Protecting streamlit behind AWS API Gateway

Hi there,

We want to make it easy for our data scientists to deploy streamlit apps at a public URL without having to worry about users and authentication.

We run REST APIs behind API Gateway with a JWT Authorizer (incidentally, we’re using Auth0). We’d like to make it so that if you try to access the frontend without a token at my-example-streamlit-app.com, you get redirected to a login UI.

This login UI would have you login, and then redirect you back to my-example-streamlit-app.com and this time show you the page.

I can come up with ways to make this redirect happen, but what happens when you finally connect to streamlit? If you press buttons and interact with the page, does streamlit need to somehow add our JWT token to its request headers before sending the usual streamlit requests to the streamlit server behind API Gateway? Will the requests that the frontend sends back to the backend be blocked?

We’d like to avoid modifying the streamlit app itself to accommodate any sort of UI so that the concerns of Auth and the streamlit app are totally decoupled.

Is this possible?