Multiple users using Google Cloud

my team wants to set up a flow where multiple users can annotate data.
For this we created 2 App Engine services.

The flow is as follows. A user connects to the first service, which lets them authenticate using Google IAP. After retrieving the email address of the user, this first service redirects the user to the service where prodigy is running, and adds the session parameter to the url which holds the email address of the user (

Using this flow, we can let users authenticate themselves and we can also see which user annotated which text, by automatically setting the session parameter to the user's email. However we still have some issues:

-> Users can bypass the authentication by surfing to the service that is running the prodigy instance directly instead of going to the authentication service first. In this case the session id is not set and we don't know who annotated the samples. Could we write a recipe that checks if the current session id is in a predefined set of user emails when an annotator saves a new set of annotations? If not, the user could be redirected to the authentication service first after which the session parameter would be set. I know we could use the environment variable PRODIGY_ALLOWED_SESSIONS for this, but we don't want to have to restart the prodigy instance each time we want to add a new user email to the list.

Thanks in advance!

Prodigy does not support proper user authentication out of the box, but you might find this comment about a proxy useful. It seems to be the simplest solution for your situation.