How to hold Plotly dash app behind protected route

Question

I have a plotly dash app which I would like to hold behind a route that is protected with a JWT. My end goal is to contain this in an iframe on a separate route, but I only want the user to be able to get the html of th dash app if they have an access token.

I have retried returning the app itself in a get request.

App.py

import dash
from flask import Flask, jsonify, request
from flask_jwt_extended import (
    JWTManager, jwt_required, create_access_token,
    get_jwt_identity
)

server = Flask(__name__)

server.config['JWT_SECRET_KEY'] = 'super-secret'  # Change this!
jwt = JWTManager(server)

@server.route('/login', methods=['POST'])
def login():
    if not request.is_json:
        return jsonify({"msg": "Missing JSON in request"}), 400

    username = request.json.get('username', None)
    password = request.json.get('password', None)
    if not username:
        return jsonify({"msg": "Missing username parameter"}), 400
    if not password:
        return jsonify({"msg": "Missing password parameter"}), 400

    if username != 'test' or password != 'test':
        return jsonify({"msg": "Bad username or password"}), 401

    # Identity can be any data that is json serializable
    access_token = create_access_token(identity=username)
    return jsonify(access_token=access_token), 200

@server.route('/')
@jwt_required
def index():
    return 'Hello world flask app'

app = dash.Dash(
   __name__,
   server=server,
   routes_pathname_prefix='/'
)

app.config.suppress_callback_exceptions = True

Index.py

from app import app
import dash_html_components as html
import dash_core_components as dcc
from dash.dependencies import Input, Output
from combination_1 import Combination
import callbacks

app.layout = html.Div([
   dcc.Location(id='url', refresh=False),
   html.Div(id="root_div")

])

@app.callback(
   Output('root_div', 'children'),
   [Input('url', 'pathname')]
)
def attatch_graphs(pathname):
   return Combination(comb_id='comb_1').return_div()

if __name__ == '__main__':
   app.run_server()

Answer 1

I'll share a few resources I found researching the question:

1. Dash provides a library named dash-auth, which you can install using pip install dash-auth
2. Once you install the library, you'll be able to use import dash_auth, and you'll notice sub-modules for HTTP Basic Auth, OAuth, and "PlotlyAuth". "PlotlyAuth" has been deprecated, according to the text in from dash_auth.plotly_auth import deprecation_notice
3. The source code for this module appears to be https://github.com/plotly/dash-auth
4. Documentation is available at https://dash.plotly.com/authentication and a promotional page is available at https://plotly.com/dash/authentication/
5. Presumably, JWT can be integrated using Flask's Response.set_cookie. Here are details about that approach, notice the author uses rep.set_cookie('custom-auth-session', username)
6. There's an example on Github which uses Dash, Flask, and Flask-Login. This configuration also exists in a separate StackOverflow question. However, this library doesn't supports JWT. You may be able to achieve a similar architecture using the Flask-JWT-Extended library.