New Component: Streamlit-Ldap-Authenticator

Most of company and school have active directory. Therefore you can make use of active directory to check user authentication for your streamlit app for school and company.

Welcome to Streamlit LDAP Authenticator :key:

PyPI GitHub
A fast and easy way to handle the user authentication using ldap in your Streamlit apps.

What is Streamlit LDAP Authenticator?

streamlit-ldap-authenticator let you add login form and execute authentication before your streamlit page app started.

Features

  • Authentication using active directory.
  • Each page app can have it’s own additional user authorization.
  • User login status will share across multi page app by making use of streamlit Session State
  • Can configure to remember user login by using cookie in the client’s browser.

LogoutForm

9 Likes

Thanks for creating this @Nathan_Chen, this helps to simplify the process for developers, great job!

1 Like

I have added the optional encryption module for encryption user information at the client browser before send back to server. It is recommended when you are using http protocol. Encryption module is available from v0.1.0

Thank you for this library. Worth to mention that it needs pyjwt to be installed.

Don’t know why it didn’t do it automatically. I am using poetry.

1 Like

Thanks for the feedback. I have added pyjwt in the install requirement in version 0.1.1

1 Like

Hello @Nathan_Chen
like your library. I have a feature request or maybe you can help me with something.
I want to get notified when the logout button was clicked, so I can delete some variables from the session state.
Is this possible?

I will add the optional callback argument in createLogoutForm function in v0.2.0 by 24 Mar 2024 19:00 SGT time.

def clearLogoutSS(event):
   if 'item1' in ss: del ss.item1
   if 'item2' in ss: del ss.item2

auth.createLogoutForm(callback = clearLogoutSS)
2 Likes

I have added callback argument in both login and createLogout function

[Callback Session] (streamlit-ldap-authenticator/README.md at main · NathanChen198/streamlit-ldap-authenticator · GitHub)

2 Likes

Thank you for the speedy implementation.

Have a nice weekend

1 Like

Hello @Nathan_Chen,
is it easily possible to position the login screen centered in the window?
I know I can do it with columns but thought there might be an easier way.

Tx.
Kai

You can give an options for login form like below

login(config={"align": "center"})

Or

from streamlit_ldap_authenticator import LoginConfig

login(config=LoginConfig(align= "center"))
1 Like

Thank you, that works.

Note: When the ldap server cannot be reached because my VPN client disconnected, I get the error “Wrong username or password”. This is misleading.
Can you change it to “Network error, cannot connect to the LDAP server” ?

Tx
Kai

Thanks for the feedback. Fixed on ver0.2.2. Will show “invalid server address” instead of “Wrong username and password”.

Thank you.
Well, the server address could be correct, but not reachable via the network.

@Nathan_Chen FYI on windows I am getting this error.
socket connection error while opening: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

Thanks. This is very useful right out of the box. I tinkered with a few different ones before finding this component, and it works great.

I was just curious if there was an easy way to display the logout portion of it on the sidebar once you are signed in. The “Welcome USER” and Sign Out button portion.

1 Like

You can add the form to any container using “with” notation like below

# Login Process
user = auth.login()
if user is None: st.stop()
with st.sidebar:
   auth.createLogoutForm({
      'title': {
         'text': f"Welcome {user['displayName']}",
         'size': 'small'
      }
   })
2 Likes

Hello @Nathan_Chen, are the options documented somewhere?

Other topic: Security!!!
Please remove the password from the Connection object! It can be used by me to spy the passwords of my users. The password should never ever be stored somewhere.
With the password in the object my company will not allow me to use this library.

I have added the options documentation in Github Readme

Connection object from ldap3 package and I have no control over that. Do feel free to suggest if you know other alternative to ldap3 package

Hello Nathan,
I opened an issue in github ldap3 but I do not expect to happen something pretty fast there.

However, as a quick workaround I suggest you do not pass the connection Object to the login callback because that makes it super easy to spy the password. This means, the signature of the callback must change.

Kind Regards
Kai