All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
Updated to require dash 1.x - this did not affect the API of this package at all, but usage examples and tests were adapted for the dash API changes.
Changed basic-auth to use a dictionary of valid credentials, rather than lists. This ensures only one valid password per user, and credential checks are faster.
Changed the deprecation notice to only 2 repos (dash-basic-auth and dash-enterprise-auth).
The oauth abstraction can still be used with dash-auth.
Add integrations with Dash Deployment Server 2.6. #75 This version works on both 2.5 and 2.6.
dash-auth will be split into 2 repositories:
dash-basic-auth-> basic_authdash-enterprise-auth-> Dash Deployment Server integration, replace PlotlyAuth.
- Pending deprecation notice for PlotlyAuth.
- Logout button changed to a
dcc.LogoutButtonif app is on Dash Deployment Server 2.6 get_usernamefrom request headers if app is on Dash Deployment Server 2.6- Disabled authentication if app is on Dash Deployment Server>=2.6, authentication is now performed on the Dash Deployment Server for all deployed apps.
- Fixed logout invalidation url and put in a try/catch so the token is still cleared from the cookies after an error.
- Kerberos tickets can be retrieved from a Dash Deployment Server and used to perform multi-hop authentication. #64
- Token invalidation from self signed on-prem. #56
- Logout button redirect to app url. #56
- Cookie clear use
requests_pathname_prefix. #56
- Detect requests coming from orca pdf generation and disable unsupported secure cookies. #60
- Remove trailing slash from the cookie path.
- Cookies path take
requests_pathname_prefixinstead ofroutes. #54 - Ensure failed cookie unsign clear the cookies.
- Added
get_usernametoPlotlyAuth, signed cookie stored inUSERNAME_COOKIE. - Added
get_user_datatoPlotlyAuth, custom cookie that can contains any json data for the user. - Added
logouttoPlotlyAuth, helper method to remove the auth cookies and invalidate the token. - Added
create_logout_buttonwhich create a dash logout button that will logout on click to be inserted in the layout.
- Use update_or_create for OAuth app creation when available, to avoid race condition.
- Handle the case where more than one OAuth app exists in streambed.
PlotlyAuthnow supports "secret" authentication using theshare_keyparameter.
- All
Authsubclasses must now implementindex_auth_wrapper(). Seebasic_auth.pyfor an example that preserves the existing behaviour.
PlotlyAuthnow supports multiple URLs. Supply a localhost URL and a remote URL in order to test your Plotly login on your local machine while keeping the login screen available in your deployed app. Usage:
dash_auth.PlotlyAuth(app, 'my-app', 'private', [
'https://my-deployed-dash-app.com',
'http://localhost:8050'
])
See plotly#29
PlotlyAuthis now stateless. This allowsPlotlyAuthto be used in Dash Apps that are deployed with multiple workers. See plotly#32
- Added logging on request failure for the
PlotlyAuthhandler - Added retry logic for the
PlotlyAuthhandler
- The oauth redirect URL is now trailing-backslash insensitive
- Allow the version to be imported with
dash_auth.__version__
- Wrap string responses in a
flask.Responseso that cookies can be added to it
- Fixed authentication with path based routing with dash==0.18.3
- Add path and secure attributes to the plotly auth cookies for
PlotlyAuth
- No longer implicitly saves
localhost:8050as a valid oauth redirect URL forPlotlyAuth
- Path-based routing with Plotly auth for apps where
app.config.requests_pathname_prefixis not/now works
- Python 3 support for Basic Auth
- Integration and continuous integration tests
- Python 3 support for Plotly Auth
First stable Python 2 release