OAuth

app.py

@@ -19,27 +19,37 @@ def get_user_access_level(request: gr.Request):
     """
     Checks the request object to determine if a user is logged in via HF OAuth
     and their access level based on the AUTHORIZED_USER_IDS list.
+    Includes a check to prevent AssertionError if request.auth is not available.
     """
-    user_info = request.auth # This contains user info if hf_oauth is enabled and user is logged in
+    user_info = None
+    # Defensive check: Only try to access request.auth if the 'auth' attribute exists
+    # and is not None. This prevents the AssertionError if the middleware hasn't run
+    # or request.auth isn't populated in this context.
+    if hasattr(request, 'auth') and request.auth is not None:
+         user_info = request.auth
+         # print(f"Accessed request.auth: {user_info}") # Debugging line
+    else:
+        # print("request.auth not available or is None.") # Debugging line
+        pass # Keep print statements minimal in final deployed code
 
     if user_info is None:
-        # User is not logged in
-        print("User not logged in.")
+        # User is not logged in or auth info is not available in the request context
+        print("User not logged in or auth info not retrieved via request.auth.")
         return {
-            "status_message": "Please sign in to see your access level and potentially unlock full features.",
-            "user_identity": "Not Logged In",
+            "status_message": "Please sign in with Hugging Face to check your access.",
+            "user_identity": "Not Logged In or Auth Info Unavailable",
             "show_login_prompt": gr.update(visible=True),
             "show_limited_content": gr.update(visible=True),
             "show_full_content": gr.update(visible=False)
         }
     else:
-        # User is logged in, get their HF user ID and username
+        # User info is available (presumably logged in via HF OAuth)
         user_id = user_info.get('sub') # 'sub' is the standard claim for user ID
         username = user_info.get('preferred_username', user_id) # Use username or ID as fallback
 
         print(f"Logged in user: Username={username}, ID={user_id}") # Log for debugging
 
-        # Check if user_id is in the authorized set and is not just an empty string from split("")
+        # Check if user_id is in the authorized set and is not just an empty string from split(",")
         if user_id in AUTHORIZED_USER_IDS and user_id != "":
             # User is authorized for full access
             print(f"User {user_id} is authorized for full access.")
@@ -67,23 +77,23 @@ with gr.Blocks() as demo:
     gr.Markdown("# Hugging Face Spaces Tiered Access Example")
 
     # Components to display status and user identity
-    status_message = gr.Markdown("Checking access status...")
+    status_message = gr.Markdown("Click 'Check My Access Level' after signing in.")
     user_identity_text = gr.Textbox(label="Logged In User Info", interactive=False)
 
-    # Placeholder for the Login Prompt (hidden if user is logged in)
-    with gr.Column(visible=False) as login_prompt_column:
+    # Placeholder for the Login Prompt (visible by default)
+    with gr.Column(visible=True) as login_prompt_column:
         gr.Markdown("### Please Sign in with Hugging Face")
         gr.Markdown("*(A 'Sign in with Hugging Face' button will appear automatically above this section when deployed on HF Spaces with OAuth enabled)*")
         # The actual login button is added by Hugging Face Spaces when hf_oauth: true is set in README.md
 
-    # Content for users with Limited Access (visible by default or for non-authorized users)
+    # Content for users with Limited Access (visible by default)
     with gr.Column(visible=True) as limited_content_column:
         gr.Markdown("## Limited Access Content")
         gr.Textbox(value="This is content visible to everyone or users with limited access.", interactive=False)
-        gr.Markdown("*(Sign in and/or get authorized for more features!)*")
+        gr.Markdown("*(Sign in with Hugging Face and click 'Check My Access Level' to see your status and potentially unlock full features!)*")
         # Add other limited features here
 
-    # Content for users with Full Access (only visible to authorized users)
+    # Content for users with Full Access (hidden by default)
     with gr.Column(visible=False) as full_content_column:
         gr.Markdown("## Full Access Content")
         gr.Textbox(value="🥳 Congratulations! You have unlocked the full version! 🥳", interactive=False)
@@ -91,9 +101,7 @@ with gr.Blocks() as demo:
         # Add other full features here
 
     # This button triggers the check_access_level function.
-    # In a real application, you might want this check to happen
-    # automatically on page load or after the OAuth redirect.
-    # For demonstration purposes, a button makes the flow clear.
+    # The user should click this *after* potentially signing in via the HF button.
     check_button = gr.Button("Check My Access Level")
 
     # Link the button click to the access check function
@@ -110,22 +118,12 @@ with gr.Blocks() as demo:
         ]
     )
 
-    # Initial check when the page loads. This helps set the initial state
-    # based on whether the user is already logged in from a previous session/redirect.
-    demo.load(
-        fn=get_user_access_level,
-        inputs=None,
-        outputs=[
-            status_message,
-            user_identity_text,
-            login_prompt_column,
-            limited_content_column,
-            full_content_column
-        ]
-    )
+    # Removed the demo.load() call again, as it seems problematic with request.auth
+    # The initial state is controlled by component 'visible' attributes.
 
 # --- Launch the App ---
-# For local testing, hf_oauth won't work, request.auth will be None.
-# The app will show the login prompt and limited content.
+# For local testing, hf_oauth won't work, request.auth will not be available,
+# but the app should now run without the AssertionError on button click due to the check.
+# It will show the login prompt and limited content.
 # For deployment on HF Spaces, configure README.md and Secrets.
 demo.launch()