Configuring Authentication#
Authentication is a difficult topic fraught with potential pitfalls and complicated configuration options. Panel aims to be a “batteries-included” package for building applications and dashboards and therefore ships with a number of inbuilt providers for authentication in an application.
The primary mechanism by which Panel performs authentication is OAuth 2.0. The official specification for OAuth 2.0 describes the protocol as follows:
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing the
third-party application to obtain access on its own behalf.
In other words OAuth outsources authentication to a third party provider, e.g. GitHub, Google or Azure AD, to authenticate the user credentials and give limited access to the APIs of that service.
Discover how to add basic password based authentication to your application.
Discover how to configure OAuth from the commandline.
A list of OAuth providers and how to configure them.
Discover how to configure error and logout templates to match the design of your application.
Discover how to make use of the user information and access tokens returned by the OAuth provider.
Discover how to use OAuth access tokens and ensure they are automatically refreshed when they expire.
Discover how to configure a callback to implement custom authorization logic.
Discover how to configure Auth to allow guest users to access specific endpoints or the entire application.
Note that since Panel is built on Bokeh server and Tornado it is also possible to implement your own authentication independent of the OAuth components shipped with Panel, see the Bokeh documentation for further information.