OAuth tabs access

I am hosting a dashboard with several tabs where users are authenticated with Azure Active Directory.

It works well in the sense that pn.state.user holds the identity of the user. Now, I want to give access to different users for each tab. As a first step I placed a check in the code that renders output based on parameters in each tab, like this:

class MyDashboard(param.Parameterized):

    def view(self):
        assert pn.state.user in users_with_access

The problem is, when a person is authenticated and opens a tab that he shouldn’t have access to, he can see the output that was generated by the previous user, with the parameter settings chosen by that previous user. The “assert pn.state.user in users_with_access” only runs when he changes the parameters, which is not how I intended it to work.

Is there any way to do an access check when a user enters a tab?

It sound like you are running panel in some wrong way. How do you run the application. Is it with panel serve or pn.serve?

I am using panel serve like this:

panel serve <path to dashboard.py> --port <port number> --allow-websocket-origin="*" --oauth- 
provider=azure --cookie-secret=<my cookie secret> --oauth-redirect-uri=<the redirect uri>

Could you share a minimum, reproducible code example? Its almost impossible to reproduce and help fix without it.