Send verification email after registration

[chuong98]

Hi, thanks for the package.
It will be more practical if after registering, we send an auto generated password (or a verification link) to the email that user registered.

The user needs to login with the received password for the first time (or click on verification link).

It is almost a standard process to avoid creating user with fake email.

Thank you.

[mkhorasani]

Hi @chuong98, currently you can specify a list of pre-authorized emails or domains that are allowed to register, anything else will not be allowed to register. Please check the pre_authorized feature for this widget. However, in the future, I do plan on implementing such a feature.

[nchanko]

Hi @mkhorasani . I've been searching for authentication method in streamliit for months, and I found yours.
It's a wonderful library. Kudos to you.
I also found some bugs in registration, saw it's been reported.
If unauthorized person knows preauthorized email address, they can login before the actual owner does?

[chuong98]

Hi @mkhorasani . I've been searching for authentication method in streamliit for months, and I found yours.
It's a wonderful library. Kudos to you.
I also found some bugs in registration, saw it's been reported.
If unauthorized person knows preauthorized email address, they can login before the actual owner does?

Yes, theoretically he can create an account with his password before the true owner does.
In my case, I don't want limit the user registration, but they must use their real email.

[mkhorasani]

Hi @mkhorasani . I've been searching for authentication method in streamliit for months, and I found yours. It's a wonderful library. Kudos to you. I also found some bugs in registration, saw it's been reported. If unauthorized person knows preauthorized email address, they can login before the actual owner does?

This is not a bug per se and is intentional by design. There's no reason why a user should have access to the list of pre-authorized emails, in the same way that the user should not have access to any other private information in the config file.

[mkhorasani]

Hi @mkhorasani . I've been searching for authentication method in streamliit for months, and I found yours.
It's a wonderful library. Kudos to you.
I also found some bugs in registration, saw it's been reported.
If unauthorized person knows preauthorized email address, they can login before the actual owner does?

Yes, theoretically he can create an account with his password before the true owner does. In my case, I don't want limit the user registration, but they must use their real email.

Yes, if you want to limit user registration by domain name, you can use the domains parameter in the register_user widget.

[davidpomerenke]

My use case would be to grant users from a given list of domains access, by allowing only them to register.
For this use case it would be necessary to verify that the users actually own that email, by sending a verification email.
Sending emails is probably beyond the scope of this library, but it would be cool to have a logic that allows the developer to specify an email verification logic themselves via a callback or so, and point them towards resources for implementing that themselves.