I have built a simple app in shinyapps.io and I am bringing in data from a MySQL hosted table successfully. I would like to only show data that is relevant to the user that is viewing the app and hide data that does not relate to them. If the user has not logged into shinyapps.io then NULL will be returned and no data will be shown. From the documentation and search results, it seems like this can be done using session$user but only on Shiny Server Pro. I don't think this can be done in shinyapps.io, is this correct? If so, my app has come to a grinding halt as I can't go down the whole Linux / Pro route.
Thanks to Andy Kipp from RStudio for answering this via Google Groups.
"If you're running on shinyapps.io, and your application is set to private (under Users tab), when a person logs into your application the email address of the person who is logged in will be in session$user. We don't expose anything other then the email address. Again this is for private applications only. Private applications are available in the Standard plan and higher."
Good to know, took me a while to pin this down, thanks Andy.
Related
I've been using my Google API credentials to access Googlesheets through R for a while now. Today, I made the mistake of running a script that calls from a different google account (my work account) and now I have this error:
When I clicked through, it says that I only need verification if I'm creating a user-facing app (I'm not). What I'm doing is reading and writing Google Sheet data. I've tried recreating my OAuth key, I've tried changing the project scopes (it's the //auth/drive scope that's throwing the wrench in things).
I'm not actually a developer, I'm a data analyst and use R code for a fairly small scope (Google Sheets, a few data resources like the NOAA, Google Analytics, and social platforms). I use this for my side business and need to get it going again before I get any orders. Since I'm not a developer, I'm really at a bit of a loss here. Help?
I'm not sure if this would help but I had the same problem to share a shiny app to draw numbers and store the value of the pixels in a google sheet. What worked for me was to create a token.rds file which stored the information to authenticate each rstudio session.
How to create the token.rds file
I recommend you to read this tutorial if you have not created the OAuth 2.0 Client ID. If you have created an OAuth 2.0 Client ID for your google account and you have the public and secret key, run the following code:
library(googlesheets)
your_gs_app <- gs_auth(key = "782348718282-bgaocvueexiq9qbackboidne19aaa5v9dg.apps.googleusercontent",
secret = "gFMmSoWPVPLu2EmdBLOBuSZs")
This would require you to verify the app in the same webpage that you have posted in the image. Click on Advanced > Go to application-name (unsafe) and grant the permissions in the next few windows. Once you have granted all the permissions, close the navegator and go back to RStudio to create the token.rds file by running:
saveRDS(your_gs_app, file = "token.rds")
Now that you have created the file to authenticate the R session, you can authenticate any R session in other computers by running:
googlesheets::gs_auth(token = "token.rds")
with the token.rds file in the working directory (obviously)
Hope this helps!
My organization set up Cloud SQL as the default for Google App Maker about one month ago. In the last week, we have been unable to preview or publish apps that use Cloud SQL data sources, including the sample applications which worked perfectly before. The failure occurs during the authorization process. When previewing or publishing an app, Google App Maker displays a dialog stating "Deploying this app requires authorization". Next it prompts the user for their Google account and then requests approval for the necessary authorizations (e.g., "Manage the data in your Google SQL Service instances"). After approving the authorization, the prompts to authorize begin over with the dialog stating "Deploying this app requires authorization".
Observations:
We have repeated this problem on multiple different computers, networks, and four different user accounts.
In the SQL cloud console, our Cloud SQL instance shows new databases being created for each app along with new database-specific user accounts
All of the databases appear as expected when I log directly into the Cloud SQL database using phpMyAdmin
Other apps which don't use a Cloud SQL datasource work fine, including an app that uses a calculated data source which is hosted in the same Cloud SQL instance
The only errors in the Stack driver logs for the Cloud SQL database showed "INFO" level communication errors with the database (aborted connection...Got an error reading communication packets)
I'm unable to find Stack driver logs for the apps because I cannot preview or publish them (either option would provide a link to the Stack driver logs)
There are now approximately 20 databases in our SQL instance (mostly associated with simple app tests) and we have only used 1 GB of 10 GB of space in our SQL instance
I haven't seen any related problems on the Google Issue Tracker for Google App Maker
I'd appreciate any help or suggestions on what to check in order to resolve this issue.
I posted an issue to Google Issue Tracker and Google corrected the problem. They also provided a workaround if this problem happens again.
Here is the response from the Google development team posted on Google Issue Tracker: https://issuetracker.google.com/issues/145345198
It's great to hear your up and working again! We are aware of this issue and are working through a longer term fix. The specific bug appears to be related to some changes made in the Google Cloud session policy control that may have rolled out to your domain recently interacting with AppMaker in a way that was not expected. We've spent time diagnosing the underlying issue and we beleive we know the root cause. I suspect your domain admin did a version of the workaround below.
Without getting too far into the details, the specific bug is that for a Deployer of an AppMaker application, if the Google Cloud Session policy is set with any expiration time, the returned token AppMaker sees is invalid, triggering a loop in AppMaker trying to generate a valid security token. Historically, these session tokens never expired but recently there was beta feature launch that allowed domain admins to set them to expire. We strongly suspect your domain recently set this expiration policy explicitly and that's what is causing the bug.
The good news is that these policies are overridable per Organizational Unit and we have tested that OUs which have the original classic Never Expire setting do, in fact, allow AppMaker to work.
My suspicion is that your domain admin has reverted recent, local changes to your organizational policy under the admin.google.com console, specifically under Security > Google Cloud session control (Beta).
If this happens again, here the workaround we would recommend. Note you don't need to do this if you're currently up and working. You will need the help of someone with admin.gogole.com powers, specifically User and Organizational Unit powers at your organization. It is a slight increase in security risk but it restores some classic behavior that was standard until recently.
The summary of the workaround is to override the Google Cloud session control expiration setting such that individuals who need access to AppMaker deployments can have it. To mitigate systemic security risk, this is best done by creating a limited purpose Organizational Unit with just that setting different than the parent OU settings.
The workaround is to:
Contact someone in your domain with Admin powers for your Google for Business license.
Have your admin proceed to https://admin.google.com. The actions below need to be performed by a domain admin.
Under the Users section, identify the specific user account that needs the ability to deploy AppMaker Apps.
Identify the Organizational Unit of that Appmaker dev user and make a note of it.
Under the Organization Units settings, locate the Organization Unit you identified above.
Create a new Organization Unit underneath that user's current Organizational Unit with some descriptive identifying it as special w.r.t AppMaker. So for Developers, make something like DevelopersWhoAreAlsoAppMakerDevs.
Back under the Users tab, locate the user from step 3. Move this user into the new Organizational Unit you've just created. This change can take a while to propagate.
-Interlude- At this point, you've made a new Organizational Unit for just that individual and added them to it. You can certainly add multiple people to that OU, especially if they're already in the same parent OU. Use your discretion as to what amount of Organizational rework you wish to pursue. You may not be using OUs at all or you may decide to just turn off this control for the whole domain. It's up to you.
Under admin.google.com's Security settings, locate the Google Cloud session control (beta) settings.
Under this panel, from the dropdown menu on the left, locate the Organization Unit you just created.
Be sure to select ONLY the OU you intend to change.
Change the "Google Cloud Console and Google Cloud SDK session control" from expiring to "Session Never Expires".
Save your changes.
The account you selected in step 3 should now be able to deploy AppMaker apps.
It appears this OU change is only necessary for the deployer of an AppMaker app, not an individual user. Note also that if you have multiple AppMaker developers who all have different current OU settings, you may need to create multiple daughter OUs to avoid a sudden radical shift in OU settings for an individual account.
I have developed an R Shiny app which uses google analytics. I simply use ga_auth with ga_id to allow access to google analytics. This works well on my Mac with R Shiny, and an ubuntu EC2 server. The code is as below:
ga_auth("./.httr-oauth")
ga_id <- 8888888888
It accesses a previously generated .httr-oauth file and I get access to the google analytics API as expected
However, running the same code in a Docker, it produces hangs the app, and generates the following log message :
Waiting for authentication in browser...
Press Esc/Ctrl + C to abort
Please point your browser to the following url:
https://accounts.google.com/o/oauth2/auth?client_id=289......
The app simply needs a basic access to the analytics api, and clearly I do not need the user to have to interact with google authentication themselves. Any ideas? I have looked at several articles on the subject but none that clearly highlight the difference in behaviour between a docker and server app with respect to http-oauth.
Please help! This is my first posting (the first tine I have got this stuck!) so my apologies if I haven't got things quite right! I was inspired by a talk from a Stack Overflow employee at the recent EARL conference in London!
Alex
Is there any way to make R Shiny support multiple users? I'm talking about hundreds of concurrent users.
To add some context: I'm not talking about Authentication (username / password). That will be taken care of by Auth0 (see auth0.com). So AFTER they are logged in, I see that Shiny Server does not pass the username to the Shiny session (maybe deliberately, so that you are forced to purchase the Commercial license to Shiny Server?).My question is more about : a) how do I make it recognize the username of the logged in user? b) will it scale to hundreds of concurrent (simultaneous) users?
https://www.shinyproxy.io/ attempts to solve problem b): it spawns a Docker container per application and per user. It should scale well if you give it enough resources (unfortunately it's difficult to estimate what "enough" is beforehand... You should run your own tests).
I'm not sure about problem a) but Shinyproxy deals well with authentication of users.
The free version of Shiny Server can be enabled to utilize authentication before loading an app (a login screen) but does not then launch the shiny app as the user. This feature is only available in the pro version.
These cases are impossible with free Shiny Server
User logs in and the app executes a query against a secured database using the logged in identity
User logs in and the app recognizes them - free Shiny Server is already running under a user account and all users share that space.
User logs in and has their own private execution environment (if you have thousands of concurrent users you may well run into variable collisions which could expose what another user is looking at)
With the Shiny-Pro you can enable Authentification. The server then gives the App information about username over the variable session$user.
In the basic version Shiny-Pro can handle 20 Concurrent users but you can buy an extension so that it can handle up to 120 - 150 concurrent Users.
Is it possible to embed an external application inside the browser (IE, Chrome, Safari, Firefox) so it will look like a native web application but actually having access to the USB ports of the client machine? I have heard that I need to make an ActiveX control. I would like to use the .Net framework, but if that is not possible, maybe using Java or C++ will be fine.
I have to make an application that will allow to the users to connect an external device to an USB port, this device will take a backup of the information contained in a SIM card and send it to the user's account online agenda. So the user can restore it later using the same application. This should be a web application or at least look like one.
If the first is not possible. Is there any way to launch an external application from all the browsers, and then pass information to the browser window to allow it to refresh after the backup has been made?
Thanks for your help in advance.
First off this seems to be a big security issue and hence this is the reason why you might be finding it tricky.
What I would do is look at it from a different angle; what am I trying to achieve? How is the user going to use the data? Where is the user going to use the data?
From you question I have answered those questions with the following; I hope I've not miss interpretted anything.
I want to copy the data from an external sim card to a central location
I want the user to see this data from the central location; preferablly from a web application.
The user is going to see and use the data from the web app
Assuming all of these things are true; one design option is the following:
1 - Have a client based application which can read stuff from the usb device
2 - Have a secure webservice which the client based application can upload the data too
3 - Have a web application which can view this data and see refreshes
Let me go into bit more detail for each step.
1 - If you write a small client application it is installed or at least runs on the client computer. Due to this it can access the local client resources such as usb and interface with them. This will mean they can read the sim data throuogh this app, buut also potentially save it locally as well as upload the data. To access the web service they would enter their username/password so you could authenticate them for the upload.
2 - This web service would do the authentication from the client application, but also receive the data submitted from the client app. Acessing web services from .net now a days is really straight forward. Using this web service the client application could also do some checking to make sure the data has been updated and it could handle re-tries if the network dropped etc.
3 - The web front end of the system would interface to the same data source. This site would take the username / password to authenticate them on the site, but also let them see the uploaded data. As for the refreshes; if the user is logged in and looking at the data you could have a javascript timer polling an action/service to see when new records have been added etc. This could then display a message through jQuery or similar to notifiy the user. This could be similar to the notifications which StackOverflow gives when you visit for the first time or get a new badge etc.
Hope this helps :-)