Streamlit Keycloak
Keycloak user authentication and single sign-on inside your Streamlit app
Keycloak is an open-source access and identity management tool.
Installation
pip install streamlit-keycloak
Usage
Provide the URL to your Keycloak server, the realm and client and the component will perform the authentication when the app is rendered. First it will attempt to silently authenticate using single sign-on. If this fails, a dialog will appear from which you can open a popup to the Keycloak login page.
When authentication is successful, the component returns a dataclass containing the authentication state, an access token, which can be used to access other restricted resources, a refresh token and a user info object, containing e.g. the username and group memberships. If your configuration provides refresh tokens, the access token can be automatically refreshed when it expires.
So far the component has not been tested in a wide variety of environments. So if youâre also using Keycloak and would benefit from less logging in and easy access to tokens, give this a go and share your experience. Feedback is always welcome.
Frontend authentication like this can only be done with clients that have their access type set to âpublicâ as their is no way to securely provide the client secret from the browser.
edit: The component now provides more user feedback. Logging in via SSO proceeds silently as normal, but if credentials are required, you can open the login popup through a button click to keep the popup blockers happy. Error messages are now also shown and there are localization options should you want to modify any text.
Example
from streamlit_keycloak import login
import streamlit as st
def main():
st.subheader(f"Welcome {keycloak.user_info['preferred_username']}!")
st.write(f"Here is your OAuth2 token: {keycloak.access_token}")
st.title("Streamlit Keycloak example")
keycloak = login(
url="http://localhost:8080",
realm="myrealm",
client_id="myclient",
)
if keycloak.authenticated:
main()
Credits
Many thanks to the authors of the streamlit-auth0 and auth0-spa-js packages for inspiring a large part of the approach.
And thanks to @93degree for the Svelte component template, which is awesome.
edits: updated instructions
edit 4: itâs now a Svelte component