Spaces:

ml-intern-explorers
/

hutter-prize-dashboard

Running

App Files Files Community

lvwerra HF Staff commited on about 23 hours ago

Commit

ede3a90

verified ·

1 Parent(s): f6a5b9f

Upload app.py with huggingface_hub

Browse files

Files changed (1) hide show

app.py +26 -23

app.py CHANGED Viewed

@@ -187,30 +187,33 @@ async def oauth_callback(request: Request):
     if not (OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET):
         return RedirectResponse("/?login_error=server_unconfigured")
-    client: httpx.AsyncClient = app.state.client
     try:
-        token_resp = await client.post(
-            f"{HUB}/oauth/token",
-            data={
-                "grant_type": "authorization_code",
-                "code": code,
-                "redirect_uri": _redirect_uri(request),
-                "client_id": OAUTH_CLIENT_ID,
-                "client_secret": OAUTH_CLIENT_SECRET,
-            },
-            headers={"Accept": "application/json"},
-        )
-        if not token_resp.is_success:
-            log.warning("OAuth token exchange failed: %s %s", token_resp.status_code, token_resp.text[:200])
-            return RedirectResponse("/?login_error=token_exchange")
-        access_token = token_resp.json().get("access_token")
-        if not access_token:
-            return RedirectResponse("/?login_error=no_token")
-        me_resp = await client.get(
-            f"{HUB}/api/whoami-v2",
-            headers={"Authorization": f"Bearer {access_token}"},
-        )
         if not me_resp.is_success:
             return RedirectResponse("/?login_error=whoami")
         me = me_resp.json()

     if not (OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET):
         return RedirectResponse("/?login_error=server_unconfigured")
+    # Use a fresh client so we don't inherit `Authorization: Bearer HF_TOKEN`
+    # from app.state.client — HF's /oauth/token expects client_id+client_secret,
+    # not a Space-token Bearer header, and rejects the request otherwise.
     try:
+        async with httpx.AsyncClient(timeout=httpx.Timeout(HUB_FETCH_TIMEOUT), follow_redirects=True) as oauth_client:
+            token_resp = await oauth_client.post(
+                f"{HUB}/oauth/token",
+                data={
+                    "grant_type": "authorization_code",
+                    "code": code,
+                    "redirect_uri": _redirect_uri(request),
+                    "client_id": OAUTH_CLIENT_ID,
+                    "client_secret": OAUTH_CLIENT_SECRET,
+                },
+                headers={"Accept": "application/json"},
+            )
+            if not token_resp.is_success:
+                log.warning("OAuth token exchange failed: %s %s", token_resp.status_code, token_resp.text[:200])
+                return RedirectResponse("/?login_error=token_exchange")
+            access_token = token_resp.json().get("access_token")
+            if not access_token:
+                return RedirectResponse("/?login_error=no_token")
+            me_resp = await oauth_client.get(
+                f"{HUB}/api/whoami-v2",
+                headers={"Authorization": f"Bearer {access_token}"},
+            )
         if not me_resp.is_success:
             return RedirectResponse("/?login_error=whoami")
         me = me_resp.json()