A (Somewhat) Simple Guide to Using Google and Auth0 for Easy Authentication
A Lazy Girl's Guide
I'm a data analyst with development and graphic design experience. I know how to build a website from scratch, but I sometimes work with entrepreneurs and small businesses with their Wix or Squarespace sites, so basically I help them to establish their online presence. When I'm not doing that, I'm studying and blogging about data engineering, data science or web development.
I need to secure my Streamlit micro SaaS, because a girl needs to track users and build that newsletter list.
Any self-respecting developer needs to have authentication and if you are building a software as a service product, you need to provide different ways for your users to login.
I was able to find a tutorial on YouTube regarding using Google and it was helpful, but another part of the tutorial actually used Auth0.
I love watching YouTube tutorials like every other developer out there, but I actually prefer to have it written down so this is my take on the tutorial. The video on which this article is based was very well recorded and very helpful so I’ve linked it here, so that you can give this content creator some well-deserved views.
So the reason why I need to figure out how to implement the authentication for my software that I built on Streamlit is, because I need to track users and I also want to lock down the code as well.
There are a lot of free applications on Streamlit, but I really want to be able to make this as realistic as possible, so I can actually call it a micro SaaS.
So let's dive in.
Authentication Setup for Google
- Setup a new project in Google Cloud
- Or if you already have a project, create a new one:
- Search for ‘Client’ and select Clients:
- You have to configure your application’s identity so you’ll be made to do:
- Then can you NOW create the OAuth client:
- I am creating a web application:
- Then, give it a name:
- Make sure to copy the secret, because you will not be able to see it again if you close the dialog!
Here it is:
- Then setup your
.streamlit/secrets.tomlfile:
[auth]
redirect_uri=""
cookie_secret=""
[auth.google]
client_id="add the google id here"
client_secret="add the google secret here"
server_metadata_url=""
Connecting it all
- Setup the redirect URIs, set it to
http://localhost:8501/oauth2callback:
- And then paste it to your
secrets.tomlfile:
[auth]
redirect_uri="http://localhost:8501/oauth2callback"
cookie_secret=""
[auth.google]
client_id="add the google id here"
client_secret="add the google secret here"
server_metadata_url="https://accounts.google.com/.well-known/openid-configuration"
- Then have Claude Code generate a random secret key for the
COOKIE_SECRETS:
- If you are going to host this on Streamlit Cloud or your own server (other provider like Render) you have to provide the FULL URL. (I'll update this once I get it on to Render). But basically you will need to enter the URI redirect link from your Render application.
Now need a metaserver url
- Go to Google’s Discovery document and paste it in your
secrets.tomlfile:
[auth]
redirect_uri="http://localhost:8501/oauth2callback"
cookie_secret="claude-generated random secret here"
[auth.google]
client_id="add the google id here"
client_secret="add the google secret here"
server_metadata_url="https://accounts.google.com/.well-known/openid-configuration"
Add the code
- Make sure to add the library:
uv add authlib
uv add authlib
- Add the code to for the authentication:
import streamlit as st
st.subheader("**Authenication**")
if st.button("Login"):
st.login("google")
st.json(st.user)
This will keep your user signed in for 30 days.
- You can add test users and when you are ready to publish it, make sure to have a logo for it:
Authenication with auth0
- Sign up for Auth0 and then go to the Applications tab:
- And then create a new “Regular Web Applications”:
- Go to the Settings table and copy the Domain, client id and secret:
- Add this in your
secrets.tomlfile:
[auth.auth0]
domain=""
client_id=""
client_secret=""
server_metadata_url="https://{your domain name from above}.com/.well-known/openid-configuration"
client_kwargs = { "prompt" = "login"}
- Then add the callback to the
Application URIssection underAllowed Callback URLs:
- Connect the Google Cloud to Auth0, by going to the Applications tab and selecting Authentication to create a new Connection:
- Select Google/Gmail:
- Go to Google Cloud and add the client id and the Client secret (or just copy from your secrets.toml file for these:
- Then go to Google Cloud to add your Auth0 domain under authorized Javascript origins and redirect URIs, which should be something like this:
https://{your_auth0_client_name}.us.auth0.com/login/callback
- Then under the Branding Section, add auth0 as an Authorized Domain:
- Make sure to look at your Applications and turn it on for your app:
And now, Auth0 and Google can tango!
- Then edit the code in your app to use auth0 instead of Google:
if not st.user.is_logged_in:
if st.sidebar.button("Log In"):
st.login("auth0") # st.login("google")
else:
if st.sidebar.button("Log Out"):
st.logout()
# Initialize email if it doesn't exist in session state
if "email" not in st.session_state:
st.session_state["email"] = st.user.email
st.json(st.user)
- Run your Streamlit app and sign up.
- Now, you should be able to see your users appear under User Management:
If you use Google, this is what the sign will look like:
Hopefully, you found this helpful! If so, please like and subscribe. 🙏
References
📺 Secure Streamlit apps in minutes with Google & Email - the YouTube tutorial that inspired this post!
📚3.1.2.1. Authentication Request - documentation on all things authentication
🪵 Auth0 - the hotness of all login boxes
🪪 Google Identity - more documentation
