Authenticating with Public WebApps

Options
adamnieto
adamnieto Neuron 2020, Neuron, Registered, Neuron 2021, Neuron 2022, Neuron 2023 Posts: 87 Neuron
edited July 16 in Plugins & Extending Dataiku

Hello,

I was wondering if anyone knows if it is possible to authenticate a DSS user to a project web app that is both public but they do not have project access to.

I have been using code that looks like this:

You do not have permission to read-use for dashboard...."  

For users that don't have project access they see the following error in their browser. 

@app.route('/authenticate')
def authenticate():
    try:
        request_headers = dict(request.headers)
        # Get the auth of the user performing the request
        # If the user is not authenticated, this will raise
        client = dataiku.api_client()
        auth_info = client.get_auth_info_from_browser_headers(request_headers)
        print ("User doing the query is %s" % auth_info["authIdentifier"])

        user = list(filter(lambda user: user["login"].lower() == auth_info["authIdentifier"].lower(), client.list_users()))[0]
        
        # Allows only workspace admins to have access to portal
        
        # Get workspace admins list
        workspace_admins = dataiku.Dataset('workspace_admins')
        workspace_admins_df = workspace_admins.get_dataframe()
        fltr_df = workspace_admins_df.loc[workspace_admins_df['admin_username'] == user['login'].lower()]
        admin_workspaces_lst = fltr_df.workspace_id.tolist()
        if len(admin_workspaces_lst) > 0:
            return json.dumps({"status":"ok","data":user['login'].lower()})
        else:
            # User is not allowed to enter portal
            return json.dumps({"status":"ok","data":"forbidden"})
    except dataikuapi.utils.DataikuException as err:
        return  json.dumps({"status":"ok","data":"not_authenticated"})
    except Exception as err:
        logger.error(traceback.format_exc())
        return traceback.format_exc(), 500

It lists the web app and project name after the "...".

Thank you for your help!

Adam

· Share on FacebookShare on Twitter

Answers

  • adamnieto
    adamnieto Neuron 2020, Neuron, Registered, Neuron 2021, Neuron 2022, Neuron 2023 Posts: 87 Neuron
    edited July 17
    Options

    The error that the user receives by the way appears to be from Dataiku itself. It's error type is 

    "errorType":"com.dataiku.dip.exceptions.UnauthorizedException"
    · Share on FacebookShare on Twitter
  • Fahim
    Fahim Dataiku DSS Core Designer, Dataiku DSS Adv Designer, Registered Posts: 3 ✭✭✭
    Options

    Hi Adam,

    Were you able to resolve your issue? If so, could you please let us know how you did it.

    Thank you!

    · Share on FacebookShare on Twitter
  • adamnieto
    adamnieto Neuron 2020, Neuron, Registered, Neuron 2021, Neuron 2022, Neuron 2023 Posts: 87 Neuron
    Options

    Yes,

    You can add the user as an "Additional dashboard users" so you allow them to get access to just the web app without having access to the full project. Please see the picture below for more details:

    dataiku_dashboard_user.png

    · Share on FacebookShare on Twitter
  • adamnieto
    adamnieto Neuron 2020, Neuron, Registered, Neuron 2021, Neuron 2022, Neuron 2023 Posts: 87 Neuron
    Options

    You may be able to also just share it to a workspace but I haven't tried it out that way before, so I am not exactly sure.

    · Share on FacebookShare on Twitter
  • adamnieto
    adamnieto Neuron 2020, Neuron, Registered, Neuron 2021, Neuron 2022, Neuron 2023 Posts: 87 Neuron
    Options

    I am re-reading my code above and realize that it may be confusing in the context of DSS 9 + with the "workspace" variables and "workspace_admins" dataset. I was using this code before Dataiku made the workspaces feature available in DSS. The web app I was making was called the "Workspace Portal" and it had a data model called "Workspace" so just keep in mind the workspace stuff going on in this code has nothing to do with the workspace feature that DSS currently has since DSS 9.

    · Share on FacebookShare on Twitter
  • Fahim
    Fahim Dataiku DSS Core Designer, Dataiku DSS Adv Designer, Registered Posts: 3 ✭✭✭
    Options

    Thank you for this! This helps! But what if the user doesn't have a Dataiku login? What "login" do you provide under the additional dashboard users or do you control the "logins" using code?

    · Share on FacebookShare on Twitter
  • Fahim
    Fahim Dataiku DSS Core Designer, Dataiku DSS Adv Designer, Registered Posts: 3 ✭✭✭
    Options

    My apologies. I think I get it now. So you pass those dashboard authorized users back to your function.

    · Share on FacebookShare on Twitter
  • adamnieto
    adamnieto Neuron 2020, Neuron, Registered, Neuron 2021, Neuron 2022, Neuron 2023 Posts: 87 Neuron
    Options

    If the user doesn't have a DSS login then you can't use this code to authenticate them. This code specifically authenticates them into the web app using the DSS login system.

    It sounds like with your case you can just make it simple. Just make your web app a "public" web app. You can follow up on how to do that here: Public webapps — Dataiku DSS 10.0 documentation.

    In my case, I had a public web app which I also wanted to add custom authentication for specific use cases. What this meant for me is that some of my web app's pages were available to any user that could access the URL (didn't need access to DSS) and other pages of my web app required login (requiring a DSS account).

    · Share on FacebookShare on Twitter
Bookmark this topic

Categories

Setup Info
    Tags
      Help me…