@p0povaalesi I’m keen not to swap out Auth0 (it’s an amazing product) and the st app will always need to store the identity (or a key of some sort) in session state so it can retrieve user auth permissions when required from the DB or whatever cloud identity provider solution is used (Auth0, Okta, Azure, Google, etc.). This is why I’m keen that Streamlit provides native session state, rather than the workaround being used.
- The st host app can’t initiate a communication with the embedded web component (except once when it is mounted), so it can’t “ask” it for the session.
- If instead the st app calls a web API of the component, that requires a user token identifier, so isn’t of any use.
The only way I can see to seamlessly share an identity token is to hold it in st session state.
I do have another solution, unpublished at this time which uses a centralized DB. In this solution (which doesn’t use st components) I have an extra step post-login, which returns a one-time expiring unique code to the user who then exchanges it for their auth tokens. But still, this code and exchanged tokens need to be stored in session state, so you’re back to square one! My current solution removes a lot of friction.
If you use what I’ve released and simply force the user to login immediately every time they open your app, then session cross-talk shouldn’t be an issue.