Spaces:
Running
Running
fix redirect + respect scope
Browse files
auth.py
CHANGED
|
@@ -10,7 +10,6 @@ from starlette.middleware.sessions import SessionMiddleware
|
|
| 10 |
OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")
|
| 11 |
OAUTH_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")
|
| 12 |
OAUTH_SCOPES = os.environ.get("OAUTH_SCOPES")
|
| 13 |
-
OAUTH_SCOPES = "profile" # TODO: remove when openid is fixed (honor nonce)
|
| 14 |
OPENID_PROVIDER_URL = os.environ.get("OPENID_PROVIDER_URL")
|
| 15 |
|
| 16 |
for value in (OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_SCOPES, OPENID_PROVIDER_URL):
|
|
@@ -42,13 +41,8 @@ async def oauth_logout(request: Request):
|
|
| 42 |
|
| 43 |
async def oauth_redirect_callback(request: Request):
|
| 44 |
token = await oauth.huggingface.authorize_access_token(request)
|
| 45 |
-
|
| 46 |
-
|
| 47 |
-
resp = await client.get(USER_INFO_URL, headers={"Authorization": f"Bearer {token['access_token']}"})
|
| 48 |
-
user_info = resp.json()
|
| 49 |
-
|
| 50 |
-
request.session["user"] = user_info # TODO: we should store token instead
|
| 51 |
-
return RedirectResponse(request.url_for("landing"))
|
| 52 |
|
| 53 |
|
| 54 |
def attach_oauth(app: FastAPI) -> None:
|
|
|
|
| 10 |
OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")
|
| 11 |
OAUTH_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")
|
| 12 |
OAUTH_SCOPES = os.environ.get("OAUTH_SCOPES")
|
|
|
|
| 13 |
OPENID_PROVIDER_URL = os.environ.get("OPENID_PROVIDER_URL")
|
| 14 |
|
| 15 |
for value in (OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, OAUTH_SCOPES, OPENID_PROVIDER_URL):
|
|
|
|
| 41 |
|
| 42 |
async def oauth_redirect_callback(request: Request):
|
| 43 |
token = await oauth.huggingface.authorize_access_token(request)
|
| 44 |
+
request.session["user"] = token["userinfo"] # TODO: we should store entire token
|
| 45 |
+
return RedirectResponse("/")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46 |
|
| 47 |
|
| 48 |
def attach_oauth(app: FastAPI) -> None:
|