some improvements

.gitignore

@@ -0,0 +1,140 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+.venv*
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+.venv*
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+.vscode/
+.idea/
+
+.DS_Store
+
+# Ruff
+.ruff_cache
+
+# Spell checker config
+cspell.json

app.py

@@ -1,8 +1,14 @@
 import gradio as gr
 import gradio.blocks
+import gradio.networking
+import gradio.utils
 
 from auth import attach_oauth
 
+if gradio.utils.get_space() is not None:
+    URL, PORT = "https://wauplin-gradio-oauth-test.hf.space", 7860
+else:
+    URL, PORT = "http://localhost:5173", 5173
 
 TEMPLATE = """
 ### Name:     {name}
@@ -17,35 +23,40 @@ You can manage your connected applications in your [settings](https://huggingfac
 
 
 def show_profile(request: gr.Request) -> str:
-    if "user" not in request.request.session:
+    fastapi_request = request.request
+    if fastapi_request is None or "user" not in request.request.session:
         return "Please login first"
     return TEMPLATE.format(**request.request.session["user"])
 
 
-with gr.Blocks() as demo:
+def js_open(url: str) -> str:
     # Taken from https://cmgdo.com/external-link-in-gradio-button/
+    return f"function() {{window.open('{url}', '_blank');}}"
+
+
+with gr.Blocks() as demo:
     login_button = gr.Button("Login")
-    login_button.click(
-        None, None, None, _js="function() {window.open('https://wauplin-gradio-oauth-test.hf.space/login/huggingface');}"
-    )
+    login_button.click(None, None, None, _js=js_open(f"{URL}/login/huggingface"))
 
-    # Taken from https://cmgdo.com/external-link-in-gradio-button/
-    logout_button = gr.Button("Logout", variant="secondary")
-    logout_button.click(None, None, None, _js="function() {window.open('https://wauplin-gradio-oauth-test.hf.space/logout');}")
+    logout_button = gr.Button("Logout")
+    logout_button.click(None, None, None, _js=js_open(f"{URL}/logout"))
 
     profile_btn = gr.Button("Show profile")
     output = gr.Markdown()
     profile_btn.click(fn=show_profile, outputs=output)
 
-old_start_server = gradio.blocks.networking.start_server
+
+old_create_app = gradio.networking.App.create_app
 
 
-def patched_start_server(*args, **kwargs):
-    server_name, server_port, local_url, app, server = old_start_server(*args, **kwargs)
+def patched_create_app(*args, **kwargs):
+    app = old_create_app(*args, **kwargs)
     attach_oauth(app)
-    return server_name, server_port, local_url, app, server
+    return app
+
 
+gradio.networking.App.create_app = patched_create_app
 
-gradio.blocks.networking.start_server = patched_start_server
+print(URL)
 
-demo.launch()
+demo.launch(server_port=PORT)

auth.py

@@ -1,16 +1,15 @@
 import os
-import httpx
 
 from authlib.integrations.starlette_client import OAuth
 from fastapi import FastAPI
 from fastapi.requests import Request
-from fastapi.responses import RedirectResponse
+from fastapi.responses import HTMLResponse
 from starlette.middleware.sessions import SessionMiddleware
 
 OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")
 OAUTH_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")
 OAUTH_SCOPES = os.environ.get("OAUTH_SCOPES")
-OPENID_PROVIDER_URL =  os.environ.get("OPENID_PROVIDER_URL")
+OPENID_PROVIDER_URL = os.environ.get("OPENID_PROVIDER_URL")
 
 for value in (OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_SCOPES, OPENID_PROVIDER_URL):
     if value is None:
@@ -28,21 +27,27 @@ oauth.register(
     server_metadata_url=METADATA_URL,
 )
 
+# Hack to close the login/logout page once the user is logged in/out.
+# TODO: can it be less hacky?
+CLOSE_WINDOW_HTML = HTMLResponse("<script>window.close();</script>")
+
 
 async def oauth_login(request: Request):
-    redirect_uri = request.url_for("oauth_redirect_callback").replace('http://', 'https://')
+    redirect_uri = str(request.url_for("oauth_redirect_callback"))
+    if ".hf.space" in redirect_uri:  # In Space, FastAPI redirect as http but we want https
+        redirect_uri = redirect_uri.replace("http://", "https://")
     return await oauth.huggingface.authorize_redirect(request, redirect_uri)
 
 
-async def oauth_logout(request: Request):
+async def oauth_logout(request: Request) -> HTMLResponse:
     request.session.pop("user", None)
-    return "logged out"
+    return CLOSE_WINDOW_HTML
 
 
-async def oauth_redirect_callback(request: Request):
+async def oauth_redirect_callback(request: Request) -> HTMLResponse:
     token = await oauth.huggingface.authorize_access_token(request)
     request.session["user"] = token["userinfo"]  # TODO: we should store entire token
-    return RedirectResponse("/")
+    return CLOSE_WINDOW_HTML
 
 
 def attach_oauth(app: FastAPI) -> None:

pyproject.toml

@@ -0,0 +1,11 @@
+[tool.black]
+line-length = 119
+target_version = ['py38', 'py39', 'py310']
+preview = true
+
+[tool.ruff]
+select = ["E", "F", "I", "W"]
+line-length = 119
+
+[tool.ruff.isort]
+lines-after-imports = 2

requirements.txt

@@ -1,6 +1,2 @@
 authlib==1.2.1
-itsdangerous==2.1.2
-# hardcoded version to be able to set a middleware after an application has started
-# SessionMiddleware is needed to set the user in the session.
-# Pinned dependency won't be necessary anymore once we integrate more tightly inside gradio library
-fastapi==0.88.0
+itsdangerous==2.1.2

setup.cfg

@@ -0,0 +1,14 @@
+[isort]
+default_section = FIRSTPARTY
+ensure_newline_before_comments = True
+force_grid_wrap = 0
+include_trailing_comma = True
+line_length = 119
+lines_after_imports = 2
+multi_line_output = 3
+use_parentheses = True
+
+[flake8]
+exclude = .git,__pycache__,old,build,dist,.venv*
+ignore = B028, E203, E501, E741, W503
+max-line-length = 119