Spaces:
Sleeping
Sleeping
Christian Kniep commited on
Commit ·
b211df8
1
Parent(s): ec7b0a6
fix: Add jwks_uri to HuggingFace OAuth config
Browse filesSUCCESS: Session cookie now persisting! Cookie has Secure + SameSite=None.
Browser sends cookie on callback, session data survives redirect.
NEW ISSUE: OAuth fails with Missing jwks_uri in metadata
FIX: Add jwks_uri parameter to OAuth registration
src/services/auth_service.py
CHANGED
|
@@ -34,6 +34,10 @@ class AuthService:
|
|
| 34 |
"HF_USERINFO_URL",
|
| 35 |
"https://huggingface.co/oauth/userinfo"
|
| 36 |
)
|
|
|
|
|
|
|
|
|
|
|
|
|
| 37 |
|
| 38 |
# Register OAuth provider (HuggingFace or mock)
|
| 39 |
# HF Spaces provides OAUTH_CLIENT_ID/SECRET when hf_oauth: true
|
|
@@ -48,6 +52,7 @@ class AuthService:
|
|
| 48 |
authorize_url=authorization_url,
|
| 49 |
access_token_url=token_url,
|
| 50 |
userinfo_endpoint=userinfo_url,
|
|
|
|
| 51 |
client_kwargs={"scope": "openid profile email"},
|
| 52 |
# Set update_token to None to avoid unnecessary token updates
|
| 53 |
update_token=None,
|
|
|
|
| 34 |
"HF_USERINFO_URL",
|
| 35 |
"https://huggingface.co/oauth/userinfo"
|
| 36 |
)
|
| 37 |
+
jwks_uri = os.getenv(
|
| 38 |
+
"HF_JWKS_URI",
|
| 39 |
+
"https://huggingface.co/oauth/jwks"
|
| 40 |
+
)
|
| 41 |
|
| 42 |
# Register OAuth provider (HuggingFace or mock)
|
| 43 |
# HF Spaces provides OAUTH_CLIENT_ID/SECRET when hf_oauth: true
|
|
|
|
| 52 |
authorize_url=authorization_url,
|
| 53 |
access_token_url=token_url,
|
| 54 |
userinfo_endpoint=userinfo_url,
|
| 55 |
+
jwks_uri=jwks_uri,
|
| 56 |
client_kwargs={"scope": "openid profile email"},
|
| 57 |
# Set update_token to None to avoid unnecessary token updates
|
| 58 |
update_token=None,
|