Hugging Face's logo

Spaces:
lunarflu
/
gradio-oauth2
Running

App Files Community
Wauplin HF Staff commited on
Commit
3014630
·
1 Parent(s): d0f9485

test

Browse files
Files changed (2) hide show
  1. app.py +1 -2
  2. auth.py +14 -7
app.py CHANGED
@@ -36,8 +36,7 @@ def show_profile(request: gr.Request) -> str:
36
 
37
  def js_open(url: str) -> str:
38
  # Taken from https://cmgdo.com/external-link-in-gradio-button/
39
- return f"function() {{window.location.assign('{url}');}}"
40
- # return f"function() {{window.open('{url}', '_blank');}}"
41
 
42
 
43
  with gr.Blocks() as demo:
 
36
 
37
  def js_open(url: str) -> str:
38
  # Taken from https://cmgdo.com/external-link-in-gradio-button/
39
+ return f"function() {{window.open('{url}', '_blank');}}"
 
40
 
41
 
42
  with gr.Blocks() as demo:
auth.py CHANGED
@@ -6,6 +6,7 @@ from fastapi import FastAPI
6
  from fastapi.requests import Request
7
  from fastapi.responses import RedirectResponse, HTMLResponse
8
  from starlette.middleware.sessions import SessionMiddleware
 
9
 
10
 
11
  OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")
@@ -33,6 +34,7 @@ oauth.register(
33
  # Hack to close the login/logout page once the user is logged in/out.
34
  # TODO: can it be less hacky?
35
  CLOSE_WINDOW_HTML = HTMLResponse("<script>window.close();</script>")
 
36
 
37
 
38
  async def oauth_login(request: Request):
@@ -44,16 +46,21 @@ async def oauth_login(request: Request):
44
 
45
  async def oauth_logout(request: Request) -> RedirectResponse:
46
  request.session.pop("user", None)
47
- return RedirectResponse("/")
48
- # return CLOSE_WINDOW_HTML
49
 
50
 
51
  async def oauth_redirect_callback(request: Request) -> RedirectResponse:
52
- token = await oauth.huggingface.authorize_access_token(request)
53
- request.session["user"] = token["userinfo"] # TODO: we should store entire token
54
- print(f"New user: {token['userinfo']['name']}")
55
- return RedirectResponse("/")
56
- # return CLOSE_WINDOW_HTML
 
 
 
 
 
57
 
58
 
59
  def attach_oauth(app: FastAPI) -> None:
 
6
  from fastapi.requests import Request
7
  from fastapi.responses import RedirectResponse, HTMLResponse
8
  from starlette.middleware.sessions import SessionMiddleware
9
+ from authlib.integrations.base_client import MismatchingStateError
10
 
11
 
12
  OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")
 
34
  # Hack to close the login/logout page once the user is logged in/out.
35
  # TODO: can it be less hacky?
36
  CLOSE_WINDOW_HTML = HTMLResponse("<script>window.close();</script>")
37
+ OPEN_WINDOW_HTML = HTMLResponse("<script>window.open('{url}', '_blank');</script>")
38
 
39
 
40
  async def oauth_login(request: Request):
 
46
 
47
  async def oauth_logout(request: Request) -> RedirectResponse:
48
  request.session.pop("user", None)
49
+ return CLOSE_WINDOW_HTML
50
+ return CLOSE_WINDOW_HTML if close_tab else RedirectResponse("/")
51
 
52
 
53
  async def oauth_redirect_callback(request: Request) -> RedirectResponse:
54
+ try:
55
+ token = await oauth.huggingface.authorize_access_token(request)
56
+ request.session["user"] = token["userinfo"] # TODO: we should store the entire token
57
+ close_tab = True
58
+ except MismatchingStateError:
59
+ # Third-party cookies are most likely forbidden meaning the session will not be set inside the Space iframe.
60
+ # To counterpart this, we redirect the user to use the Space url outside of the iframe.
61
+ close_tab = False
62
+
63
+ return CLOSE_WINDOW_HTML if close_tab else OPEN_WINDOW_HTML.format(url=request.url_for("oauth_login"))
64
 
65
 
66
  def attach_oauth(app: FastAPI) -> None: