Authentication Introduction¶
This page gives you an introduction to the core concepts, including authentication, authorization, and the user model.
Enable authentication¶
By default, there is no authentication provider configured (XLWINGS_AUTH_PROVIDERS=[]) and everyone will be able to run custom functions and custom scripts. The current user object will be User(id='n/a', name='Anonymous', email=None, domain=None, roles=[]).
To enable authentication, you need to set XLWINGS_AUTH_PROVIDERS in the Settings. xlwings Server will then authenticate calls to Custom Functions and Custom Scripts using the specified authentication provider.
You can enable Microsoft Entra ID (SSO) or one of the Other Auth Providers, including your custom authentication provider.
Caution
Setting up an authentication provider requires users to be logged in to run Custom Functions or Custom Scripts but it doesn’t automatically lock down then task pane, see Task pane authentication.
Current user object¶
At the core of the authentication system is the User model. If you need access to the current user object from a custom script or a custom function, you can use a function parameter with the type hint CurrentUser:
from xlwings_server.models import CurrentUser
@func
def my_function(current_user: CurrentUser):
return f"The user's name is {current_user.name}"
Task pane authentication¶
Since the task pane is completely customizable, it is your responsibility to lock down the desired endpoints:
The landing page of the task pane needs to be publicly available
The rest of the pages can be locked down using the
Userdependency injection. Note that within FastAPI endpoints, you use thexlwings_server.dependencies.Userdependency.You will need to provide the
Authorizationheader with every request. Forhtmx, there is a sample.