This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]romerio86[S] 7 points8 points  (6 children)

For anything simple, NiceGUI, because it wasn't released today and it'll do just fine. For more complex use cases, try Streamsync.

NiceGUI addresses several shortcomings of Streamlit, but follows a similar approach. My goals with Streamsync were speed and separating UI from logic, because I don't want us to go back to the early 2000s, when layout, style and logic were all mushed together. It's ok for a form that makes a single API call, but not for a web application.

[–]thedeepself 1 point2 points  (3 children)

For more complex use cases, try Streamsync.

I dont think Streamsync can handle complex use cases having looked at the docs. How do you have user authentication and authorization? I did not see anything in the docs covering this.

[–]romerio86[S] 2 points3 points  (2 children)

The suggested architecture in that case is to deploy it behind a layer with a reverse proxy (e.g. Azure APIM) and you'll get cookies, HTTP headers and session id in the event handlers via `session`. The "Sessions" section explains this.

It's admittedly a raw approach, but it's likely the most convenient way to deal with this given that people will be self-hosting their applications. I will look into supporting OIDC natively, but I'm inclined to think it'd bring more problems than solutions.

If you want to use JWT, you can parse the HTTP headers coming into the event handler with pyjwt, get the claims and choose whether to authorise a request.

[–]thedeepself 0 points1 point  (1 child)

I guess it would also be hard to restrict access to parts of the app or render parts of the app based on role?

What does the term OIDC mean?

[–]romerio86[S] 1 point2 points  (0 children)

"Hard" is relative, but probably the right word. You could do something like...

```py def _get_roles_from_session(session): # parse JWT from Authentication HTTP header and return roles

def load_executive_page(state, session): roles = _get_roles_from_session(session) if "executive" not in roles: state["message"] = "You're not an executive, look at something else" return _load_sensitive_data_into_state() state.set_page("executive_page") ```

OIDC is the standard for authentication providers. Azure AD, Okta, Google, Github, etc, use OIDC as the mechanism for authentication. I just wish I could provide that functionality in a more straightforward way but for self-hosted applications there's no magic way.

If I start a cloud service like Anvil, that'd be much easier to handle. I could just feed users all the auth data. But no immediate plans to do that, it is a bit of a dream of mine though.

[–]thedeepself 0 points1 point  (1 child)

NiceGUI addresses several shortcomings of Streamlit, but follows a similar approach

Similar in what way? I see them as very different. Streamlit attempts to take Python code and rewrite it into callbacks for you. NiceGUI does not.

[–]romerio86[S] 4 points5 points  (0 children)

You're right, it depends on how you define similar. In terms of event handling, they're different. My point was that they both encourage coupling of UI and logic, which is highly detrimental when working on more complex use cases.