Spaces:

templates
/

gradio-oauth

Running

App Files Files Community

gradio-oauth / auth.py

Wauplin HF Staff

push refactored app

4de0319 almost 2 years ago

raw

history blame

2.09 kB

	import os
	import httpx

	from authlib.integrations.starlette_client import OAuth
	from fastapi import FastAPI
	from fastapi.requests import Request
	from fastapi.responses import RedirectResponse
	from starlette.middleware.sessions import SessionMiddleware

	OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")
	OAUTH_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")
	OAUTH_SCOPES = os.environ.get("OAUTH_SCOPES")
	OAUTH_SCOPES = "profile" # TODO: remove when openid is fixed (honor nonce)
	OPENID_PROVIDER_URL = os.environ.get("OPENID_PROVIDER_URL")

	for value in (OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_SCOPES, OPENID_PROVIDER_URL):
	if value is None:
	raise ValueError("Missing environment variable")

	USER_INFO_URL = OPENID_PROVIDER_URL + "/oauth/userinfo"
	METADATA_URL = OPENID_PROVIDER_URL + "/.well-known/openid-configuration"

	oauth = OAuth()
	oauth.register(
	name="huggingface",
	client_id=OAUTH_CLIENT_ID,
	client_secret=OAUTH_CLIENT_SECRET,
	client_kwargs={"scope": OAUTH_SCOPES},
	server_metadata_url=METADATA_URL,
	)


	async def oauth_login(request: Request):
	redirect_uri = request.url_for("oauth_redirect_callback")
	return await oauth.huggingface.authorize_redirect(request, redirect_uri)


	async def oauth_logout(request: Request):
	request.session.pop("user", None)
	return RedirectResponse("/")


	async def oauth_redirect_callback(request: Request):
	token = await oauth.huggingface.authorize_access_token(request)

	async with httpx.AsyncClient() as client:
	resp = await client.get(USER_INFO_URL, headers={"Authorization": f"Bearer {token['access_token']}"})
	user_info = resp.json()

	request.session["user"] = user_info # TODO: we should store token instead
	return RedirectResponse(request.url_for("landing"))


	def attach_oauth(app: FastAPI) -> None:
	app.add_middleware(SessionMiddleware, secret_key="session-secret-key") # TODO: make this is secret key
	app.get("/login/huggingface")(oauth_login)
	app.get("/login/callback")(oauth_redirect_callback)
	app.get("/logout")(oauth_logout)