Adding user authentication to a Streamlit app

In the world of web applications, keeping your users information secure is a top priority. Whether you are building a simple app for a small group or a complex system for thousands, user authentication plays a crucial role in safeguarding access. But how do you incorporate this essential feature, especially in applications developed with Streamlit?

Streamlit has quickly become a favorite among data scientists and developers for creating interactive web apps with Python. Its ease of use and simplicity make it an excellent choice for a wide range of projects. However, when it comes to adding user authentication, the journey can seem a bit daunting at first.

In this blog post, we’ll demystify the process of adding user authentication to your Streamlit application. We’ll explore a few straightforward methods that cater to different needs and skill levels. Whether you’re seeking to implement a basic login system or integrate with more advanced services, we’ve got you covered. Join us as we delve into these approaches, making your Streamlit app not only functional but also secure.

Ploomber Cloud

Password Protection

With Ploomber Cloud, this once complex process has become surprisingly simple. Just imagine, all it takes to secure your application is a single click and entering your chosen username and password. This effortless setup eliminates the common barriers that many developers face when trying to protect their applications, making it accessible to users of all skill levels. By choosing Ploomber Cloud, you’re not just adding a layer of protection; you’re doing it in the simplest way possible.

Security is a top priority in any web application, and Ploomber Cloud takes this seriously by ensuring that all credentials are encrypted. This means that your username and password are not just hidden but transformed into a format that is extremely difficult for unauthorized parties to decode. This level of security provides peace of mind, knowing that your application’s access controls can’t easily be bypassed or compromised. Whether you’re handling sensitive information or just looking to keep your application’s features exclusive to certain users, Ploomber Cloud’s encryption safeguards your authentication details.

What’s even more appealing about using Ploomber Cloud for your Streamlit applications is its framework-agnostic nature. This means if you decide to branch out and use different web frameworks for your future projects, you can still utilize the same straightforward method to add authentication. This compatibility saves you time and effort, as you won’t need to learn a new process or integrate different security measures each time you explore a new framework. Ploomber Cloud’s versatility extends the value of its simple and secure authentication process across various platforms, making it an exceptional choice for developers working in diverse environments.

Learn more about deploying Streamlit apps in our documentation

Auth0 Authentication

Note that Ploomber Cloud’s password protection works for a single set of credentials. However, if you need a more sophisticated way of securing your application you can check out Auth0. Auth0 is a platform that allows developers to implement secure login processes and control access to applications. Here are some advantages of using auth0:

• Single Sign-On (SSO): allows users to log into multiple applications using the same login credentials.
• Social login: allows users to log in using their existing credentials from another account, such as Facebook, Google, or Amazon.
• Passwordless connections: allows users to log in using a one-time password (OTP) sent via SMS to their phone or their email address.
• Multi-Factor Authentication: acts as an extra layer of security that requires users to provide more than one piece of verifying information before logging in.
• Account recovery: allows them to regain access to their account if the user has forgotten their password or lost access to one of their devices.

Ploomber Cloud enables you to easily secure your Streamlit applications using auth0.

Let’s look at a sample application in which we read the HTTP header X-Auth-Name from the current session:

import streamlit as st
from streamlit.web.server.websocket_headers import _get_websocket_headers

headers = _get_websocket_headers()

header_name = headers.get("X-Auth-Name")
st.write(header_name)

To learn more about authenticating this app using Auth0 check out this blog.

Manually adding an authentication form

Streamlit offers a rather straightforward approach to adding authentication to applications, especially useful for developers looking to implement a basic level of security without delving into the complexities of Single Sign-On (SSO). However, it’s important to note right off the bat that Streamlit’s own documentation cautions users that this level of security is not as robust as authenticating with an SSO provider. This acknowledgment is refreshingly honest, yet it flags a potential area of concern for applications requiring more stringent security measures.

The first option Streamlit proposes is a single global password for all users, stored securely using its Secrets management feature. This method’s simplicity is its biggest advantage, making it extremely easy to implement. However, the drawbacks are significant—any change to the password affects all users, and there’s no differentiation between user access levels. While this may suffice for smaller projects or internal tools, it’s a considerable limitation for more complex or sensitive applications.

In diving into the process, Streamlit’s guide is clear and beginner-friendly. The steps include adding the password to your local app secrets, copying your app secrets to the cloud, and modifying your Streamlit app to request the password. The necessity of ensuring the .streamlit/secrets.toml file is not pushed to public repositories is emphasized, a crucial point for maintaining security. Despite the ease of implementation, the lack of user-specific authentication options in this method is a glaring weakness.

Streamlit’s second option offers slightly more sophistication by allowing individual usernames and passwords for each user. While this adds a layer of personalized access control, the methodology remains fundamentally the same, storing credentials in the app secrets and making them available for verification in the cloud. This method addresses some of the limitations of the global password approach by providing a way to revoke or change access on a per-user basis without impacting all users. However, it still doesn’t match the security and flexibility offered by more advanced authentication services.

The instructions for setting up user-specific passwords are similar to the global password setup, with the addition of handling usernames. Streamlit’s documentation is detailed, walking users through each step, from modifying the .streamlit/secrets.toml file to adjusting the Streamlit app for username and password inputs. The approach is commendable for its accessibility to beginners, yet, the inherent security concerns and the manual management of user credentials might deter more advanced users or those with higher security needs.

To sum up, Streamlit presents a handy, if basic, solution for adding authentication to Streamlit apps. Its major selling points are simplicity and ease of use, ideally suited for developers quickly safeguarding less critical applications. Nonetheless, for those developing applications where security is paramount, Streamlit’s authentication methods might fall short, emphasizing the trade-off between convenience and comprehensive security. Despite these caveats, Streamlit’s effort to provide a straightforward path to authentication, while openly acknowledging its limitations, is laudable.

Streamlit-Authenticator

Streamlit-Authenticator is a package that facilitates user authentication within Streamlit applications. Authored by Mohammad Khorasani, this package is born out of a necessity to equip projects with the capability to authenticate users alongside managing different privilege levels, a feature critical for applications aimed at corporate environments or those requiring user-specific access controls. The introduction by Khorasani, highlighting his journey towards developing Streamlit-Authenticator, underscores the importance of sharing knowledge within the community.

Installing and setting up Streamlit-Authenticator appears straightforward, beginning with a simple installation command followed by the incorporation of user credentials into a YAML file. The emphasis on hashing passwords is a pivotal security measure, acknowledging the tool’s attention towards safeguarding user information. However, the reliance on YAML for configuration might introduce complexity for beginners unfamiliar with this format or those seeking a more dynamic approach to user management.

Creating a login widget and authenticating users is streamlined through the use of an authenticator object, suggesting the tool’s potential in enhancing user experience by securely managing access. The ability to implement user privileges further contributes to creating a tailored user experience, allowing for a more personalized interaction with the application based on the user’s identity.

Despite these features, Streamlit-Authenticator does present areas of potential concern. The process, while seemingly detailed, may appear daunting to those new to application development or unfamiliar with concepts like hashing and JWT cookies. Additionally, the manual management of users and privileges through a YAML file could become cumbersome for applications with a growing user base, suggesting a possible scalability issue for larger projects.

In conclusion, Streamlit-Authenticator offers a solid foundation for developers looking to incorporate authentication into their Streamlit applications. Its approach to user management and security is commendable, yet it might benefit from enhancements in usability and scalability. While there’s an inherent learning curve and potential complexity in managing users, the package remains a valuable tool for developers prioritizing security and personalized user access within their Streamlit projects.