Open chuong98 opened 1 month ago
mkhorasani
commented
1 month ago Hi @chuong98, currently you can specify a list of pre-authorized emails or domains that are allowed to register, anything else will not be allowed to register. Please check the pre_authorized feature for this widget. However, in the future, I do plan on implementing such a feature.
nchanko
commented
3 weeks ago Hi @mkhorasani . I've been searching for authentication method in streamliit for months, and I found yours. It's a wonderful library. Kudos to you. I also found some bugs in registration, saw it's been reported. If unauthorized person knows preauthorized email address, they can login before the actual owner does?
chuong98
commented
3 weeks ago Hi @mkhorasani . I've been searching for authentication method in streamliit for months, and I found yours. It's a wonderful library. Kudos to you. I also found some bugs in registration, saw it's been reported. If unauthorized person knows preauthorized email address, they can login before the actual owner does?
Yes, theoretically he can create an account with his password before the true owner does. In my case, I don't want limit the user registration, but they must use their real email.
mkhorasani
commented
3 weeks ago Hi @mkhorasani . I've been searching for authentication method in streamliit for months, and I found yours. It's a wonderful library. Kudos to you. I also found some bugs in registration, saw it's been reported. If unauthorized person knows preauthorized email address, they can login before the actual owner does?
This is not a bug per se and is intentional by design. There's no reason why a user should have access to the list of pre-authorized emails, in the same way that the user should not have access to any other private information in the config file.
mkhorasani
commented
3 weeks ago Hi @mkhorasani . I've been searching for authentication method in streamliit for months, and I found yours. It's a wonderful library. Kudos to you. I also found some bugs in registration, saw it's been reported. If unauthorized person knows preauthorized email address, they can login before the actual owner does?
Yes, theoretically he can create an account with his password before the true owner does. In my case, I don't want limit the user registration, but they must use their real email.
Yes, if you want to limit user registration by domain name, you can use the domains parameter in the register_user widget.
Hi, thanks for the package. It will be more practical if after registering, we send an auto generated password (or a verification link) to the email that user registered.
The user needs to login with the received password for the first time (or click on verification link).
It is almost a standard process to avoid creating user with fake email.
Thank you.