diff --git a/.github/workflows/pkgdown.yaml b/.github/workflows/pkgdown.yaml
new file mode 100644
index 0000000..ed7650c
--- /dev/null
+++ b/.github/workflows/pkgdown.yaml
@@ -0,0 +1,48 @@
+# Workflow derived from https://github.com/r-lib/actions/tree/v2/examples
+# Need help debugging build failures? Start at https://github.com/r-lib/actions#where-to-find-help
+on:
+ push:
+ branches: [main, master]
+ pull_request:
+ branches: [main, master]
+ release:
+ types: [published]
+ workflow_dispatch:
+
+name: pkgdown
+
+jobs:
+ pkgdown:
+ runs-on: ubuntu-latest
+ # Only restrict concurrency for non-PR jobs
+ concurrency:
+ group: pkgdown-${{ github.event_name != 'pull_request' || github.run_id }}
+ env:
+ GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}
+ permissions:
+ contents: write
+ steps:
+ - uses: actions/checkout@v3
+
+ - uses: r-lib/actions/setup-pandoc@v2
+
+ - uses: r-lib/actions/setup-r@v2
+ with:
+ use-public-rspm: true
+
+ - uses: r-lib/actions/setup-r-dependencies@v2
+ with:
+ extra-packages: any::pkgdown, local::.
+ needs: website
+
+ - name: Build site
+ run: pkgdown::build_site_github_pages(new_process = FALSE, install = FALSE)
+ shell: Rscript {0}
+
+ - name: Deploy to GitHub pages 🚀
+ if: github.event_name != 'pull_request'
+ uses: JamesIves/github-pages-deploy-action@v4.4.1
+ with:
+ clean: false
+ branch: gh-pages
+ folder: docs
diff --git a/DESCRIPTION b/DESCRIPTION
index 5457cb7..f5427b1 100644
--- a/DESCRIPTION
+++ b/DESCRIPTION
@@ -1,6 +1,6 @@
Package: tapLock
Title: Seamless SSO for R applications
-Version: 0.1.0.9000
+Version: 0.1.0
Authors@R:
c(person(given = "ixpantia, SRL",
role = "cph",
diff --git a/README.md b/README.md
index 51adafe..d4e8064 100644
--- a/README.md
+++ b/README.md
@@ -1,55 +1,84 @@
-# tapLock
+# tapLock
-## Example Shiny App with Entra ID Authentication
+Secure your R applications with OpenID Connect and OAuth 2.0.
-```R
-library(shiny)
-library(tapLock)
+## Summary
+
+tapLock is an R library that provides a simple interface to
+integrate OpenID Connect / OAuth 2.0 authentication into you Shiny
+applications and Plumber APIs. tapLock uses a unique approach to
+effectively secure your applications without the need to write almost
+any code.
+
+## Authentication providers
+
+tapLock supports the following authentication providers:
+
+- [Google](https://developers.google.com/identity/protocols/oauth2/openid-connect)
+- [Microsoft Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id)
+
+> If you need support for other providers, please contact us at
+> [hola@ixpantia.com](mailto:hola@ixpantia.com). Or, if you are a
+> developer, you can contribute to the project by adding support for
+> additional providers.
+
+## Security Model
+
+tapLock is unique in its approach to securing Shiny applications and
+Plumber APIs. tapLock utilizes middlewares that intercept all incoming
+requests (both HTTP and WebSocket requests) and validates the
+authentication token. This approach allows tapLock to be lean and
+efficient since no expensive WebSocket connections are started until
+the user is authenticated. It also prevents sensitive data in the UI
+portion of the application from being exposed to unauthenticated users.
+
+## How to use tapLock with Shiny
+
+#### 1. Install tapLock
+
+``` r
+pak::pak("ixpantia/taplock")
+```
+
+#### 2. Create an authentication configuration
+
+``` r
+library(taplock)
auth_config <- new_openid_config(
provider = "entra_id",
+ # The following values are obtained from the authentication provider
tenant_id = Sys.getenv("TENANT_ID"),
client_id = Sys.getenv("CLIENT_ID"),
client_secret = Sys.getenv("CLIENT_SECRET"),
+ # This should be the URL of your application
app_url = Sys.getenv("APP_URL")
)
+```
-ui <- fluidPage(
- tags$h1("tapLock example"),
- textOutput("user")
-)
-
-server <- function(input, output, session) {
+#### 3. Secure your Shiny application
- output$user <- renderText({
- given_name <- get_token_field(token(), "given_name")
- family_name <- get_token_field(token(), "family_name")
- expires_at <- expires_at(token())
- glue::glue(
- "Hello {given_name} {family_name}!",
- "Your authenticated session will expire at {expires_at}.",
- .sep = " "
- )
- })
-
-}
-```
+To secure your Shiny Application you will simply need to expose
+an `sso_shiny_app` instead of a regular `shinyApp` at the end of your
+`app.R` file.
-## Example Shiny App with Google Authentication
+Here is an example of a Shiny application that uses tapLock to secure
+itself:
-```R
+``` r
library(shiny)
library(tapLock)
auth_config <- new_openid_config(
- provider = "google",
+ provider = "entra_id",
+ tenant_id = Sys.getenv("TENANT_ID"),
client_id = Sys.getenv("CLIENT_ID"),
client_secret = Sys.getenv("CLIENT_SECRET"),
app_url = Sys.getenv("APP_URL")
)
ui <- fluidPage(
- tags$h1("tapLock example"),
+ tags$h1("r.sso example"),
textOutput("user")
)
@@ -67,5 +96,6 @@ server <- function(input, output, session) {
})
}
-```
+sso_shiny_app(auth_config, ui, server)
+```
diff --git a/man/figures/tapLock.png b/man/figures/tapLock.png
new file mode 100644
index 0000000..861f76b
Binary files /dev/null and b/man/figures/tapLock.png differ
diff --git a/man/figures/tapLock.svg b/man/figures/tapLock.svg
new file mode 100644
index 0000000..6884a7d
--- /dev/null
+++ b/man/figures/tapLock.svg
@@ -0,0 +1,165 @@
+
+
-## Example Shiny App with Entra ID Authentication
+Secure your R applications with OpenID Connect and OAuth 2.0.
-```R
-library(shiny)
-library(tapLock)
+## Summary
+
+tapLock is an R library that provides a simple interface to
+integrate OpenID Connect / OAuth 2.0 authentication into you Shiny
+applications and Plumber APIs. tapLock uses a unique approach to
+effectively secure your applications without the need to write almost
+any code.
+
+## Authentication providers
+
+tapLock supports the following authentication providers:
+
+- [Google](https://developers.google.com/identity/protocols/oauth2/openid-connect)
+- [Microsoft Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id)
+
+> If you need support for other providers, please contact us at
+> [hola@ixpantia.com](mailto:hola@ixpantia.com). Or, if you are a
+> developer, you can contribute to the project by adding support for
+> additional providers.
+
+## Security Model
+
+tapLock is unique in its approach to securing Shiny applications and
+Plumber APIs. tapLock utilizes middlewares that intercept all incoming
+requests (both HTTP and WebSocket requests) and validates the
+authentication token. This approach allows tapLock to be lean and
+efficient since no expensive WebSocket connections are started until
+the user is authenticated. It also prevents sensitive data in the UI
+portion of the application from being exposed to unauthenticated users.
+
+## How to use tapLock with Shiny
+
+#### 1. Install tapLock
+
+``` r
+pak::pak("ixpantia/taplock")
+```
+
+#### 2. Create an authentication configuration
+
+``` r
+library(taplock)
auth_config <- new_openid_config(
provider = "entra_id",
+ # The following values are obtained from the authentication provider
tenant_id = Sys.getenv("TENANT_ID"),
client_id = Sys.getenv("CLIENT_ID"),
client_secret = Sys.getenv("CLIENT_SECRET"),
+ # This should be the URL of your application
app_url = Sys.getenv("APP_URL")
)
+```
-ui <- fluidPage(
- tags$h1("tapLock example"),
- textOutput("user")
-)
-
-server <- function(input, output, session) {
+#### 3. Secure your Shiny application
- output$user <- renderText({
- given_name <- get_token_field(token(), "given_name")
- family_name <- get_token_field(token(), "family_name")
- expires_at <- expires_at(token())
- glue::glue(
- "Hello {given_name} {family_name}!",
- "Your authenticated session will expire at {expires_at}.",
- .sep = " "
- )
- })
-
-}
-```
+To secure your Shiny Application you will simply need to expose
+an `sso_shiny_app` instead of a regular `shinyApp` at the end of your
+`app.R` file.
-## Example Shiny App with Google Authentication
+Here is an example of a Shiny application that uses tapLock to secure
+itself:
-```R
+``` r
library(shiny)
library(tapLock)
auth_config <- new_openid_config(
- provider = "google",
+ provider = "entra_id",
+ tenant_id = Sys.getenv("TENANT_ID"),
client_id = Sys.getenv("CLIENT_ID"),
client_secret = Sys.getenv("CLIENT_SECRET"),
app_url = Sys.getenv("APP_URL")
)
ui <- fluidPage(
- tags$h1("tapLock example"),
+ tags$h1("r.sso example"),
textOutput("user")
)
@@ -67,5 +96,6 @@ server <- function(input, output, session) {
})
}
-```
+sso_shiny_app(auth_config, ui, server)
+```
diff --git a/man/figures/tapLock.png b/man/figures/tapLock.png
new file mode 100644
index 0000000..861f76b
Binary files /dev/null and b/man/figures/tapLock.png differ
diff --git a/man/figures/tapLock.svg b/man/figures/tapLock.svg
new file mode 100644
index 0000000..6884a7d
--- /dev/null
+++ b/man/figures/tapLock.svg
@@ -0,0 +1,165 @@
+
+