- Migrating authentication

The general release of introduces a new mechanism for authentication and authorization. This system replaces the existing rscrypt based approach and provides a more flexible and manageable flow.

The new authentication system provides several advantages. With it you can:

  • Add or remove authorized users without restarting the application thereby preserving the sessions of logged in users.
  • Manage application access through the admin interface (new)
  • Leverage Google or Github authentication to improve security for your users.
  • Save your users the burden of managing and maintaining their own user authentication information.

To migrate your application from the old authentication system to the new one you will need to follow these steps:

  1. Set the Application Visibility setting to Private in the Users tab for that application and click Save Settings. This will restart the application and apply the new setting. Note, once you do this, none of the existing users will be able to authenticate.
  2. On your local system, rename the passwords.txt file in /shinyapps to old_passwords.txt.
  3. Re-deploy your application using shinyapps::deployApp()
  4. In the Users tab, add the email addresses for the individuals that were in your old_passwords.txt file. If you were not using email addresses before, you will need to do so at this time. Don’t worry if your users don’t have Google or GitHub accounts, they can always use local authentication through
  5. Your users should now be able to authenticate and see your application.

If you have questions about this article or would like to discuss ideas presented here, please post on RStudio Community. Our developers monitor these forums and answer questions periodically. See help for more help with all things Shiny.