New Component: auth0_component, a simple way to authenticate a user

Hi, has anyone successfully used this component recently? I’m trying to integrate it into my app, and running into the issue

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('http://localhost:8501') does not match the recipient window's origin ('https://pkonduri.auth0.com').

My domain (as generated, and not editable, in the Auth0 dashboard is pkonduri.auth0.com. I used this domain and my client ID, and also tested the minimal app GitHub - conradbez/streamlit-auth0-example: Example on how to use github.com/conradbez/streamlit-auth0

I can successfully login, but when I click logout, I get the error shown above.

Note that I had to edit the file auth0_component/__init__.py slightly so that it would accept my domain that Auth0 gave me. I had to comment out a few lines of code in geterifiedSubFromToken method just to be able to get this far, because the library made the assumption that my domain ended in .us.auth0.com, which it does not. Edit shown below:


def getVerifiedSubFromToken(token, domain):
    domain = "https://"+domain
    # if domain[-13:] != '.us.auth0.com':
    #     print('domain should end with ".us.auth0.com" (no slash)')
    #     raise ValueError

    # rest of the code is unchanged.....

Any guidance would be very much appreciated @conrad_bezuidenhout ? @amy-why looks like you’ve dug deep into this lib, mind seeing what I may be doing wrong?

Hey @ferdy did you ever figure this out? And were you able to get a full login/logout flow to work?

That was my last attempt and it did not work well for me.

According to repeated issues in GitHub and discussion here, the original author @conrad_bezuidenhout have give up the project.
Sad…

In the Auth0 dashboard you need to set the allowed origins. You can also look at my “Auth0-approved” implementation here: Streamlit User and API Authentication with Auth0 Next.js SDK | by Sehmi-Conscious Thoughts | Oct, 2023 | Medium

Since there are many PR’s pending. i have published another package with the domain fix and logout state fix: streamlit-auth0-component-patch · PyPI

Hi @Danyal_Zahid that’s exciting! Do you have an example implementation / site where I can try it out? Before stripping out all of my hacky auth code for this, I would love to test it out if possible.

Here’s the repo if you want to have a go at it GitHub - danyalxahid-askui/streamlit-auth0.

1 Like

Hi Danyal, thank you for your package. I am able to set it up and test logging in. However, I noticed the login status turned back to “Login” when the page refreshes. I turned on both Refresh Token and Rotation Refresh Token Expiration for several hours but didn’t fix the issue. Do you know when should I config so that the user can remain logged in for several days with the token in the cookie?

Thank you to @Danyal_Zahid and @conrad_bezuidenhout

I make it work… so now lets develop!!!