User authentication

Hi,
I’m trying to use this solution. But the following happens when 2 users use the app at the same time. Example:
User A inputs his password (let’s say ‘pwd_A’) through ‘pwd = st.text_input(…)’ and I save it using session_state.password = pwd.
Then another user (different device) comes and input his password (let’s say pwd_B).
What happens is that for BOTH sessions, now session_state.password is pwd_B (somehow user 2 overwrote session_state.password for user 1).
Can anybody help please?

1 Like

@Juan

Hey,

were you able to resolve the problem? I’m encountering the same and it would be awesome to have a solution for that.

Best,
Michael

Could you post the code that is causing this? Functionally, the session_state should be unique to each user.

1 Like

Sorry for the super late response, I’ll create a minimal example later today.

1 Like

@mibaumgartner maybe this helps?
Two people on same session state

Hi @Juan,

yes, that solved the problem :smiley: Thanks for all your work @theimposingdwarf @Juan :slight_smile:

Best,
Michael

1 Like

Another very safe alternative is to host the streamlit app on AWS,
and use a Load Balancer authentication mechanism to protect access to the server.
This doesn’t require you to implement any login in your code, and you can even implement OAuth flows to login using your google account.
Checkout these guides;


TL;DR of some answers above is to deploy an identity-aware proxy in front of your app, that would solve several issues:

  • authentication - by integrating with your authentication provider (i.e. Google, Microsoft, Okta, Auth0)
  • authorization - which users are allowed
  • application fire-walling - as no parts of your app are accessible until user passes authentication and authorization

there are open source, on-premise and cloud-managed solutions, depending on your deployment strategy.

i.e. check out this example https://github.com/gwrun/tutorials/tree/main/streamlit/docker-compose

Could you share the codes? Thanks!

Check out this repo for an implementation of users using Docker, Nginx, and Streamlit. Scroll down the README until you get to the section on Users, read for more detail.

TBD on security. I think it’s secure, but I’m not doing anything important with this code (tracking personal calories) so I am willing to take the risk of waiting and seeing what busts I find. But if smarter parties than myself wish to pry, the README should take ~5mins to figure out how I did this.

session_id = ReportThread.get_report_ctx().session_id
AttributeError: ‘NoneType’ object has no attribute ‘session_id’

Why I am getting None type object ReportThread

Great work here! However, when I add a sidebar for app navigation or a st.checkbox feature it reroutes to the login credentials… any suggestions? I’m trying to simply make a login using a special password to access the main application. Will love and sincerely appreciate any helpful feedback!

def main():
    st.header('Hello')
    st.balloons()

    # general info
    st.title('Upload File')
    df = st.file_uploader("Upload CSV", type=['csv', 'xlsx'])

    agree = st.checkbox("Test")
    if agree:
        st.checkbox("Hello!", value = True)

I just posted a component-based solution using Auth0 identity provider.

3 Likes

This is great. I was struggling with Auth0 integration though. Could you please share the solution ?

1 Like

Click the link above to expand the post. Should have all you need.

Hi, do we have any solution on social authentication… i’m waiting for now more then 6 months …

@amitmitra see my post. It’s easy to add most types of IdP with Auth0. In my screenshots you can see both enterprise and google auth.

This solution is not correct. It will re-run all scripts when anything is changed in the main() function, so it will ask for password again.
See the example here with password = “admin”

Streamlit Snippets · Streamlit

1 Like

A solution without hardcoding the password in the file would be nice

Hi. Is it possible share your repo?