I am also looking out for similar usecase , if you happen to come across any kindly share in the post.
tl;dr; I’ve written a tutorial on integrating Microsoft Entra ID (Azure AD) with Streamlit.
I have extensive experience implementing auth mechanisms for Streamlit, and my best advice is to separate the Streamlit app from the authentication layer. Instead of using MSAL Python directly into your Streamlit app, you can write a reverse proxy to handle the authentication and forward the authenticated users to Streamlit:
Keeping the logic separate simplifies things because you don’t need to modify your Streamlit code (plus, it’ll work with other frameworks such as Dash, Shiny, etc.) Otherwise, you’ll need to implement the authentication logic on every app you deploy.