/oauth2callback seems to be behaving statefully - require a connection to the same streamlit instance

Running multiple instances of streamlit and using the new OIDC feature with Auth0.

What I’ve noticed is that the /oauth2callback endpoint seems to require a connection to the original instance of Streamlit the user was connected to when initiating the login process. This is surprising - as my understanding of OIDC is that it shouldn’t matter if the user is redirected to the same instance of the application that kicked off the process.

To replicate this -

  1. Start Streamlit locally and configured an Auth0 OIDC provider. Configure the auth.auth0.client_kwargs.prompt to be “select_account”.
  2. Start Streamlit locally.
  3. When you land on the Auth0 Universal Login page - stop the streamlit process and then start it (simulating the browser connecting to a new instance).
  4. The /oauth2callback will response with a 302 status code and missing the Set-Cookie Header in the response.

Starting a topic here instead of a GitHub issue since I know streamlit is aware of issues with file_upload and running multiple instances. Unsure if this is a bug or expected. Unfortunately enabling sticky sessions on the load balancer isn’t an option at the moment - but I’m also surprised at the behavior.