Implement proper Hugging Face OAuth authentication

- Add gr.LoginButton to the sidebar for OAuth login
- Use gr.OAuthToken type hints for automatic token injection
- Update create_agent() to accept oauth_token parameter
- Create interact_with_agent_oauth() wrapper as a generator
- Update all event handlers to use OAuth-aware methods
- Priority: OAuth token > HF_TOKEN env var > CLI login

This ensures users can properly authenticate via OAuth on HF Spaces
and the agent receives the correct authentication token for API calls.

Fixes: "You must provide an api_key to work with nscale API" error

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app.py

@@ -100,8 +100,13 @@ def get_tavily_search_mcp(api_key):
     }
 
 
-def create_agent(tavily_api_key=None):
-    """Create an agent with the specified Tavily API key (or use environment variable)."""
+def create_agent(tavily_api_key=None, oauth_token=None):
+    """Create an agent with the specified Tavily API key and OAuth token.
+
+    Args:
+        tavily_api_key: Optional Tavily API key for web search
+        oauth_token: OAuth token from Gradio (gr.OAuthToken | None)
+    """
     # Use provided API key or fall back to environment variable
     api_key = tavily_api_key or TAVILY_API_KEY
 
@@ -119,8 +124,14 @@ def create_agent(tavily_api_key=None):
     mcp_client = MCPClient(mcp_servers, structured_output=False)
 
     # Create model with user-specified parameters
-    # On HF Spaces with OAuth, HF_TOKEN is automatically set; locally use get_token() or .env
-    hf_token = os.getenv("HF_TOKEN") or get_token()
+    # Priority: OAuth token from Gradio > HF_TOKEN env var > get_token() from CLI login
+    if oauth_token is not None:
+        # On HF Spaces, use the OAuth token provided by Gradio
+        hf_token = oauth_token.token if hasattr(oauth_token, 'token') else oauth_token
+    else:
+        # Fallback to environment variable or CLI login
+        hf_token = os.getenv("HF_TOKEN") or get_token()
+
     model = InferenceClientModel(
         max_tokens=2096,
         temperature=0.5,

my_ui.py

@@ -22,20 +22,31 @@ class CustomGradioUI(GradioUI):
         self.allowed_file_types = allowed_file_types or [".pdf", ".docx", ".txt"]
         self.examples = examples or []
 
-    def update_api_key(self, api_key, current_key):
+    def update_api_key(self, api_key, current_key, oauth_token: gr.OAuthToken | None = None):
         """Update the agent with a new API key."""
         if api_key and api_key != current_key:
             # Recreate the agent with the new API key
-            self.agent = self.agent_factory(tavily_api_key=api_key)
+            self.agent = self.agent_factory(tavily_api_key=api_key, oauth_token=oauth_token)
             return api_key, gr.Markdown("✓ API key updated successfully", visible=True)
         elif not api_key and current_key:
             # Reset to default (env var)
-            self.agent = self.agent_factory()
+            self.agent = self.agent_factory(oauth_token=oauth_token)
             return "", gr.Markdown(
                 "API key cleared, using environment variable if set", visible=True
             )
         return current_key, gr.Markdown("", visible=False)
 
+    def interact_with_agent_oauth(self, stored_messages, chatbot, session_state, oauth_token: gr.OAuthToken | None = None):
+        """Wrapper for interact_with_agent that recreates agent with OAuth token."""
+        # Recreate agent with the OAuth token before interaction
+        if oauth_token is not None:
+            # Get current API key if any
+            current_api_key = session_state.get("tavily_api_key", None)
+            self.agent = self.agent_factory(tavily_api_key=current_api_key, oauth_token=oauth_token)
+
+        # Call the parent's interact_with_agent method and yield all results
+        yield from self.interact_with_agent(stored_messages, chatbot, session_state)
+
     def create_app(self):
         """Override create_app to use custom allowed_file_types."""
 
@@ -57,6 +68,8 @@ class CustomGradioUI(GradioUI):
                         else ""
                     )
                 )
+                # Add OAuth Login Button
+                gr.LoginButton()
 
                 with gr.Group():
                     gr.Markdown("**Your request**", container=True)
@@ -144,7 +157,9 @@ class CustomGradioUI(GradioUI):
                 [text_input, file_uploads_log],
                 [stored_messages, text_input, submit_btn],
             ).then(
-                self.interact_with_agent, [stored_messages, chatbot, session_state], [chatbot]
+                self.interact_with_agent_oauth,
+                [stored_messages, chatbot, session_state],
+                [chatbot]
             ).then(
                 lambda: (
                     gr.Textbox(
@@ -162,7 +177,9 @@ class CustomGradioUI(GradioUI):
                 [text_input, file_uploads_log],
                 [stored_messages, text_input, submit_btn],
             ).then(
-                self.interact_with_agent, [stored_messages, chatbot, session_state], [chatbot]
+                self.interact_with_agent_oauth,
+                [stored_messages, chatbot, session_state],
+                [chatbot]
             ).then(
                 lambda: (
                     gr.Textbox(