I created a Python-only component that handles using Snowflake OAuth to authenticate users and get a Snowflake Snowpark Python session.
With this, you can “gate” your Streamlit app until the user authenticates via Snowflake (either username/password or SSO), and when they do authenticate you will get back a Snowflake Snowpark Python session object you can use to communicate with Snowflake as the authenticated user.
For locally running apps, the Snowflake
externalbrowser authenticator works nicely. But for apps running on a VM (e.g., EC2) or in a container, this method does not work. However, st_snowauth does support this behavior!
It is as simple as:
import streamlit as st from st_snowauth import snowauth_session st.markdown("## This (and above) is always seen") session = snowauth_session() st.markdown("## This (and below) is only seen after authentication") st.markdown("## You can now use the returned session object to query Snowflake as the authenticated user")
It supports multi-page apps and query parameters, as well!
I also wrote a brief blog post on how to use it: Snowflake OAuth for Streamlit. One of the most common questions I get… | by Brian Hess | Snowflake | Apr, 2023 | Medium
Check out the GitHub repo here: GitHub - sfc-gh-bhess/st_snowauth: Snowflake OAuth component for Streamlit