I’m trying to setup a tool to help a user to update a product catalog on an ecommerce platform and I’m hoping to use streamlit to do so. I’ve figured out the data-processing part of this but I can’t seem to get a definitive yes or no about wether I can use streamlet for the interactive portion of what I’m trying to do.
This is the basic workflow I’m trying to achieve:
User logs into website and creates an account- initial connection involves authenticating with their ecommerce platform account and adding their getting their product catalog into my database - This would all happen in django/flask
The user could then launch an interactive page (streamlit) where they would be able to interact with the data in the database I’ve setup (limited in scope to what their account allows)
They would then be able to export, edit, or add new product data that would get pushed up to the ecommerce platform.
Streamlit seems to be able do what I’d want, but I’m unclear on how to limit access to authenticated users, is that possible?
Bringing the Auth context from an outside application into streamlit is tricky or maybe i missed something. The problem is that something would have to read the user information / cookies, and i couldn’t figure out how to do this with the available featureset.
What i ended up was i created a token in the outer application that ties to the users information. I then pass this token via queryparams into streamlit and bind it to his session id. This works until the user refreshes the page. When he does that, the session id renews and we would have to bind the token with the session id again.
In theory it should be possible to have the underlying Tornado read the cookies from your other server instance if you configure it correctly, but i suspect its probably a product decision to include this functionality as a proper and secure auth flow within streamlit for teams.
Hi @samLozier, welcome to the Streamlit community!
I don’t know the answer, as this has never come up before. In general, we haven’t spent much (if any) time thinking about integration with Flask or django, not because they aren’t quality projects, but they have somewhat different goals to where we started.
Like @jay mentions, it’s probably possible depending on how you call that authentication service, but it’s not something that currently exists.
One thing to keep in mind is that we wouldn’t be artificially limiting what Streamlit the open-source project would be doing in order to promote Streamlit for Teams (the commercial side of the company). I’d love to see someone in the community figure this out, incorporating with Flask/django just isn’t one of our higher priorities at this time.
I’d love to see someone in the community figure this out, incorporating with Flask/django just isn’t one of our higher priorities at this time.
In that case i will give this a try on the weekend to see how complicated this will be and if this looks reasonable i would open up an official request according to the guidelines and try an implementation?
Hey, so our current application is actually a Django app that is connected with a OAuth service for authentication. This writes a cookie for us and we managed to expose this cookie to the underlying Tornado server, so this should enable us to tie the session id of streamlit to the cookie and thus allow us to uniquely identify users permanently. And from there we should be able to write additional data into the headers so that it can be grabbed from the application that imports streamlit.
There are a few caveats in this though, which is ongoing research on our end.
This requires a custom streamlit compile or a proper contribution to work, as i dont see any other way
Your streamlit server might have to run on the same domain than your django app thats setting the cookie (not 100% sure about that though)
I wanted to discuss this in more detail once i file a contribution request to see if the streamlit product owners think if this makes sense and also to get their feedback about our approach as they have a much more detailed understanding of the underlying technology… Unfortunately to do this properly it´ll probably take a bit from what ive seen with previous contribution timelines.
I also would argue that this approach isnt specific to any technology but should work universal with any service that can write cookies for auth (so pretty much all of them) - the trick is just to make them reusable within Tornado.
Thanks for stopping by! We use cookies to help us understand how you interact with our website.
By clicking “Accept all”, you consent to our use of cookies. For more information, please see our privacy policy.
Cookie settings
Strictly necessary cookies
These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
Performance cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand how visitors move around the site and which pages are most frequently visited.
Functional cookies
These cookies are used to record your choices and settings, maintain your preferences over time and recognize you when you return to our website. These cookies help us to personalize our content for you and remember your preferences.
Targeting cookies
These cookies may be deployed to our site by our advertising partners to build a profile of your interest and provide you with content that is relevant to you, including showing you relevant ads on other websites.