Authenticating with Public WebApps
Hello,
I was wondering if anyone knows if it is possible to authenticate a DSS user to a project web app that is both public but they do not have project access to.
I have been using code that looks like this:
You do not have permission to read-use for dashboard...."
For users that don't have project access they see the following error in their browser.
@app.route('/authenticate') def authenticate(): try: request_headers = dict(request.headers) # Get the auth of the user performing the request # If the user is not authenticated, this will raise client = dataiku.api_client() auth_info = client.get_auth_info_from_browser_headers(request_headers) print ("User doing the query is %s" % auth_info["authIdentifier"]) user = list(filter(lambda user: user["login"].lower() == auth_info["authIdentifier"].lower(), client.list_users()))[0] # Allows only workspace admins to have access to portal # Get workspace admins list workspace_admins = dataiku.Dataset('workspace_admins') workspace_admins_df = workspace_admins.get_dataframe() fltr_df = workspace_admins_df.loc[workspace_admins_df['admin_username'] == user['login'].lower()] admin_workspaces_lst = fltr_df.workspace_id.tolist() if len(admin_workspaces_lst) > 0: return json.dumps({"status":"ok","data":user['login'].lower()}) else: # User is not allowed to enter portal return json.dumps({"status":"ok","data":"forbidden"}) except dataikuapi.utils.DataikuException as err: return json.dumps({"status":"ok","data":"not_authenticated"}) except Exception as err: logger.error(traceback.format_exc()) return traceback.format_exc(), 500
It lists the web app and project name after the "...".
Thank you for your help!
Adam
Answers
-
The error that the user receives by the way appears to be from Dataiku itself. It's error type is
"errorType":"com.dataiku.dip.exceptions.UnauthorizedException"
-
Hi Adam,
Were you able to resolve your issue? If so, could you please let us know how you did it.
Thank you!
-
Yes,
You can add the user as an "Additional dashboard users" so you allow them to get access to just the web app without having access to the full project. Please see the picture below for more details:
-
You may be able to also just share it to a workspace but I haven't tried it out that way before, so I am not exactly sure.
-
I am re-reading my code above and realize that it may be confusing in the context of DSS 9 + with the "workspace" variables and "workspace_admins" dataset. I was using this code before Dataiku made the workspaces feature available in DSS. The web app I was making was called the "Workspace Portal" and it had a data model called "Workspace" so just keep in mind the workspace stuff going on in this code has nothing to do with the workspace feature that DSS currently has since DSS 9.
-
Thank you for this! This helps! But what if the user doesn't have a Dataiku login? What "login" do you provide under the additional dashboard users or do you control the "logins" using code?
-
My apologies. I think I get it now. So you pass those dashboard authorized users back to your function.
-
If the user doesn't have a DSS login then you can't use this code to authenticate them. This code specifically authenticates them into the web app using the DSS login system.
It sounds like with your case you can just make it simple. Just make your web app a "public" web app. You can follow up on how to do that here: Public webapps — Dataiku DSS 10.0 documentation.
In my case, I had a public web app which I also wanted to add custom authentication for specific use cases. What this meant for me is that some of my web app's pages were available to any user that could access the URL (didn't need access to DSS) and other pages of my web app required login (requiring a DSS account).