Did you find a solution for your production setup? I am curious to know why it did not work in Docker.
I did manage to get it to work. Turned out that the streamlit webserver wasnāt able to recognize the proper MIME type when trying to render the compiled frontend code. So I ended up adding this to my code - which is not the most elegant solution, but does the trick import mimetypes mimetypes.add_type('application/javascript', '.js') mimetypes.add_type('text/css', '.css').
Okay, but you did not manage to get it to work with the compiled version? It troubles my mindā¦ Would be nice to understand why that is.
After adding the explicit MIME types the compiled code worked fine. So did the component when using pip install
@asl Ah okay. Nice to know. Do you have any recommendations regarding what I can make of changes to the library? Is it by any chance you who have made this StackOverflow post? Because I would gladly try to make it work. The main thing I need is just to be able to reproduce the case.
Custom component in Streamlit is having trouble loading
@asl : Do you know which version of the library you use? I cannot reproduce the error on my Mac when using v1.0.7 of the library.
And I would like to make sure this should not be dealt with by users of the lib.
Yes, I made the SO post. Iāll get back to you asap. Maybe itās a windows error - Iām using windows 10, however it still persisted using docker with Ubuntu, so Iām not really sure. Iām was using the most recent release with streamlit 1.17 and 1.18 (tried both versions)
Iāll DM you regarding reproduction of the error, if you need my input? Do you prefer it here or on stack overflow?
@asl And which version of msal-streamlit-authentication are you using? v1.0.7? It could be interesting for me to make a similar Docker based test. Perhaps it would make sense to add a Docker based test to the Github Workflow I have to make a simple sanity test. I have been somewhat lazy in terms of making actual unit tests (because most of the applied logic comes from an external library anyway and depends on external integrations).
You are most welcome to send me a DM!
I am wondering if one issue could be that the Github Workflow I have currently made is too naive in the sense that it only builds Linux based wheel files. msal_streamlit_authentication pipeline.
This would not explain your Docker issues, though. But perhaps I should look into some way of generating wheels for all canonical platforms (Windows included). Itās just a little tediousā¦
I built out a working demo with MSAL / Azure Active Directory / Streamlit Multi-page App.
Follow the normal instructions for setting up MSAL auth. Redirect URI should be the home page.
1 Like
Thank you @kevintupper, this works like a charm. This is straightforward to be configured. The only not completely obvious configuration option is the AUTHORITY variable, which should be set to AUTHORITY=f'https://login.microsoftonline.com/{TENANT_ID}'.
Hello @kevintupper,
Great example. When I click on logging link. I am just getting the blank page. It doesnāt show any error. I donāt know what wrong I am doing. I am using Streamlit Community cloud. Does it work with Streamlit Community cloud?
Thanks.
I donāt think so - at least not as configured. Itās setup for Microsoft AAD or B2C.
@mstaal : have you also tried the confidential client approach instead of the public client? Why did you opt for the latter?
Hi- I have problems with the confidential client which i used following this streamlit-auth-demo/security.py at main Ā· kevintupper/streamlit-auth-demo Ā· GitHub and does not work for me. It works really well when i test with localhost and fails when deployed. To make it a public client, would anyone have a working example to show? invalid_clientAADSTS7000218: The request body must contain the following parameter: āclient_assertionā or āclient_secretā.
With streamlitās more convenient cookie access, the auth/me method becomes very compact and elegant:
host = "..."
if cookie := st.context.cookies.get("AppServiceAuthSession"):
auth_cookie = {"AppServiceAuthSession": cookie}
auth_me_data = requests.get(f"{host}/.auth/me", cookies=auth_cookie).json()
user_id = auth_me_data[0]["user_id"]
else:
user_id = "local_user"
Iāve successfully implemented this; hereās what I did.
First, I recommend separating the Streamlit app from the authentication layer. Instead of using MSAL Python directly into your Streamlit app, you can write a reverse proxy to handle the authentication and forward the authenticated users to Streamlit:
Keeping the logic separate simplifies things because you donāt need to modify your Streamlit code (plus, itāll work with other frameworks such as Dash, Shiny, etc.) Otherwise, youāll need to implement the authentication logic on every app you deploy. I ended up using the msal-node library instead of MSAL Python because Iāve more experience with Node for this type of work.
Once the authentication worked, I extracted the authentication data from the session. By default, msal-node uses in-memory storage for this. Thatās fine for testing, but for production, youāll need something else (like Redis or Postgres). Then, you can pass the authentication data in a header so your Streamlit app can read it.
Iāve written a tutorial on this, but beware that this is only a proof of concept. The sample code provided should not be used in a production setting, but it can hopefully get you on track!