'read error' after authorizing in Popup on streamlit cloud

[MaraHochstein]

I already posted the details on the streamlit forum: see topic

I think this problem is tied to streamlit cloud (there is another closed topic with the same error here)

minimum reproducable code that I used:

config.toml

[logger]
level = 'debug'

[runner]
fastReruns = false

main.py

import streamlit as st
from streamlit_oauth import OAuth2Component

# Set environment variables
kadiApiBaseURL = 'https://kadi4mat.iam.kit.edu'
AUTHORIZE_URL = kadiApiBaseURL + '/oauth/authorize'
TOKEN_URL = kadiApiBaseURL + '/oauth/token'
REFRESH_TOKEN_URL = kadiApiBaseURL + '/oauth/token'
REVOKE_TOKEN_URL = kadiApiBaseURL + '/oauth/revoke'
CLIENT_ID = st.secrets['oauthClientID']
CLIENT_SECRET = st.secrets['oauthClientSecret']
REDIRECT_URI = 'https://[[**YOUR APP**]].streamlit.app/component/streamlit_oauth.authorize_button/index.html'
SCOPE = ''

# Create OAuth2Component instance
oauth2 = OAuth2Component(CLIENT_ID, CLIENT_SECRET, AUTHORIZE_URL, TOKEN_URL, REFRESH_TOKEN_URL, REVOKE_TOKEN_URL)

result = oauth2.authorize_button("Authorize", REDIRECT_URI, SCOPE, height=800, width=400, use_container_width=True, extras_params={'response_type': 'code'})
if result and 'token' in result:
    # If authorization successful, save token in session state
    st.session_state.token = result.get('token')
    st.rerun()

Since I assume you don't have a Kadi4Mat account, this is the log after clicking on "Authorize" - streamlit loads the redirect and gives "read error" in the popup afterwards. I think this can be reproduced with other URLs as well

streamlit console log

2024-04-26 13:09:20.502 Registered component 'streamlit_oauth.authorize_button': /home/adminuser/venv/lib/python3.12/site-packages/streamlit_oauth/frontend/dist

2024-04-26 13:09:20.508 Creating new DataCache (key=#####data cache key####, persist=None, max_entries=None, ttl=300)

2024-04-26 13:09:20.508 Cache key: #####some key####

2024-04-26 13:09:20.509 Memory cache MISS: #####some key####

2024-04-26 13:09:20.509 Memory cache MISS: #####some key####

2024-04-26 13:09:20.509 Memory cache MISS: #####some key####

2024-04-26 13:09:20.916 Removing orphaned files...

2024-04-26 13:09:21.017 Script run finished successfully; removing expired entries from MessageCache (max_age=2)

2024-04-26 13:09:38.887 ComponentRequestHandler: GET /home/adminuser/venv/lib/python3.12/site-packages/streamlit_oauth/frontend/dist read error

Traceback (most recent call last):

  File "/home/adminuser/venv/lib/python3.12/site-packages/streamlit/web/server/component_request_handler.py", line 54, in get

    with open(abspath, "rb") as file:

         ^^^^^^^^^^^^^^^^^^^

IsADirectoryError: [Errno 21] Is a directory: '/home/adminuser/venv/lib/python3.12/site-packages/streamlit_oauth/frontend/dist'

after button click:

after authorize in popup:

[MaraHochstein]

also tried

[server]
enableCORS = false
enableXsrfProtection = false

in the config.toml

[dnplus]

Hi @MaraHochstein

Can you check https://github.com/dnplus/streamlit-oauth-cc-demo

It is a workable example for deploy to streamlit cloud

[MaraHochstein]

Hi @dnplus I tried, but I get the same error like with my own script. I can continue login with google and accept, but then I get "read error". I did not change any of your test-code besides changing the "os.environ.get()" to "st.secrets['']" (but this can't be the problem since the auth variables are loaded correct).

If you want to test my login, I can add your Email to testusers in google. [see code here]

[dnplus]

Hi @MaraHochstein,

I'm a bit puzzled too. The main difference I noticed is that I'm using Python 3.11.

Feel free to check out my login at https://g-openid-demo.streamlit.app/!

[MaraHochstein]

@dnplus Thats weird, it works on your site.. I thought it might be a browser-related problem.. I deployed the same code to another streamlit app and choose python 11 on deploy, but I get the same error this time with python 3.11 path.. Maybe there is something else I forgot? I added your mailadress from your profile to the testusers so you can try my login https://kaditest2.streamlit.app/

[dnplus]

I got same issue on your site 😅

[MaraHochstein]

Any other idea what is causing this? I just created the app on streamlit.cloud and deployed your testcode with only the auth variables edited..

[dnplus]

I found other difference, the redirect_uri

My app without suffix /index.html

Maybe the streamlit cloud resolve uri in difference way

https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?response_type=code&client_id=966121441218-88n25l32v5qgftv3ufg8t8abo11qrslu.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fg-openid-demo.streamlit.app%2Fcomponent%2Fstreamlit_oauth.authorize_button&state=d2a200427ca74c0c8ea1460c232690de&scope=openid%20email%20profile&prompt=consent&access_type=offline&service=lso&o2v=2&ddm=0&flowName=GeneralOAuthFlow

https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?response_type=code&client_id=360631503944-goaavm88g46foahlc2mur5882qfplr6g.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fkaditest2.streamlit.app%2Fcomponent%2Fstreamlit_oauth.authorize_button%2Findex.html&state=98c2bfa8f3704b51a725c39bd2d34d57&scope=openid%20email%20profile&prompt=consent&access_type=offline&service=lso&o2v=2&ddm=0&flowName=GeneralOAuthFlow

[MaraHochstein]

I tried to remove the "/index.html" in the url but it gets "read error" again

[dnplus]

Did you reboot the apps?

both kaditest kaditest2 的 /index.html still remains in authorization url.

[MaraHochstein]

No, I didn‘t assume I have to reboot the app… But now it works! The "/index.html" was the thing.. It also seem to work now with my kadi-login, but I have to adjust grant type etc to make it work.

Thanks for the help! 👍

[MaraHochstein]

maybe you should mention that in the "getting started" section? https://github.com/dnplus/streamlit-oauth/tree/main?tab=readme-ov-file#getting-started

[dnplus]

maybe you should mention that in the "getting started" section? https://github.com/dnplus/streamlit-oauth/tree/main?tab=readme-ov-file#getting-started

OK