User authentication

I did a simple test and oauth2-proxy seems to be a interesting option!
It’s a simple oauth proxy, therefore I could protect my streamlit application behind a google-login page.

Please be aware that oauth is not a trivial flow so, consider wisely all your requirements (i.e. logout, security, etc) :slight_smile:

Simple demo:

4 Likes

Hi and thx for the suggestions! :slight_smile:

I have the following error:
ModuleNotFoundError: No module named 'SessionState'

I tried to install various libraries but the error is still there.

Any idea anyone?

Thanks,
Charly

Hi Charly,

You need the SessionState gist. I.e. put the file SessionState.py from here in your project.

There are are different versions of the SessionState gist out there, but it looks like this one is recent. See e.g. this thread for some additional inspiration.

Best regards,
Peter

2 Likes

Hi,
I’m trying to use this solution. But the following happens when 2 users use the app at the same time. Example:
User A inputs his password (let’s say ‘pwd_A’) through ‘pwd = st.text_input(…)’ and I save it using session_state.password = pwd.
Then another user (different device) comes and input his password (let’s say pwd_B).
What happens is that for BOTH sessions, now session_state.password is pwd_B (somehow user 2 overwrote session_state.password for user 1).
Can anybody help please?

1 Like

@Juan

Hey,

were you able to resolve the problem? I’m encountering the same and it would be awesome to have a solution for that.

Best,
Michael

Could you post the code that is causing this? Functionally, the session_state should be unique to each user.

1 Like

Sorry for the super late response, I’ll create a minimal example later today.

1 Like

@mibaumgartner maybe this helps?
Two people on same session state

Hi @Juan,

yes, that solved the problem :smiley: Thanks for all your work @theimposingdwarf @Juan :slight_smile:

Best,
Michael

1 Like

Another very safe alternative is to host the streamlit app on AWS,
and use a Load Balancer authentication mechanism to protect access to the server.
This doesn’t require you to implement any login in your code, and you can even implement OAuth flows to login using your google account.
Checkout these guides;


TL;DR of some answers above is to deploy an identity-aware proxy in front of your app, that would solve several issues:

  • authentication - by integrating with your authentication provider (i.e. Google, Microsoft, Okta, Auth0)
  • authorization - which users are allowed
  • application fire-walling - as no parts of your app are accessible until user passes authentication and authorization

there are open source, on-premise and cloud-managed solutions, depending on your deployment strategy.

i.e. check out this example https://github.com/gwrun/tutorials/tree/main/streamlit/docker-compose

Could you share the codes? Thanks!

Check out this repo for an implementation of users using Docker, Nginx, and Streamlit. Scroll down the README until you get to the section on Users, read for more detail.

TBD on security. I think it’s secure, but I’m not doing anything important with this code (tracking personal calories) so I am willing to take the risk of waiting and seeing what busts I find. But if smarter parties than myself wish to pry, the README should take ~5mins to figure out how I did this.

session_id = ReportThread.get_report_ctx().session_id
AttributeError: ‘NoneType’ object has no attribute ‘session_id’

Why I am getting None type object ReportThread

Great work here! However, when I add a sidebar for app navigation or a st.checkbox feature it reroutes to the login credentials… any suggestions? I’m trying to simply make a login using a special password to access the main application. Will love and sincerely appreciate any helpful feedback!

def main():
    st.header('Hello')
    st.balloons()

    # general info
    st.title('Upload File')
    df = st.file_uploader("Upload CSV", type=['csv', 'xlsx'])

    agree = st.checkbox("Test")
    if agree:
        st.checkbox("Hello!", value = True)

I just posted a component-based solution using Auth0 identity provider.

1 Like

This is great. I was struggling with Auth0 integration though. Could you please share the solution ?

1 Like

Click the link above to expand the post. Should have all you need.

Hi, do we have any solution on social authentication… i’m waiting for now more then 6 months …

@amitmitra see my post. It’s easy to add most types of IdP with Auth0. In my screenshots you can see both enterprise and google auth.