Can runApp() but cannot publish app to connect, getting Error 404

[veronicahorgan]

I have been able to run my shiny app without issue. The redirect URI I am using is where I hope to deploy the app to connect. When I open it in the browser I can authenticate and see my output, however, when I try to publish it I just get error 404 on Connect and it also doesn't ask me to authenticate. I would expect a pop-up or something to cache the credentials for publishing, am I missing a step here?

[mattkumar]

hi @veronicahorgan did you ever resolve this?

[veronicahorgan]

Hi @mattkumar, we went down the client credentials flow authentication type in the end (rather than authenticating as a direct user with authorization_code or device_code). I had to create a service principal to do so and generate a client secret for it. This client secret is passed to the password argument in get_azure_token(). I store the service principal client secret, app ID and tenant ID in an .Renviron file.

[mattkumar]

Hi @veronicahorgan thanks so much for the reply. I'm in a bit of a scenario where I'm hosting an R shiny app on my companies internal RS Connect. We're attempting to connect to an Azure Data Blob and are hoping to utilize SSO to facilitate this. I suspected that we would need to use a client secret so this kind of confirms my question. I'm wondering if you're willing to share just the part of your code that authenticates with Azure. I've seen the boiler plate app here but It would help to see something more similar to my situation.

Should preface I am totally new to the Azure world and mostly familiar with R and Shiny Development - I've been working along side a few very talented Azure Dev Ops/Architects but we're having a bit of an issue in pin pointing our issues given our backgrounds - experience.

[brianstefans]

Hi @veronicahorgan, thanks for the response. Would this work as well if I need a different user to authenticate/ sign in?

@mattkumar, I tried the same approach, but I am failing to get the code from the redirect URI after authenticating. were you able to get a workaround?

[veronicahorgan]

Hi @mattkumar, apologies I never responded!! I was on holidays when I saw the message and totally forgot. Did you get sorted?
@brianstefans, yes the service principal route can be used for multiple users. It works really well.

When using the get_azure_token() function you don’t have to authenticate in a pop up. You pass the client_secret to the password argument which means you don’t have to enter it anywhere else.

get_azure_token(resource = c(<storage account>), app = <service principal app ID>, use_cache=FALSE, tenant = <your tenant ID>, password = <service principal client secret>, version = 2)

Sorry if formatting is weird ^ I’m on my phone!

the service principal is created in Azure portal under “app registrations”. You need to add API permissions for azure storage called “Azure Storage” and give it delegate access. This service principal will likely need to be added to an AD group that has access to your data lake dependent on your company’s permissions policy. I had to get someone from another team to do this for me. Hope this helps!