{"id":14970836,"url":"https://github.com/bleumink/streamlit-keycloak","last_synced_at":"2025-10-26T13:31:37.570Z","repository":{"id":62632447,"uuid":"561216639","full_name":"bleumink/streamlit-keycloak","owner":"bleumink","description":"User authentication and single sign-on in your Streamlit app using Keycloak","archived":false,"fork":false,"pushed_at":"2023-05-04T12:12:12.000Z","size":2013,"stargazers_count":48,"open_issues_count":11,"forks_count":8,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-03-15T10:54:27.421Z","etag":null,"topics":["keycloak","streamlit"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bleumink.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-03T07:55:50.000Z","updated_at":"2024-06-21T19:07:01.969Z","dependencies_parsed_at":"2024-06-21T19:06:46.703Z","dependency_job_id":"e7507b78-ef9b-4d8c-a1f0-2a7415da5653","html_url":"https://github.com/bleumink/streamlit-keycloak","commit_stats":{"total_commits":39,"total_committers":1,"mean_commits":39.0,"dds":0.0,"last_synced_commit":"b03ef8f3e0b663338b5f8b6ab6850536e1c4b423"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bleumink%2Fstreamlit-keycloak","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bleumink%2Fstreamlit-keycloak/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bleumink%2Fstreamlit-keycloak/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bleumink%2Fstreamlit-keycloak/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bleumink","download_url":"https://codeload.github.com/bleumink/streamlit-keycloak/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219862885,"owners_count":16555951,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["keycloak","streamlit"],"created_at":"2024-09-24T13:44:13.074Z","updated_at":"2025-10-26T13:31:31.975Z","avatar_url":"https://github.com/bleumink.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Streamlit Keycloak\n**Keycloak user authentication and single sign-on inside your Streamlit app**\n\n## Installation\n`pip install streamlit-keycloak`\n\n## Usage\nProvide the URL to your Keycloak server, the realm and client and the component will perform the authentication when the app is rendered. First it will attempt to silently authenticate using single sign-on. If this fails, a dialog will appear from which you can open a popup to the Keycloak login page.\n\nWhen authentication is successful, the component returns a dataclass containing the authentication state, an access token, which can be used to access other restricted resources, a refresh token and a user info object, containing e.g. the username and group memberships. If your configuration provides refresh tokens, the access token can be automatically refreshed when it expires.\n\nSo far the component has not been tested in a wide variety of environments. So if you’re also using Keycloak and would benefit from less logging in and easy access to tokens, give this a go and share your experience. Feedback is always welcome.\n\nFrontend authentication like this can only be done with clients that have their access type set to ‘public’ as their is no way to securely provide the client secret from the browser.\n\n## Examples\n```python\nfrom dataclasses import asdict\nfrom streamlit_keycloak import login\nimport streamlit as st\n\n\ndef main():\n    st.subheader(f\"Welcome {keycloak.user_info['preferred_username']}!\")\n    st.write(f\"Here is your user information:\")\n    st.write(asdict(keycloak))\n\n\nst.title(\"Streamlit Keycloak example\")\nkeycloak = login(\n    url=\"http://localhost:8080\",\n    realm=\"myrealm\",\n    client_id=\"myclient\",\n)\n\nif keycloak.authenticated:\n    main()\n```\n![streamlit-keycloak showcase|639x663](https://github.com/bleumink/streamlit-keycloak/blob/master/example.gif?raw=true)\n\nBy default your access tokens will be refreshed when they expire. Refreshing the tokens will cause your app to be rerendered. If this is not desired, this behaviour can be disabled using the ```auto_refresh``` parameter.\n\n```python\nkeycloak = login(    \n    url=\"http://localhost:8080\",\n    realm=\"myrealm\",\n    client_id=\"myclient\",\n    auto_refresh=False\n)\n```\n\nDepending on your Keycloak configuration, you might want to specify additional parameters to the Keycloak. These can be provided using the ```init_options``` parameter and will be passed to the init function in the frontend. See the [keycloak-js documentation](https://www.keycloak.org/docs/latest/securing_apps/index.html#_javascript_adapter) for details.\n\n```python\nkeycloak = login(    \n    url=\"http://localhost:8080\",\n    realm=\"myrealm\",\n    client_id=\"myclient\",\n    init_options={\n        \"checkLoginIframe\": False\n    }\n)\n```\n\nAll text in the login dialog can be customized using the ```custom_labels``` parameter, by providing a dictionary with specific keys set.\n\n```python\nkeycloak = login(    \n    url=\"http://localhost:8080\",\n    realm=\"myrealm\",\n    client_id=\"myclient\",\n    custom_labels={\n        \"labelButton\": \"Sign in\",\n        \"labelLogin\": \"Please sign in to your account.\",\n        \"errorNoPopup\": \"Unable to open the authentication popup. Allow popups and refresh the page to proceed.\",\n        \"errorPopupClosed\": \"Authentication popup was closed manually.\",\n        \"errorFatal\": \"Unable to connect to Keycloak using the current configuration.\"   \n    }\n)\n```\n\n## Getting started with Keycloak\nSetting up your own Keycloak instance can be tricky. [This guide should get you started.](https://www.keycloak.org/getting-started/getting-started-docker)\n\n### TLDR\n- Create your Keycloak instance\n- Create a realm\n- Create a client\n    - Keep client authentication disabled\n    - Set a valid redirect uri, e.g. https://hostname:port/*\n    - Set valid web origins, e.g. https://hostname\n- Create a user\n    - Set a password for it\n\nA minimum configuration should look something like this: \n![keycloak configuration](https://github.com/bleumink/streamlit-keycloak/blob/master/keycloak.png?raw=true)\n\n## Credits\nMany thanks to the authors of the [streamlit-auth0](https://github.com/conradbez/streamlit-auth0) and [auth0-spa-js](https://github.com/auth0/auth0-spa-js) packages for inspiring a large part of the approach.\n\nAnd thanks to 93degree for the [Svelte component template](https://github.com/93degree/streamlit-component-svelte-template), which is awesome.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbleumink%2Fstreamlit-keycloak","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbleumink%2Fstreamlit-keycloak","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbleumink%2Fstreamlit-keycloak/lists"}