Before Streamlit released st.login, I wrote an app that implemented Oauth2.0 authentication with three platforms (Facebook, Google and LinkedIn). I am now trying to migrate to st.login, but am experiencing mixed results.
I set up secrets.toml based on Example 3 from st.login - Streamlit Docs and using Client IDs and Client Secrets used successfully by a beta version of production app (https://nychsfilter.steamlit.app).
The OIDC Discover Document links I used are:
server_metadata_url = “https://limited.facebook.com/.well-known/openid-configuration/”
server_metadata_url = “https://accounts.google.com/.well-known/openid-configuration”
server_metadata_url = “https://www.linkedin.com/oauth/.well-known/openid-configuration”
The code I used (below) follows the pattern in
if not st.user.is_logged_in:
if st.button(“Log in with Facebook”):
st.login(“facebook-beta”)
if st.button(“Log in with Google”):
st.login(“google-beta”)
if st.button(“Log in with LinkedIn”):
st.login(“linkedin-beta”)
With Google, everything works perfectly.
With LinkedIn, I successfully get to LinkedIn’s authentication screen, enter my credentials and click to allow the app access to my LinkedIn data. But then I receive the following error:
authlib.integrations.base_client.errors.OAuthError: invalid_request: A required parameter “client_secret“ is missing
Full message:
2025-11-17 16:59:07.332 Uncaught exception GET /oauth2callback?code=AQR00oIj2E7gpZls56mEgov1D7l-sH6U1pUPc1-PefkpMQgDRxuQ7gj8tbWJAzq2iUOsGKcZ-yaFfGj-q_xzJUOW_mUgR7Gk-lfhAD6Z9DaggttM0yMu9xsBPq-bQtARkY5LBZn1EXMqiqEE1D99cj2FDvwYtbW4yArXCxRnaGmftByzn1-30cRIkWakHRupED9-1eTmtB91fXtjt6M&state=rVcCS40DIXAhW2Qu0vy7zLwuqMXhln (127.0.0.1)
HTTPServerRequest(protocol=‘http’, host=‘localhost:8501’, method=‘GET’, uri=‘/oauth2callback?code=AQR00oIj2E7gpZls56mEgov1D7l-sH6U1pUPc1-PefkpMQgDRxuQ7gj8tbWJAzq2iUOsGKcZ-yaFfGj-q_xzJUOW_mUgR7Gk-lfhAD6Z9DaggttM0yMu9xsBPq-bQtARkY5LBZn1EXMqiqEE1D99cj2FDvwYtbW4yArXCxRnaGmftByzn1-30cRIkWakHRupED9-1eTmtB91fXtjt6M&state=rVcCS40DIXAhW2Qu0vy7zLwuqMXhln’, version=‘HTTP/1.1’, remote_ip=‘127.0.0.1’)
Traceback (most recent call last):
File “/Users/danielrosner/PycharmProjects/nychf/venv/lib/python3.9/site-packages/tornado/web.py”, line 1848, in _execute
result = await result
File “/Users/danielrosner/PycharmProjects/nychf/venv/lib/python3.9/site-packages/streamlit/web/server/oauth_authlib_routes.py”, line 172, in get
token = client.authorize_access_token(self)
File “/Users/danielrosner/PycharmProjects/nychf/venv/lib/python3.9/site-packages/streamlit/web/server/oidc_mixin.py”, line 90, in authorize_access_token
token = self.fetch_access_token(**params, **kwargs)
File “/Users/danielrosner/PycharmProjects/nychf/venv/lib/python3.9/site-packages/authlib/integrations/base_client/sync_app.py”, line 376, in fetch_access_token
token = client.fetch_token(token_endpoint, **params)
File “/Users/danielrosner/PycharmProjects/nychf/venv/lib/python3.9/site-packages/authlib/oauth2/client.py”, line 246, in fetch_token
return self._fetch_token(
File “/Users/danielrosner/PycharmProjects/nychf/venv/lib/python3.9/site-packages/authlib/oauth2/client.py”, line 445, in _fetch_token
return self.parse_response_token(resp)
File “/Users/danielrosner/PycharmProjects/nychf/venv/lib/python3.9/site-packages/authlib/oauth2/client.py”, line 420, in parse_response_token
raise self.oauth_error_class(
authlib.integrations.base_client.errors.OAuthError: invalid_request: A required parameter “client_secret” is missing
2025-11-17 16:59:07.345 500 GET /oauth2callback?code=AQR00oIj2E7gpZls56mEgov1D7l-sH6U1pUPc1-PefkpMQgDRxuQ7gj8tbWJAzq2iUOsGKcZ-yaFfGj-q_xzJUOW_mUgR7Gk-lfhAD6Z9DaggttM0yMu9xsBPq-bQtARkY5LBZn1EXMqiqEE1D99cj2FDvwYtbW4yArXCxRnaGmftByzn1-30cRIkWakHRupED9-1eTmtB91fXtjt6M&state=rVcCS40DIXAhW2Qu0vy7zLwuqMXhln (127.0.0.1) 432.05ms
The above error is strange considering there is clearly a client_secret in the secrets.toml
With Facebook I needed to include client_kwargs = { "scope" = "email" } to avoid an “Invalid Scope” error. Once I fixed that, I successfully reached Facebook’s authentication screen, entered my credentials and clicked to allow the app access to my Facebook data. But then I received the following error:
requests.exceptions.MissingSchema: Invalid URL ‘None’: No scheme supplied. Perhaps you meant https://None?
Full message:
2025-11-19 21:50:25.352 Uncaught exception GET /oauth2callback?code=AQC-se2DBWIfCpfGPFnCpniOPbIesqWTWQVhaO4gk11g2Fj25ozDfQo7exgEQysYfAHHUdLxq17QtIdHt9VikpiEe21FnrAJQj0HbBeTiLxQ-tHZ2Adx3M6HATxQC_fQ6HTKyx3894Jl_cZF9bWSNmfeDoVtUc66gJmPMxt9FndVfojD46tfbWo4zQ1XTwjHr_9UIU2GSLb0z9HVfzJZdkuwps4moqZ0Bse8oAHb0fJSFVeAasWzlN8s0aqPiykABspGAIHbitIZ17IQ7pMPVbBpBhSCsvBFq-D8YwYAoKc6xeRjcZgnubVRbmaz4ZuYYQtrtVOu5kVb_84oi9xbY9hW_GEOimZKfyUH7ac79Uoeo1fTNQXIGH5_DtdSU9cKhzEGrzOMJG99a4IYM_ZtNzRLQL7JRn-p-sU-ys2GmXDsZ6ygxTSSeM69UqU754WPWOw&state=pPHqcZ4BbzUlBWAdeDA04b1VTWQyqA (127.0.0.1)
HTTPServerRequest(protocol=‘http’, host=‘localhost:8501’, method=‘GET’, uri=‘/oauth2callback?code=AQC-se2DBWIfCpfGPFnCpniOPbIesqWTWQVhaO4gk11g2Fj25ozDfQo7exgEQysYfAHHUdLxq17QtIdHt9VikpiEe21FnrAJQj0HbBeTiLxQ-tHZ2Adx3M6HATxQC_fQ6HTKyx3894Jl_cZF9bWSNmfeDoVtUc66gJmPMxt9FndVfojD46tfbWo4zQ1XTwjHr_9UIU2GSLb0z9HVfzJZdkuwps4moqZ0Bse8oAHb0fJSFVeAasWzlN8s0aqPiykABspGAIHbitIZ17IQ7pMPVbBpBhSCsvBFq-D8YwYAoKc6xeRjcZgnubVRbmaz4ZuYYQtrtVOu5kVb_84oi9xbY9hW_GEOimZKfyUH7ac79Uoeo1fTNQXIGH5_DtdSU9cKhzEGrzOMJG99a4IYM_ZtNzRLQL7JRn-p-sU-ys2GmXDsZ6ygxTSSeM69UqU754WPWOw&state=pPHqcZ4BbzUlBWAdeDA04b1VTWQyqA’, version=‘HTTP/1.1’, remote_ip=‘127.0.0.1’)
Traceback (most recent call last):
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/tornado/web.py”, line 1848, in _execute
result = await result
^^^^^^^^^^^^
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/streamlit/web/server/oauth_authlib_routes.py”, line 172, in get
token = client.authorize_access_token(self)
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/streamlit/web/server/oidc_mixin.py”, line 90, in authorize_access_token
token = self.fetch_access_token(**params, **kwargs)
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/authlib/integrations/base_client/sync_app.py”, line 376, in fetch_access_token
token = client.fetch_token(token_endpoint, **params)
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/authlib/oauth2/client.py”, line 246, in fetch_token
return self._fetch_token(
~~~~~~~~~~~~~~~~~^
url, body=body, auth=auth, method=method, headers=headers, **session_kwargs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/authlib/oauth2/client.py”, line 430, in _fetch_token
resp = self.session.post(
url, data=dict(url_decode(body)), headers=headers, auth=auth, **kwargs
)
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/requests/sessions.py”, line 637, in post
return self.request(“POST”, url, data=data, json=json, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/authlib/integrations/requests_client/oauth2_session.py”, line 140, in request
return super().request(method, url, auth=auth, **kwargs)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/requests/sessions.py”, line 575, in request
prep = self.prepare_request(req)
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/requests/sessions.py”, line 484, in prepare_request
p.prepare(
~~~~~~~~~^
method=request.method.upper(),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
…<10 lines>…
hooks=merge_hooks(request.hooks, self.hooks),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/requests/models.py”, line 367, in prepare
self.prepare_url(url, params)
~~~~~~~~~~~~~~~~^^^^^^^^^^^^^
File “/Users/danielrosner/PycharmProjects/nychf/venv2/lib/python3.13/site-packages/requests/models.py”, line 438, in prepare_url
raise MissingSchema(
…<2 lines>…
)
requests.exceptions.MissingSchema: Invalid URL ‘None’: No scheme supplied. Perhaps you meant ``https://None``?
2025-11-19 21:50:25.362 500 GET /oauth2callback?code=AQC-se2DBWIfCpfGPFnCpniOPbIesqWTWQVhaO4gk11g2Fj25ozDfQo7exgEQysYfAHHUdLxq17QtIdHt9VikpiEe21FnrAJQj0HbBeTiLxQ-tHZ2Adx3M6HATxQC_fQ6HTKyx3894Jl_cZF9bWSNmfeDoVtUc66gJmPMxt9FndVfojD46tfbWo4zQ1XTwjHr_9UIU2GSLb0z9HVfzJZdkuwps4moqZ0Bse8oAHb0fJSFVeAasWzlN8s0aqPiykABspGAIHbitIZ17IQ7pMPVbBpBhSCsvBFq-D8YwYAoKc6xeRjcZgnubVRbmaz4ZuYYQtrtVOu5kVb_84oi9xbY9hW_GEOimZKfyUH7ac79Uoeo1fTNQXIGH5_DtdSU9cKhzEGrzOMJG99a4IYM_ZtNzRLQL7JRn-p-sU-ys2GmXDsZ6ygxTSSeM69UqU754WPWOw&state=pPHqcZ4BbzUlBWAdeDA04b1VTWQyqA (127.0.0.1) 149.44ms
Right now I am running the app locally on an Macbook Pro, using Streamlit 1.50 and Python 3.9
Any thoughts or guidance on the LinkedIn and Facebook issues would be appreciated.
Thanks