How to get back to login and clear cookies

t-houssian · October 25, 2022, 9:47pm

Hi y’all,

I am currently trying to build a panel app with oauth and got it to work but can’t seem to figure out how to redirect back to the login page and clear the cookies. I am using the example from the docs.

import panel as pn
import os

APP_ROUTES = {
    "/": pn.template.FastListTemplate(
        main=pn.pane.Markdown(
            """
            # My App
        """
        )
    ).servable(),
}

def authorize(user_info):
    with open('users.txt') as f:
        valid_users = f.readlines()
    return user_info['email'] in valid_users

pn.config.authorize_callback = authorize

pn.serve(
    APP_ROUTES,
    port=5000,
    allow_websocket_origin=["0.0.0.0:5000"],
    address="0.0.0.0",
    show=False,
    autoreload=True,
    oauth_provider="google",
    oauth_key=os.getenv("PANEL_OAUTH_KEY"),
    oauth_secret=os.getenv("PANEL_OAUTH_SECRET"),
    oauth_encryption_key=os.getenv("PANEL_OAUTH_ENCRYPTION"),
    cookie_secret=os.getenv("PANEL_OAUTH_ENCRYPTION"),
)

It works great to not let users log in if they are not authorized and lets authorized users log in. But in the case where someone has lots of google accounts and accidentally clicks on the wrong one they either have to go into their browser and clear the cookies manually to be able to log in or wait until the cookie expires. Any thoughts?

Here is the page users get stuck on. Everytime I go back to my app it is stuck on this:

Khalilsqu · October 26, 2022, 1:25pm

I cannot make this code works!

t-houssian · October 26, 2022, 3:31pm

In order to run this code you will have to set up credentials on Google and set them to the correct env variables. This link explains how to do that. docs. Let me know the error you are getting.

Material-Scientist · October 26, 2022, 8:42pm

I’m using the auth script example from the bokeh github instead of oauth:

# optional logout_url, available as curdoc().session_context.logout_url
logout_url = "/logout"

# optional logout handler for logout_url
class LogoutHandler(RequestHandler):

    def get(self):
        self.clear_cookie("user")
        self.redirect(self.get_argument("next", "/"))

And add a logout button:

<div>
    <p class="signed-text" style="text-align: center;">Signed in as: Placeholder</p>
    <span class="sign-out-button" style="margin-left:100px"><a href="/logout">Sign Out</a></span>
</div>

Khalilsqu · October 27, 2022, 12:57pm

why not a normal button

logout = pn.widgets.Button(name=“Logout”, button_type=“default”).servable()

logout.on_click(self.logout_route)

def logout_route(event):
pn.state.location.pathname = pn.state.location.pathname.split("/")[0] + "/logout"

pn.state.location.reload = True

Material-Scientist · October 27, 2022, 1:43pm

Messed up the sidebar layout, so went with html instead

t-houssian · October 27, 2022, 8:02pm

@Material-Scientist Thanks! This was a huge help! I am using it in my sidebar as well. I did not realize that there is a builtin logout method for Oauth already in panel. All I had to do was call href"/logout" Once I added that to my html it worked.

“”"

➔ Log out

“”"

I also ended up adding a similar thing to my pn.config.auth_template to redirect users who were not authorized.

“”"

➔ Try Different Account

“”"