Skip to main content

Keycloak authentication for Streamlit

Project description

Streamlit Keycloak

Keycloak user authentication and single sign-on inside your Streamlit app

Installation

pip install streamlit-keycloak

Usage

Provide the URL to your Keycloak server, the realm and client and the component will perform the authentication when the app is rendered. First it will attempt to silently authenticate using single sign-on. If this fails, a dialog will appear from which you can open a popup to the Keycloak login page.

When authentication is successful, the component returns a dataclass containing the authentication state, an access token, which can be used to access other restricted resources, a refresh token and a user info object, containing e.g. the username and group memberships. If your configuration provides refresh tokens, the access token can be automatically refreshed when it expires.

So far the component has not been tested in a wide variety of environments. So if you’re also using Keycloak and would benefit from less logging in and easy access to tokens, give this a go and share your experience. Feedback is always welcome.

Frontend authentication like this can only be done with clients that have their access type set to ‘public’ as their is no way to securely provide the client secret from the browser.

Examples

from dataclasses import asdict
from streamlit_keycloak_lex import login
import streamlit as st


def main():
    st.subheader(f"Welcome {keycloak.user_info['preferred_username']}!")
    st.write(f"Here is your user information:")
    st.write(asdict(keycloak))


st.title("Streamlit Keycloak example")
keycloak = login(
    url="http://localhost:8080",
    realm="myrealm",
    client_id="myclient",
)

if keycloak.authenticated:
    main()

streamlit-keycloak showcase|639x663

By default your access tokens will be refreshed when they expire. Refreshing the tokens will cause your app to be rerendered. If this is not desired, this behaviour can be disabled using the auto_refresh parameter.

keycloak = login(    
    url="http://localhost:8080",
    realm="myrealm",
    client_id="myclient",
    auto_refresh=False
)

Depending on your Keycloak configuration, you might want to specify additional parameters to the Keycloak. These can be provided using the init_options parameter and will be passed to the init function in the frontend. See the keycloak-js documentation for details.

keycloak = login(    
    url="http://localhost:8080",
    realm="myrealm",
    client_id="myclient",
    init_options={
        "checkLoginIframe": False
    }
)

All text in the login dialog can be customized using the custom_labels parameter, by providing a dictionary with specific keys set.

keycloak = login(    
    url="http://localhost:8080",
    realm="myrealm",
    client_id="myclient",
    custom_labels={
        "labelButton": "Sign in",
        "labelLogin": "Please sign in to your account.",
        "errorNoPopup": "Unable to open the authentication popup. Allow popups and refresh the page to proceed.",
        "errorPopupClosed": "Authentication popup was closed manually.",
        "errorFatal": "Unable to connect to Keycloak using the current configuration."   
    }
)

Getting started with Keycloak

Setting up your own Keycloak instance can be tricky. This guide should get you started.

TLDR

  • Create your Keycloak instance
  • Create a realm
  • Create a client
  • Create a user
    • Set a password for it

A minimum configuration should look something like this: keycloak configuration

Credits

Many thanks to the authors of the streamlit-keycloak which is the base of this package.

Many thanks to the authors of the streamlit-auth0 and auth0-spa-js packages for inspiring a large part of the approach.

And thanks to 93degree for the Svelte component template, which is awesome.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

streamlit_keycloak_lex-1.0.1.tar.gz (361.2 kB view details)

Uploaded Source

File details

Details for the file streamlit_keycloak_lex-1.0.1.tar.gz.

File metadata

File hashes

Hashes for streamlit_keycloak_lex-1.0.1.tar.gz
Algorithm Hash digest
SHA256 1f92d4411805399e710a964258756397df0b7cfe6601a53b7d13f831dd79c35f
MD5 38a9c8bed720894e8f4a31ede1caf14b
BLAKE2b-256 40ff460392eba354dc3db268c76c089d2a58efa9efd9a92da9ad92b6858a4925

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page