How can authentication details be passed to a shiny app in a a secure way?
The shiny app is hosted on a a Linux machine with Shiny Server (Open Source version) and should only be accessible after login on another webpage (through SAML) which is hosted on another Linux machine. The shiny app should have different functionality, depending on user rights. So, that information has to be passed to the shiny app at startup.
How can this be achieved in a secure and reliable way?
The only options I could think of were:
- Getting the IP-adress of the user and making a request from the other webpage to get the user-rights of that IP.
- Passing user-rights within the URL params and using those with parseQueryString(session$clientData$url_search) at shiny-startup.
The first option would make the app depend on a third-party service that gives me the IP and I dont know how a proxy, Vpn etc would interfer with this approach and how reliable it would be. The second option doesn't really seem secure or professional.
What other options would there be?