Over the past few weeks, the AI World activity has been a key announcement of simplification that now supports OpenID Connect (OIDC) login authentication has almost passed me.
For data scientists, machine learning engineers, and other involved data involved in creating dashboards, machine learning proof of concept (POC), and other applications, user authorization and verification may be critical considerations. Maintaining potentially sensitive data is critical, so you want to make sure that only authorized users can access your app.
In this article, we will discuss this new feature that has been simplified and develop a simple application to show it. Our application may be simple, but it demonstrates all the key things you need to know when creating more complex software.
What is simplification?
If you’ve never heard of simplification, it’s an open source Python library designed to quickly build and deploy interactive web applications with minimal code. It is widely used in data visualization, machine learning model deployment, dashboards, and in-house tools. With a simplified way, developers can create web applications in Python in HTML, CSS, or JavaScript.
Its key features include widgets for user input, built-in cache for performance optimization, and easy integration with data science libraries like Pandas, matplotlib, and Tensorflow. Simplification is particularly popular among data scientists and AI/ML practitioners for sharing insights and models in web-based interfaces.
If you want to learn more about simplification, I’ve written an article about using it to create a data dashboard that you can use This link.
What is OIDC?
OpenID Connect (OIDC) is an authentication protocol based on OAuth 2.0. It allows users to securely log in to applications such as Google, Microsoft, Okta, and Auth0 using existing credentials from their existing identity provider.
It enables single login (SSO) and provides user identity information through an ID token, including email address and profile details. Unlike OAuth’s focus on authorization, OIDC is clearly designed for authentication, making it the standard for a secure, scalable and user-friendly login experience across web and mobile applications.
In this article, I’ll show you how to set up content and write code for a simplified application that prompts you with OIDC for Google email and password prompts. You can use these details to log in to the application and access the second screen containing the data dashboard example.
Prerequisites
Since this article focuses on using Google as an identity provider, if you haven’t already, you need a Google email address and Google Cloud account. After receiving the email, please use the following link to log in to Google Cloud.
If you are worried about the cost of signing up for Google Cloud, please don’t. They offer a free 90-day trial and $300 credits. You only pay for the fees you use and you can cancel your cloud account subscription at any time before or after the free trial expires. Anyway, what we are going to do here should not cost anything. However, I always recommend that you set up billing alerts for any cloud provider you sign up for – just in case.
Later, we will return to the steps you must take to set up a cloud account.
Build our development environment
I’m developing using WSL2 Ubuntu Linux on Windows, but the following should also be used on regular windows. Before starting a project like this, I always create a separate Python development environment where I can install any required software and try to encode it. Now, anything I do in this environment will be isolated and will not affect my other projects.
I use minconda for this, but you can use any method that works best for you. If you want to follow the Miniconda route and don’t have it yet, you must first install Miniconda.
Now you can set up your environment like this.
(base) $ conda create -n streamlit python=3.12 -y
(base) $ conda activate streamlit
# Install required Libraries
(streamlit) $ pip install streamlit streamlit-extras Authlib
(streamlit) $ pip install pandas matplotlib numpyWe will build it
This will be a simplified application. Initially, there will be a screen showing the following text,
An example simplifies the application, showing login authentication using OIDC and Google email
Please use the buttons on the sidebar to log in.
On the left sidebar, there will be two buttons. One person said Log in, Another said Dashboard.
If the user is not logged in, the dashboard button will be clear and cannot be used. When the user presses the login button, a screen will be displayed, requiring the user to log in through Google. After logging in, two things happened: –
- this Log in The button on the sidebar is changed to Log out.
- this Dashboard The button is available for use. Some virtual data and graphics will now be displayed.
If the logged in user click Log out button, the application resets itself to its initial state.
NB. I have deployed the working version of the application to a simplified community cloud. For a sneak preview, click the link below. If no one clicks it for a while, you might need to “wake up” the app first, but that only takes a few seconds.
Settings on Google Cloud
To enable email verification with your Google Gmail account, you have to do something on Google Cloud. They are very simple, so take a moment to follow each step carefully. I’m assuming you have set up or have a Google email and cloud account and you’ll create a new project for your work.
Go to Google Cloud Console and log in. You should see a screen similar to the one shown below.
You need to set up a project first. Click this Project Selector button. It immediately sits to the right of the Google Cloud logo, near the top left of the screen, and will be marked as the name of one of your existing projects or “Select a projectIf you don’t have an existing project. In the pop-up window Appear, click New Project The button is located at In the upper right corner. This will let you insert a project name. Next, click create button.
Once you have done this, your new project name will appear next to the Google Cloud logo at the top of the screen. Next, click on the burger menu at the top left of the page.
- Navigate to API & Services → Credentials
- Click Create credentials → OAuth Client ID
- choose Web Applications
- Add to As Authorization redirection URI
- Notice Customer ID and Customer Secret Because we need a while.
Local settings and Python code
Determine in which local folder your main Python thin application file will be used. In it, create a file, such as app.py, and insert the following python code into it.
import streamlit as st
import pandas as pd
import numpy as np
import matplotlib.pyplot as plt
# ——— Page setup & state ———
st.set_page_config(page_title="SecureApp", page_icon="🔑", layout="wide")
if "page" not in st.session_state:
st.session_state.page = "main"
# ——— Auth Helpers ———
def _user_obj():
return getattr(st, "user", None)
def user_is_logged_in() -> bool:
u = _user_obj()
return bool(getattr(u, "is_logged_in", False)) if u else False
def user_name() -> str:
u = _user_obj()
return getattr(u, "name", "Guest") if u else "Guest"
# ——— Main & Dashboard Pages ———
def main():
if not user_is_logged_in():
st.title("An example Streamlit app showing the use of OIDC and Google email for login authentication")
st.subheader("Use the sidebar button to log in.")
else:
st.title("Congratulations")
st.subheader("You’re logged in! Click Dashboard on the sidebar.")
def dashboard():
st.title("Dashboard")
st.subheader(f"Welcome, {user_name()}!")
df = pd.DataFrame({
"Month": ["Jan","Feb","Mar","Apr","May","Jun"],
"Sales": np.random.randint(100,500,6),
"Profit": np.random.randint(20,100,6)
})
st.dataframe(df)
fig, ax = plt.subplots()
ax.plot(df["Month"], df["Sales"], marker="o", label="Sales")
ax.set(xlabel="Month", ylabel="Sales", title="Monthly Sales Trend")
ax.legend()
st.pyplot(fig)
fig, ax = plt.subplots()
ax.bar(df["Month"], df["Profit"], label="Profit")
ax.set(xlabel="Month", ylabel="Profit", title="Monthly Profit")
ax.legend()
st.pyplot(fig)
# ——— Sidebar & Navigation ———
st.sidebar.header("Navigation")
if user_is_logged_in():
if st.sidebar.button("Logout"):
st.logout()
st.session_state.page = "main"
st.rerun()
else:
if st.sidebar.button("Login"):
st.login("google") # or "okta"
st.rerun()
if st.sidebar.button("Dashboard", disabled=not user_is_logged_in()):
st.session_state.page = "dashboard"
st.rerun()
# ——— Page Dispatch ———
if st.session_state.page == "main":
main()
else:
dashboard()
The script builds a two-page simplified application via Google (or OIDC) login and a simple dashboard:
- Page settings and status
- Configure the browser tab (title/icon/layout).
- use
st.session_state["page"]Remember whether you are on the Main screen or on the Dashboard.
- Instructor
_user_obj()Seize safelyst.userIf the object exists.user_is_logged_in()anduser_name(). Check if you are logged in and get a name (or defaults to “Guest”).
- Mainly with dashboard pages
- Main: If you are not logged in, please show the title/subtitle to prompt you to log in; if you are logged in, please show a congratulation message and direct you to the dashboard.
- Dashboard: Satisfy you with the name, generate a virtual data frame for monthly sales/profits, display and present sales charts for sales and bar charts that limit profits.
- Sidebar navigation
- Display the login or logout button according to your status (call
st.login("google")orst.logout()). - A Dashboard button is displayed, enabled only after logging in.
- Display the login or logout button according to your status (call
- Page Scheduling
- At the bottom, it checks
st.session_state.pageAnd runmain()ordashboard()therefore.
- At the bottom, it checks
Configure your secrets.toml For Google Oauth authentication
In the same folder with the lifetime of your app.py file, create a subfolder named .StreamLit. Now go to this new subfolder and create a file called Secrets.toml. this Customer ID and Customer Secret From Google Cloud, it should be added to the file and redirected to the URI and Cookie Secret. Your file should look like this,
#
# secrets.toml
#
[auth]
redirect_uri = ""
cookie_secret = "your-secure-random-string-anything-you-like"
[auth.google]
client_id = "************************************.apps.googleusercontent.com"
client_secret = "*************************************"
server_metadata_url = "OK, we should be able to run our application now. To do this, return to the folder in app.py live and type it into the command line.
(streamlit) $ streamlit run app.pyIf your code and settings are good, you should see the following screen.
Note that the dashboard button on the sidebar should be clear because you are not logged in. First click the Login button on the sidebar. You should see the screen below (I covered up my credentials for security reasons),
After selecting an account and logging in, the simplified app display will change to this.
You will also notice that you can now click on the dashboard button and when you click it you should see a screen like this.
Finally, log out and the application should return to its initial state.
Summary
In this article, I explained that it is now possible to simplify users with proper OIDC authorization. This allows you to ensure that anyone using your app is a legitimate user. Apart from Google, you can also use popular providers such as Microsoft, Oauth, Okta, etc.
I explained what simplification is and what it is for and briefly described the OpenID Connect (OIDC) authentication protocol.
In my coding example, I focused on using Google as an authenticator and showed you the prerequisites to set it up correctly for use on Google’s cloud platform.
I also provide an example simplified app that shows Google authorization in action. Although this is a simple application, it highlights all the technologies you need to grow in complexity.
