Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing on st.session_state["password"] for further POST/Login request, but safely? #72

Open
alicecommits opened this issue Jun 27, 2023 · 2 comments
Open

Passing on st.session_state["password"] for further POST/Login request, but safely? #72

alicecommits opened this issue Jun 27, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@alicecommits
Copy link

Hi,
Instead of authenticating against the local config.yaml as showcased in the part 1 - streamlit authenticator tutorial, my use case would be passing on:

  • user's email
  • user's password

to the body of a POST/Login request, to access a 3rd-party service that, when authentication succeeds, spits back a token that expires after x hours.

For now, I locally modded the login method within the Authenticate class as follows (which I believe is not good practice...) as it reveals the password when unpacking...

def login(self, form_name: str, location: str='main') -> tuple:
        ...

                login_form.subheader(form_name)
                self.username = login_form.text_input('Username').lower()
                st.session_state['username'] = self.username
                self.password = login_form.text_input('Password', type='password')
                st.session_state['password'] = self.password

                if login_form.form_submit_button('Login'):
                    self._check_credentials()

        return st.session_state['name'], st.session_state['authentication_status'], st.session_state['username'], st.session_state['password']

Note, as a less worse measure, I also tried to use the hasher instead of the bare self.password, but couldn't figure it out...

As I write I'm thinking I could try to "plug" an intermediary custom method within the class definition, that would somehow capture the prompted credentials at submit time. Has anyone encountered the same use case and/or difficulty? If so, how would you or how did you treat it?

Thanks in advance,
@Ota-Sandr-MamaAI
Copy link

@alicecommits I opened #65 describing similar problem. I also posted there a workaround that I am currently using. You can check it.

@alicecommits
Copy link
Author

Hi @Ota-Sandr-MamaAI , I had checked your issue indeed. I wasn't sure back then that my query was related,so I opened this issue. I can try and template my idea based on your workaround. Thanks :)

@mkhorasani mkhorasani added the enhancement New feature or request label Jan 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mkhorasani @alicecommits @Ota-Sandr-MamaAI