1. Context & Environment
-
Framework Version: Streamlit v1.53.0 (latest stable release).
-
Feature used: Native
st.loginwith Microsoft Identity Platform (OpenID Connect). -
Deployment Platform: Streamlit Community Cloud.
-
Organization authen by email
-
Identity Provider: Microsoft Entra ID (Azure AD) with complex Group Membership Claims.
2. Issue Description
Upon successful authentication via the Microsoft Identity Platform, the redirection back to the application hosted on Streamlit Community Cloud results in a “400 Bad Request: Request Header Or Cookie Too Large (nginx/1.27.4)” error. This issue consistently occurs when the authenticated user belongs to multiple organizational groups, which is a standard configuration in a large-scale medical and academic institution like ours.
Please some one help me to solve this!
You’re running into a known limitation: when using st.login with Microsoft Entra ID, if a user is a member of many AD groups, the group claims in the ID token can make the authentication cookie too large. This exceeds browser/server limits (typically 4KB), resulting in the “400 Bad Request: Request Header Or Cookie Too Large” error on Streamlit Community Cloud and other nginx-based deployments. This is especially common in large organizations with complex group structures.