search

mkhorasani / Streamlit-Authenticator

A secure authentication module to validate user credentials in a Streamlit application.
Apache License 2.0
1.38k stars 229 forks source link

Passing on st.session_state["password"] for further POST/Login request, but safely? #72

Open alicecommits opened 1 year ago

alicecommits commented 1 year ago

Hi, Instead of authenticating against the local config.yaml as showcased in the part 1 - streamlit authenticator tutorial, my use case would be passing on:

to the body of a POST/Login request, to access a 3rd-party service that, when authentication succeeds, spits back a token that expires after x hours.

For now, I locally modded the login method within the Authenticate class as follows (which I believe is not good practice...) as it reveals the password when unpacking...

def login(self, form_name: str, location: str='main') -> tuple:
        ...

                login_form.subheader(form_name)
                self.username = login_form.text_input('Username').lower()
                st.session_state['username'] = self.username
                self.password = login_form.text_input('Password', type='password')
                st.session_state['password'] = self.password

                if login_form.form_submit_button('Login'):
                    self._check_credentials()

        return st.session_state['name'], st.session_state['authentication_status'], st.session_state['username'], st.session_state['password']

Note, as a less worse measure, I also tried to use the hasher instead of the bare self.password, but couldn't figure it out...

As I write I'm thinking I could try to "plug" an intermediary custom method within the class definition, that would somehow capture the prompted credentials at submit time. Has anyone encountered the same use case and/or difficulty? If so, how would you or how did you treat it?

Thanks in advance,

Ota-Sandr-MamaAI commented 1 year ago

@alicecommits I opened https://github.com/mkhorasani/Streamlit-Authenticator/issues/65 describing similar problem. I also posted there a workaround that I am currently using. You can check it.

alicecommits commented 1 year ago

Hi @Ota-Sandr-MamaAI , I had checked your issue indeed. I wasn't sure back then that my query was related,so I opened this issue. I can try and template my idea based on your workaround. Thanks :)