Description
Is your feature request related to a problem? Please describe
Two user stories that require the same authentication feature for H2O-Wave:
- I would like to expose a Wave app in a public environment but still be able to restrict who can access the app, like sharing with friends or colleagues.
- I would like to run a H2O-Wave app on a remote machine (e.g. it is very compute intensive or needs to run 24/7) and access it from my local computer.
Describe the solution you'd like
Similar to Gradio or Jupyter-lab, I am envisioning a Wave-build-in password/token based authentication that can easily be turned on when launching the app. It would force a password or token based authentication screen before handling any other requests for reasonable security. The user may be authenticated with a session variable or permanently with a cookie. The token may be generated automatically on startup and shown in the console. A password may be set by an arg or environment variable. If I want to share my app access with others, this password or token together with the IP and port where the app is running will be sufficient to share.
The wave maintainers can consider to make this a default option or at least when the app is accessible from anywhere else than localhost.
For any additional security, such as two factor authentication, IP ban lists, or similar, I expect it to be the app developers responsibility and out of scope for this feature request.
Describe alternatives you've considered
- Build own authentication and authorization for each app.
- SSH port tunneling
Both can be challenging tasks depending on the environment.
Additional context
References:
Jupyter-lab
https://jupyter-notebook.readthedocs.io/en/5.6.0/security.html
Gradio
https://www.gradio.app/guides/sharing-your-app#authentication