not create their own account and cannot change their password
• You are responsible for safely storing the username and password pairs in your code.

Basic Auth Example

Logging in through Basic Auth looks like this:

Installation:

pip install dash==2.0.0
pip install dash-auth==1.3.2

Example Code:

import dash
import dash_auth
import dash_core_components as dcc
import dash_html_components as html
import plotly

# Keep this out of source code repository - save in a file or a database
VALID_USERNAME_PASSWORD_PAIRS = {
    'hello': 'world'
}

external_stylesheets = ['https://codepen.io/chriddyp/pen/bWLwgP.css']

app = dash.Dash(__name__, external_stylesheets=external_stylesheets)
auth = dash_auth.BasicAuth(
    app,
    VALID_USERNAME_PASSWORD_PAIRS
)

app.layout = html.Div([
    html.H1('Welcome to the app'),
    html.H3('You are successfully authorized'),
    dcc.Dropdown(['A', 'B'], 'A', id='dropdown'),
    dcc.Graph(id='graph')
], className='container')

@app.callback(
    dash.dependencies.Output('graph', 'figure'),
    [dash.dependencies.Input('dropdown', 'value')])
def update_graph(dropdown_value):
    return {
        'layout': {
            'title': 'Graph of {}'.format(dropdown_value),
            'margin': {
                'l': 20,
                'b': 20,
                'r': 10,
                't': 60
            }
        },
        'data': [{'x': [1, 2, 3], 'y': [4, 1, 2]}]
    }

if __name__ == '__main__':
    app.run_server(debug=True)