AWS Cognito logout

I ended up following the approach in this comment to monkeypatch the streamlit server, adding a logout request handler to delete the AWS session cookie. A user clicks a logout button which sends a GET request to the Cognito logout endpoint (which ends the user session from the auth server side) with a logout_uri arg pointing to my streamlit app’s new logout route to delete the cookie. Without the last step, subsequent requests to the ALB see the cookie and pass through authentication until the session cookie timeout is hit later.

Streamlit’s tornado server already has a number of extra routes for health checks, and it’d be nice to be able to extend that through a configuration instead of monkeypatching.