So here's the scenerio. I have two servers, a flask server and a Bokeh Server running side by side. The Bokeh Server is being used to display interactive plots and I am trying to use the flask server to authenticate users before they can access to the Bokeh server. Here is my login POST script in the flask application. I've been following this link to set up the Bokeh Server(Simple username & password protection of a bokeh server). For the flask server, the code below is what I am using to authenticate users and redirect them to the Bokeh Server.
from bokeh.util import session_id
@auth.route('/login' , methods=['POST'])
def login_post():
email = request.form.get('email')
password = request.form.get('password')
user = User.query.filter_by(email=email).first() # if this returns a user, then the email already exists in database
if user and check_password_hash(user.password, password):
print('user exists')
s_id = session_id.generate_session_id()
return redirect("http://localhost:5006/app?bokeh-session-id={}".format(s_id), code=302)
print('user does not exist')
return redirect(url_for('auth.login'))
However after authentication, I am being redirected to a page with the error 403: Invalid session ID. Note that in the link I provided, I am creating a secret key for the Bokeh Server but no way has been defined as to how to pass that secret key to the flask server. Does anyone have any idea how to fix this problem? I am open to better solutions for authentication to Bokeh Server other than this.
You have to generate the secret key outside of both the Flask and Bokeh server processes (e.g. by running bokeh secret) and pass that same secret value to both processes. Environment variables are typically used for this purpose.