1. Are you running your app locally or is it deployed?
   Locally
2. Share the link to your app’s public GitHub repository: streamlit-redhat/streamlit_redhat/sso/example.py at master · RedHatInsights/streamlit-redhat · GitHub
3. Share the full text of the error message (not a screenshot).
4. Share the Streamlit and Python versions: streamlit==1.45.1, Python 3.13.3

My secrets look like

[auth]
redirect_uri = "http://localhost:8501/oauth2callback"
cookie_secret = "XXX"
client_kwargs = { "response_type" = "code id_token token" }

[auth.sso-stage]
client_id = "XXX"
client_secret = "XXX"
server_metadata_url = "https://sso.stage.redhat.com/auth/realms/redhat-external/.well-known/openid-configuration"

and my code uses

st.button("Log in with Red Hat SSO", on_click=st.login, args=["sso-stage"])

Even though I’m sending some extra kwargs to the client (Final: OpenID Connect Core 1.0 incorporating errata set 2), the st.user does not contain any extra fields like access_token. How are we supposed to get the JWT in order to authenticate with external APIs?

The implementation of OIDC in st.user handles and decodes the token for you, so you don’t access the token itself. Instead, you access the properties within the token directly.

If you would like to, you can upvote a feature request to make the token accessible: Option to Return Access Token in st.login · Issue #10378 · streamlit/streamlit · GitHub

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.