Custom authentication method

[Ota-Sandr-MamaAI]

I would like to have to have an option to be able to write my own way how to check the password. Something like custom replacement for Authenticate._check_pw method. My use case is that I have an external server where the credentials need to be checked. I understand that I won't be able to use streamlit authenticator methods for registering users or recovering passwords in my use case but it does not matter for me.

Right now, I am using the following workaround:

from collections import UserDict
from functools import partial
from typing import Any
import streamlit_authenticator as stauth

class UserDescription(UserDict):
    def __init__(self, user_name: str) -> None:
        super().__init__()
        self.data["name"] = user_name

class UserNames(UserDict):
    def __getitem__(self, key: Any) -> Any:
        if key not in self.data:
            self.data[key] = UserDescription(key)
        return super().__getitem__(key)
    def __contains__(self, _key: Any) -> bool:
        return True 

authenticator = stauth.Authenticate(
    {"usernames": {}},
    "sessionid",
    "123456789",
    1
)
authenticator.credentials = {"usernames": UserNames()} # neccessary because Authenticate.__init__ replaces "usernames"

def _my_check_pw(self) -> bool:
    # my code that contacts authentication server
    # username is in self.username and password is in self.password
    # ...
	
authenticator._check_pw = partial(_my_check_pw, authenticator)
	
name, authentication_status, username = authenticator.login('Login', 'main')

Although this solution works, I do not like it because I need to manually replace private method _check_pw and create two custom dict classes to bypass checking of username. Plus, this solution has disadvantage that the username that is available in _my_check_pw method is already lowercased (and I would like to send to server it with original casing).

It would be nice if streamlit authenticator has some more native way how to achieve this.

[voidel]

Thank you for this @Ota-Sandr-MamaAI . Managed to get LDAP auth working for streamlit autheticator via this code by doing an LDAP bind in the _my_check_pw function.

[alicecommits]

Hi @voidel , could you please provide an explicit code snippet illustrating what you meant by "LDAP bind in the _my_check_pw function"? As tagged by Ota, I'm working on a similar issue - I'm trying to use this authenticator to send the user's credentials over to the server of a 3rd party service, response of which would enable the user to access the app, and start a session where they could work with the 3rd party service functionalities via my Streamlit app. Thanks,

[vince-weka]

I'm interested in this one... we have another app written in gradio, and it has a login method - it takes an optional function that returns True/False when passed the user/password. Giving it pam.authenticate() allows for using PAM, however it's configured (OS users by default).
It would be nice if we could pass in an optional function, that defaults to the current authenticator._check_pw() !!