Pass credentials to Dash's basic authentication so user doesn’t have to type it again

Well, considering that you have this multi app architecture and wish to preserve login - why don't you have a SingleSignOn backed design? Either make your own SSO app or use a provider.

Now when a user accesses any app in your ecosystem, they have to sign into the SSO provider which will give you an auth token or something(thats valid for some time) back and whenever there is a redirect between apps this token is shared and that app uses the token to re-authenticate the user (behind the scenes). And if someone reaches the app directly it triggers a SSO page (because no token).

There are multiple blogs/tutorials that cover setting up SSO in flask apps. Each have their pros/cons. Hope this helps.

Maybe you could generate a CSRF-like token, which is calculated from a secret, username, and timestamp (so the token isn't valid forever). Then pass that as a parameter to your other app. Django's source code should include a decent example how to create one.

I ended up using flask-login and flask sessions to make sure the browser that goes to the chart page is the same browser session that was originally authenticated on the main page.