My company uses Shiny for a few internal tools. The apps are currently deployed to Heroku and protected with a single user/password but we'd like to allow users to create accounts with their emails, and add/revoke access (because not everyone should have access to all apps).
Have you done something like this?
One of the most important features is that deployment should be simple. One team is in charge of controlling access to the apps but the analysts are in charge of pushing new versions. So we want the authentication to be transparent so when an analyst deploys a new version, the authentication remains the same. Ideally, the solution should not require code changes to the Shiny app because that'd mean the analysts will have to deal with it.
One team is in charge of controlling access to the apps but the analysts are in charge of pushing new versions. So we want the authentication to be transparent so when an analyst deploys a new version, the authentication remains the same. Ideally, the solution should not require code changes to the Shiny app because that'd mean the analysts will have to deal with it.
The authentication is to access the Posit Connect system, and then from there, users can access the apps they are allowed to access. So the authentication is kept separate from the running of the Shiny applications, meaning the app developer doesn't need to worry about authentication code for getting into the app (if your app links itself to other services that need authentication like cloud storage or databases, that is a separate matter). The Shiny application can still know which user is logged in, as Posit Connect populates the session$user value that some Shiny applications will want to know.