Important
This is an experimental feature. Experimental features and their APIs may change or be removed at any time. To learn more, click here.
A read-only, dict-like object for accessing information about the current user.
st.experimental_user is dependent on the host platform running your Streamlit app. If the host platform has not configured the function, it will behave as in a locally running app.
When authentication is configured in secrets.toml, Streamlit will parse the OpenID Connect (OIDC) identity token and copy the attributes to st.experimental_user. Check your provider's documentation for their available attributes (known as claims).
When authentication is not configured, st.experimental_user has no attributes.
You can access values via key or attribute notation. For example, use st.experimental_user["email"] or st.experimental_user.email to access the email attribute.
Important
Identity tokens include an issuance and expiration time. Streamlit does not implicitly check these. If you want to automatically expire a user's authentication, check these values manually and programmatically log out your user (st.logout()) when needed.
| Class description[source] | |
|---|---|
st.experimental_user() | |
| Methods | |
to_dict() | Get user info as a dictionary. |
| Attributes | |
is_logged_in (bool) | Whether a user is logged in. For a locally running app, this attribute is only available when authentication (st.login()) is configured in secrets.toml. Otherwise, it does not exist. |
Examples
Example 1: Google's identity token
If you configure a basic Google OIDC connection as shown in Example 1 of st.login(), the following data is available in st.experimental_user. Streamlit adds the is_logged_in attribute. Additional attributes may be available depending on the configuration of the user's Google account. For more information about Google's identity tokens, see Obtain user information from the ID token in Google's docs.
Your app code:
import streamlit as st
if st.experimental_user.is_logged_in:
st.write(st.experimental_user)
Displayed data when a user is logged in:
{
"is_logged_in":true
"iss":"https://accounts.google.com"
"azp":"{client_id}.apps.googleusercontent.com"
"aud":"{client_id}.apps.googleusercontent.com"
"sub":"{unique_user_id}"
"email":"{user}@gmail.com"
"email_verified":true
"at_hash":"{access_token_hash}"
"nonce":"{nonce_string}"
"name":"{full_name}"
"picture":"https://lh3.googleusercontent.com/a/{content_path}"
"given_name":"{given_name}"
"family_name":"{family_name}"
"iat":{issued_time}
"exp":{expiration_time}
}
Example 2: Microsoft's identity token
If you configure a basic Microsoft OIDC connection as shown in Example 2 of st.login(), the following data is available in st.experimental_user. For more information about Microsoft's identity tokens, see ID token claims reference in Microsoft's docs.
Your app code:
import streamlit as st
if st.experimental_user.is_logged_in:
st.write(st.experimental_user)
Displayed data when a user is logged in:
{
"is_logged_in":true
"ver":"2.0"
"iss":"https://login.microsoftonline.com/{tenant_id}/v2.0"
"sub":"{application_user_id}"
"aud":"{application_id}"
"exp":{expiration_time}
"iat":{issued_time}
"nbf":{start_time}
"name":"{full_name}"
"preferred_username":"{username}"
"oid":"{user_GUID}"
"email":"{email}"
"tid":"{tenant_id}"
"nonce":"{nonce_string}"
"aio":"{opaque_string}"
}
Community Cloud
On Community Cloud, if your app is not configured for authentication, st.experimental_user will have a single attribute: email. If a user is logged in and a member of your app's workspace, this will return the user's email. For all other cases, it returns None.
On Community Cloud, if your app is configured for authentication ([auth] exists in your app's secrets), st.experimental_user will behave the same as a locally running app. Remember to update your identity provider's configuration and your app's secrets to allow your new domain. A list of IP addresses used by Community Cloud is available if needed. An authentication-configured app counts as your one, allowed private app.
Get user info as a dictionary.
This method primarily exists for internal use and is not needed for most cases. st.experimental_user returns an object that inherits from dict by default.
| Function signature[source] | |
|---|---|
st.experimental_user.to_dict() | |
| Returns | |
(Dict[str,str]) | A dictionary of the current user's information. |
Still have questions?
Our forums are full of helpful information and Streamlit experts.