New Component: Streamlit-Authenticator, a secure authenticaton module to validate user credentials in a Streamlit application

🧩 Custom Components
82

Please replace the plain text passwords in your config file with their hashed versions, i.e. $2b$12$f8BfBzTLJt3DqdupWYpIwuY6V2luRbk/5ouE5p7GplU/cVgTGJ1rq

84

omg, thank you sir.
I solved it. :slight_smile:

85

I’m having a similar issue to @Gyunald.

if __name__ == "__main__":
    # get hashed paswords
    hashed_passwords = stauth.Hasher(['123', '456']).generate()
    # get yaml file
    with open('./config_passwords.yaml') as file:
        config = yaml.load(file, Loader=yaml.SafeLoader)

    # change yaml file paswords
    idx = 0
    for key, val in config['credentials']['usernames'].items():
        config['credentials']['usernames'][f'{key}'][f'password'] = hashed_passwords[idx]
        idx+=1
    # update yaml file
    with open('./config_hashed.yaml', "w") as f:
        yaml.dump(config, f)
    # display login
    main()

def main():
    # hashed_passwords = stauth.Hasher([‘123’,‘456’]).generate()

    with open('./config_hashed.yaml') as file:
        config = yaml.load(file, Loader=yaml.SafeLoader)
    print(config)
    authenticator = stauth.Authenticate(
        config['credentials'],
        config['credentials']['cookie']['name'],
        config['credentials']['cookie']['key'],
        config['credentials']['cookie']['expiry_days'],
        config['credentials']['preauthorized']
    )

    name, authentication_status, username = authenticator.login('Login', 'main')

    if authentication_status:
        authenticator.logout('Logout', 'main')
        st.write(f'Welcome {name}')
        st.title('Some content')
    elif authentication_status == False:
        st.error('Username/password is incorrect')
    elif authentication_status == None:
        st.warning('Please enter your username and password')

config_passwords file

credentials:
  cookie:
    expiry_days: 30
    key: some_signature_key
    name: some_cookie_name
  preauthorized:
    emails: melsby@gmail.com
  usernames:
    jsmith:
      email: jsmith@gmail.com
      name: John Smith
      password: 123
    rbriggs:
      email: rbriggs@gmail.com
      name: Rebecca Briggs
      password: 456

The config_hashed is the same format as the config_passwords but with hashed values. However when I try to sign in with a username and password I get “username or password incorrect.”

86

Hi @RoboSar please ensure your hashed passwords are stored similarly to how they are stored here.

88

Hello, it’s pleasure to meet you!!! :slight_smile:

I’ve been having troubles with the basic implementation of the streamilit-authenticator.

I’m using the last version of both streamlit and streamlit-authenticator.

Code:

import streamlit as st
import streamlit_authenticator as stauth
import yaml
from yaml.loader import SafeLoader

st.set_page_config(page_title="webApp", page_icon=":bar_chart:", layout="wide")

st.title("Main Page :)")
     
with open('config.yml') as file:
    config = yaml.load(file, Loader=SafeLoader)

authenticator = stauth.Authenticate(
    config['credentials'],
    config['cookie']['name'],
    config['cookie']['key'],
    config['cookie']['expiry_days'],
    config['preauthorized']
)

name, authentication_status, username = authenticator.login('Login', 'main')
if authentication_status:
    authenticator.logout('Logout', 'main')
    st.write(f'Welcome *{name}*')
    st.title('Some content')
elif authentication_status == False:
    st.error('Username/password is incorrect')
elif authentication_status == None:
    st.warning('Please enter your username and password')

Error:

raise KeyError(_missing_key_error_message(key))

KeyError: 'st.session_state has no key "authentication_status". Did you forget to initialize it? More info: https://docs.streamlit.io/library/advanced-features/session-state#initialization'
89

Hi @cpa, likewise a pleasure. Are you using the latest version of streamlit_authenticator==0.2.1?

90

Hi! Yes, I’m using the last version and I don’t know why it’s giving me that error.

image
image742×51 1.75 KB

91

That’s very strange indeed. Can you share your config.yaml file (without the credentials)?

92

Sure thing, here’s the file content (preview)

credentials:
  usernames:
    name1:
      email: name1@gmail.com
      name: name1name
      password: 'hashedpassword1' # To be replaced with hashed password
    name2:
      email: name2@gmail.com
      name: name2name
      password: 'hashedpassword2' # To be replaced with hashed password
cookie:
  expiry_days: 1
  key: aldjdawkjd12314235
  name: alwqrouwetwe91723124351
preauthorized:
  emails:
  - name1@gmail.com

It’s based on the yaml file you shared on your git. I also wanted to ask, the file extension should be “config.yaml” or “config.yml”?

93

Are you replacing the plain text passwords in your config.yaml with the actual hash? i.e. something similar to this: $2b$12$f8BfBzTLJt3DqdupWYpIwuY6V2luRbk/5ouE5p7GplU/cVgTGJ1rq

Also, I believe it is.yaml not .yml.

94

Yes, I replace the hashed passwords from the module stauth.Hasher in the yaml file. And I tried switching the file to .yaml, still getting the same error :frowning:

95

Hello, I’ve been doing some testing, and I believe it might be an issue with streamlit. Session_state usage might had changed. The error appears in line 178 of authenticate.py:

  if not st.session_state['authentication_status']:

Do you know if this has something to do with it?
Versions:

streamlit == 1.14.1
streamlit-authenticator == 0.2.1

This is just the login module, but bet all similar if(s) might have been affected by it.

96

I am able to get it to work with the exact same versions, so clearly the problem is elsewhere, I just can’t figure it where exactly.

97

Perhaps it might be an incompatibility with another library? What else could it be?

98

Just tested in a completely new environment that only has:

streamlit == 1.14.1
streamlit-authenticator == 0.2.1

It doesn’t seem to be an issue with other libraries :frowning:

100

I also have similar problems

101

use `streamlit run xx.py’ not ‘python xx.py’ can fix it.

1 Like
102

I just want to mention a potential confusion for many people regarding the content in

README.md

the demo yaml file is:

credentials:
usernames:
jsmith:
email: jsmith@gmail.com
name: John Smith
password: 123 # To be replaced with hashed password
rbriggs:
email: rbriggs@gmail.com
name: Rebecca Briggs
password: 456 # To be replaced with hashed password
cookie:
expiry_days: 30
key: some_signature_key
name: some_cookie_name
preauthorized:
emails:

please note the password are integers in this case for yaml file, but the code below converts the integer to strings before hashing the original password to hashed ones. If we use integer list directly extracted from yaml file for inputting the function below, then we will encounter some errors.

hashed_passwords = stauth.Hasher([‘123’, ‘456’]).generate()

also key: some_signature_key seems must be string, I got a lot of headaches when using a interger passwords, since st.text_input was used.

1 Like
103

Dear @Guohan_Zhao, thank you for pointing this out. Please note I have modified README.md to reflect these points accordingly.

104

Hi. I have tried Streamlit Authenticator, and it’s an amazing addition to Streamlit.

But I encountered a problem when I tried the Forgot Password and Forgot Username feature.

How to send the Password/Username to the registered users?

I have tried to sign up and give the correct email address, but the Password and Username didn’t arrive in my email.

FYI, I set the sign-up preauthorization as False.

Thanks.