Third-party cookie restrictions along with iframe and shiny

Hi!

A bit of an odd post but I figured someone might be able to help. As some of you know third-party cookie restrictions are coming into effect at the beginning of next year (see here: Prepare for phasing out third-party cookies  |  Privacy Sandbox  |  Google for Developers )

In many cases, people use shiny in an iframe to access and work the the app. As you can see below that won't be possible anymore. Actual link to below here: How to handle third-party cookie blocking in browsers - Microsoft identity platform | Microsoft Learn

Using iframes

A common pattern in web apps is to use an iframe to embed one app inside another: the top-level frame handles authenticating the user and the application hosted in the iframe can trust that the user is signed in, fetching tokens silently using the implicit flow. However, there are a couple of caveats to this assumption irrespective of whether third-party cookies are enabled or blocked in the browser.

Silent token acquisition no longer works when third-party cookies are blocked - the application embedded in the iframe must switch to using popups to access the user's session as it can't navigate to the login page within an embedded frame.

You can achieve single sign-on between iframed and parent apps with same-origin and cross-origin JavaScript script API access by passing a user (account) hint from the parent app to the iframed app. For more information, see Using MSAL.js in iframed apps in the MSAL.js repository on GitHub.

My question is how best to solve this problem for shiny applications relying on iframes? Will there be some support in shiny for this or a different package? Any help would be appreciated.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.