Cannot logout user while using Panel OAuth


Panel /logout page doesn’t log out user after clicking logout and redirects user back to the app while using Panel OAuth.

How to access any methods like LogoutHandlers (defined in panel/ to clear cookies for user to logout user from Panel app?

Same question with more details:

I have been trying to add authentication to my panel by using build in OAuth for Github.

Login works as expected, but logout redirects the user back to the app instead of logging denying access. Is it possible to log out user by any method using build in auth?

I assume that I should be able to call a function to clear cookies from panel app to log out the user. I might also understand OAuth fundamentally wrong by trying something that isn’t correct way to accomplish this.

After clicking “Logout” button on default logout page, Panel does not print any error to terminal:
WebSocket connection closed: code=1001, reason=None

And after logout clicking “Login” button on default Panel login page where user is redirected brings me back to the app without need to login.

I can see cookies by calling pn.state.curdoc.session_context.request.cookies.

I thought I could force loging out the user by clearing cookies that can be seen from “pn.state.curdoc.session_context.request.cookies”. Clearing these by calling .clear() won’t clear them permanently.

I have also tried to clear cookies by calling pop since I could not find any other methods for clearing them.


They don’t get permanently deleted by this since they will show up after reloading the page.

Where are cookies stored and should I even clear them to log user out?

I think that auth is not working as expected since it won’t permit access to panel app when I set --oauth-expiry-days 0.00125 (about 4 minutes).

Code for the app is a combination of basic examples from Panel Add Authentication how to’s.

import panel as pn
import panel as pn

def authorize(user_info):
    valid_users = ['MYGITHUBUSERNAME']
    return user_info['login'] in valid_users
pn.config.authorize_callback = authorize

logout = pn.widgets.Button(name="Log out")
logout.js_on_click(code="""window.location.href = './logout'""")
pn.Column(f"Congrats `{pn.state.user}`. You got access!", logout).servable()

I have been trying to solve this for few weeks by reading Panel documentation and this forum. I would highly appreciate if someone would provide me any ideas where I can find more information on how Panel OAuth works and how to access different methods like Panel LogoutHandlers.

I thought I could log out the user by clearing cookies that can be seen from “pn.state.curdoc.session_context.request.cookies”. Clearing these by calling .clear() won’t clear them permanently.

I have no idea how to proceed with this. One solution I haven’t tried yet is to replace Panel auth by custom Bokeh Auth or Integrate Panel with Flask or Django, but latter options would require quite a lot learning to get simple logout to work.

Main problem for me is that I cannot figure out how and where I could understand how Panel works even though I have read the documentation and some supplementary documents about OAuth and Auth in general with Bokeh and Flask for example.

More details:
Bash script for running the app:
panel serve --ssl-certfile ***/cert1.pem --ssl-keyfile ***/privkey1.pem --port 5120 --admin --admin-endpoint="/admin" --autoreload --oauth-provider=github --oauth-key=*** --oauth-secret=*** --cookie-secret *** --oauth-encryption-key=*** --oauth-redirect-uri="" --oauth-expiry-days 0.00125

I have tried using both nginx reverse proxy and serving the page directly without nginx (as done in bash script above).

I would highly appreciate if anyone could give hints where could I find more information how to solve this problem or understand better how Panel works.

I got it work after clearing my thoughts here. There weren’t any problem with the code. Problem was my understanding of how OAuth works.

I had not properly logged out myself from the Github account and that is why the access was not revoked after logout.

I will still leave this here.

1 Like