Skip to content
No description or website provided.
Branch: master
Clone or download
Latest commit 384ef7c Jun 20, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
R increase height Jun 4, 2019
dev update some dev test app Jun 18, 2019
inst Update sticker Jun 20, 2019
man resize figure Jun 20, 2019
tests add some tests... Jun 18, 2019
.Rbuildignore added travis Apr 9, 2019
.gitignore update todo Mar 25, 2019
.travis.yml add libsodium-dev Jun 18, 2019
DESCRIPTION Ready for CRAN ? 1.0 Jun 18, 2019
NAMESPACE add timeout on token May 24, 2019 On CRAN Jun 20, 2019


Travis build status version cranlogs cran checks Project Status: Active – The project has reached a stable, usable state and is being actively developed.

Simple and secure authentification mechanism for single 'Shiny' applications. Credentials are stored in an encrypted 'SQLite' database. Source code of main application is protected until authentication is successful.

Live demo:

You can authenticate with:

  • user: shiny / password: shiny
  • user: shinymanager / password: shinymanager (Admin)


Install from CRAN with :


Or install development version from GitHub :



Secure your Shiny app to control who can access it :

# define some credentials
credentials <- data.frame(
  user = c("shiny", "shinymanager"),
  password = c("azerty", "12345"),
  stringsAsFactors = FALSE


ui <- fluidPage(
  tags$h2("My secure application"),

# Wrap your UI with secure_app
ui <- secure_app(ui)

server <- function(input, output, session) {
  # call the server part
  # check_credentials returns a function to authenticate users
  res_auth <- secure_server(
    check_credentials = check_credentials(credentials)
  output$auth_output <- renderPrint({
  # your classic server logic

shinyApp(ui, server)

Starting page of the application will be :

Once logged, the application will be launched and a button added to navigate between the app and the admin panel (if user is authorized to access it), and to logout from the application :

Admin mode

An admin mode is available to manage access to the application, features included are

  • manage users account : add, modify and delete users
  • ask the user to change his password
  • see logs about application usage

HTTP request

shinymanager use http request and sha256 tokens to grant access to the application, like this the source code is protected without having the need to change your UI or server code.

Secure database

Store your credentials data in SQL database protected with a symmetric AES encryption from openssl :

# Credentials data
credentials <- data.frame(
  user = c("shiny", "shinymanager"),
  password = c("azerty", "12345"),
  stringsAsFactors = FALSE

# you can use keyring package to set database key
key_set("R-shinymanager-key", "obiwankenobi")

# Create the database
  credentials_data = credentials,
  sqlite_path = "path/to/database.sqlite", # will be created
  passphrase = key_get("R-shinymanager-key", "obiwankenobi")

About security

The credentials database is secured with a pass phrase and the openssl package. If you have concern about method we use, please fill an issue.

Related work

Package shinyauthr provides a nice shiny module to add an authentication layer to your shiny apps.

You can’t perform that action at this time.