Configuring Authentication#

Authentication is a difficult topic fraught with potential pitfalls and complicated configuration options. Panel aims to be a “batteries-included” package for building applications and dashboards and therefore ships with a number of inbuilt providers for authentication in an application.

The primary mechanism by which Panel performs authentication is OAuth 2.0. The official specification for OAuth 2.0 describes the protocol as follows:

The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing the
third-party application to obtain access on its own behalf.

In other words OAuth outsources authentication to a third party provider, e.g. GitHub, Google or Azure AD, to authenticate the user credentials and give limited access to the APIs of that service.

Configuring Basic Authentication

Discover how to add basic password based authentication to your application.

Configuring Basic Authentication
Configuring OAuth

Discover how to configure OAuth from the commandline.

Configuring OAuth
OAuth Providers

A list of OAuth providers and how to configure them.

OAuth Providers
Templates

Discover how to configure error and logout templates to match the design of your application.

Authentication Templates
User Information

Discover how to make use of the user information and access tokens returned by the OAuth provider.

Accessing User information
Access Tokens

Discover how to use OAuth access tokens and ensure they are automatically refreshed when they expire.

Access Tokens
Authorization callbacks

Discover how to configure a callback to implement custom authorization logic.

Authorization callbacks
Optional Authentication

Discover how to configure Auth to allow guest users to access specific endpoints or the entire application.

Allowing Guest Users

Note that since Panel is built on Bokeh server and Tornado it is also possible to implement your own authentication independent of the OAuth components shipped with Panel, see the Bokeh documentation for further information.