streamlit-passwordless provides a user model for Streamlit applications based on the Bitwarden passwordless technology. It allows users to securely authenticate with a Streamlit application using the passkey FIDO2 and WebAuthn protocols.
The project is under development and not yet ready for production. The library can handle registering a new user by creating and registring a passkey with the user's device and letting the user sign in with the passkey. The user model is not fully implemented yet.
A demo of the project is available at: https://passwordless.streamlit.app
streamlit-passwordless is available on PyPI and conda-forge and can be installed with pip or conda.
Install with pip:
$ pip install streamlit-passwordlessInstall with conda:
$ conda install conda-forge::streamlit_passwordlessstreamlit-passwordless is distributed under the MIT-license.
Let's create an example Streamlit app using streamlit-passwordless. First create an account with Bitwarden Passwordless.dev and make your public and private key accessable to your application e.g. through a ".env" file, which we will use in this example. Create a new virtual environment and install streamlit-passwordless. python-dotenv is also installed here to handle loading the credentials for Bitwarden Passwordless.dev.
~ $ mkdir stp_demo && cd stp_demo
~/stp_demo $ echo ".env" > .gitignore
~/stp_demo $ python -m venv .venv
~/stp_demo $ source .venv/bin/activate
~/stp_demo (.venv) $ python -m pip install streamlit-passwordless python-dotenvOn Windows you should replace with source .venv/bin/activate with .venv/bin/Activate.ps1.
The contents of the file .env is shown below. Replace <PUBLIC_KEY> and <PRIVATE_KEY>
with your actual public and private key from Bitwarden Passwordless.dev. The private key is
called secret key in Bitwarden Passwordless.dev. Make sure the file .env is located in your
working directory stp_demo.
PUBLIC_KEY=<PUBLIC_KEY> PRIVATE_KEY=<PRIVATE_KEY>
Copy the code of the example app below into a file called app.py and place it in your working directory stp_demo.
# app.py
# Standard library
import os
from pathlib import Path
# Third party
import dotenv
import streamlit as st
import streamlit_passwordless as stp
DOTENV_FILE = Path.cwd() / '.env'
DB_URL = 'sqlite:///streamlit_passwordless.db'
@st.cache_data
def create_client(public_key: str, private_key: str) -> stp.BitwardenPasswordlessClient:
r"""Create the client to connect to Bitwarden Passwordless backend API."""
return stp.BitwardenPasswordlessClient(public_key=public_key, private_key=private_key)
def main() -> None:
r"""The main function to run the app."""
st.title('Streamlit Passwordless Demo')
st.markdown('## Register and Sign In')
if not st.session_state:
stp.init_session_state() # Initialize the session state needed by streamlit-passwordless.
dotenv.load_dotenv(DOTENV_FILE) # Load the public and private key into environment variables.
public_key, private_key = os.getenv('PUBLIC_KEY'), os.getenv('PRIVATE_KEY')
if public_key is None or private_key is None:
st.error('Public or private key not found in environment!', icon=stp.ICON_ERROR)
return
try:
client = create_client(public_key=public_key, private_key=private_key)
except stp.StreamlitPasswordlessError as e:
st.error(str(e), icon=stp.ICON_ERROR)
return
session_factory = stp.db.create_session_factory(url=DB_URL)
with session_factory() as session:
register_tab, signin_in_tab = st.tabs(['Register', 'Sign in'])
with register_tab:
stp.bitwarden_register_form(client=client, db_session=session)
with signin_in_tab:
stp.bitwarden_sign_in_form(client=client, db_session=session)
if __name__ == '__main__':
main()The app first initializes the session state variables needed by streamlit-passwordless.
Then it loads the public and private key from the .env file and creates the
BitwardenPasswordlessClient, which is used to communicate with Bitwarden Passwordless.dev.
The database session factory, needed to connect to the user database, is created from the cached
resource function create_session_factory. A SQLite database (streamlit_passwordless.db) located
in the current working directory is used in the example and if it does not exist it will be created.
Lastly the forms to register and sign in are rendered in separate tabs.
Run the example app with the following command:
~/stp_demo (.venv) $ python -m streamlit run app.py
You can now view your Streamlit app in your browser.
Local URL: http://localhost:8501Open the url in your favorite web browser and try it out!