Spaces:
Runtime error
Runtime error
Update app.py
Browse files
app.py
CHANGED
|
@@ -13,28 +13,75 @@ import chainlit as cl
|
|
| 13 |
from authlib.integrations.requests_client import OAuth2Session
|
| 14 |
import os
|
| 15 |
|
| 16 |
-
# Retrieving environment variables
|
| 17 |
-
OAUTH_CLIENT_ID = os.getenv("OAUTH_CLIENT_ID")
|
| 18 |
-
OAUTH_CLIENT_SECRET = os.getenv("OAUTH_CLIENT_SECRET")
|
| 19 |
-
OAUTH_SCOPES = os.getenv("OAUTH_SCOPES").split(',') # Assuming OAUTH_SCOPES is a comma-separated list
|
| 20 |
-
OPENID_PROVIDER_URL = os.getenv("OPENID_PROVIDER_URL")
|
| 21 |
-
SPACE_HOST = os.getenv("SPACE_HOST")
|
| 22 |
-
|
| 23 |
-
# Constructing the redirect URL using the SPACE_HOST variable
|
| 24 |
-
redirect_uri = f"https://{SPACE_HOST}/login/callback"
|
| 25 |
-
|
| 26 |
-
# Initializing the OAuth client/session with the retrieved environment variables
|
| 27 |
-
oauth_client = OAuth2Session(client_id=OAUTH_CLIENT_ID,
|
| 28 |
-
|
| 29 |
-
|
| 30 |
-
|
| 31 |
-
|
| 32 |
-
# Use the corrected method to generate the authorization URL
|
| 33 |
-
authorization_url, state = oauth_client.create_authorization_url(OPENID_PROVIDER_URL + '/authorize')
|
| 34 |
-
|
| 35 |
-
print(authorization_url, state)
|
| 36 |
-
# The rest of your OAuth flow would go here, including redirecting the user to the authorization_url,
|
| 37 |
-
# and then handling the redirect back to your application to exchange the code for a token.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 38 |
|
| 39 |
|
| 40 |
|
|
|
|
| 13 |
from authlib.integrations.requests_client import OAuth2Session
|
| 14 |
import os
|
| 15 |
|
| 16 |
+
# # Retrieving environment variables
|
| 17 |
+
# OAUTH_CLIENT_ID = os.getenv("OAUTH_CLIENT_ID")
|
| 18 |
+
# OAUTH_CLIENT_SECRET = os.getenv("OAUTH_CLIENT_SECRET")
|
| 19 |
+
# OAUTH_SCOPES = os.getenv("OAUTH_SCOPES").split(',') # Assuming OAUTH_SCOPES is a comma-separated list
|
| 20 |
+
# OPENID_PROVIDER_URL = os.getenv("OPENID_PROVIDER_URL")
|
| 21 |
+
# SPACE_HOST = os.getenv("SPACE_HOST")
|
| 22 |
+
|
| 23 |
+
# # Constructing the redirect URL using the SPACE_HOST variable
|
| 24 |
+
# redirect_uri = f"https://{SPACE_HOST}/login/callback"
|
| 25 |
+
|
| 26 |
+
# # Initializing the OAuth client/session with the retrieved environment variables
|
| 27 |
+
# oauth_client = OAuth2Session(client_id=OAUTH_CLIENT_ID,
|
| 28 |
+
# client_secret=OAUTH_CLIENT_SECRET, # Include client_secret if needed for the OAuth2Session setup
|
| 29 |
+
# scope=OAUTH_SCOPES,
|
| 30 |
+
# redirect_uri=redirect_uri)
|
| 31 |
+
|
| 32 |
+
# # Use the corrected method to generate the authorization URL
|
| 33 |
+
# authorization_url, state = oauth_client.create_authorization_url(OPENID_PROVIDER_URL + '/authorize')
|
| 34 |
+
|
| 35 |
+
# print(authorization_url, state)
|
| 36 |
+
# # The rest of your OAuth flow would go here, including redirecting the user to the authorization_url,
|
| 37 |
+
# # and then handling the redirect back to your application to exchange the code for a token.
|
| 38 |
+
|
| 39 |
+
|
| 40 |
+
from flask import Flask, request, redirect
|
| 41 |
+
import base64
|
| 42 |
+
import requests
|
| 43 |
+
|
| 44 |
+
app = Flask(__name__)
|
| 45 |
+
|
| 46 |
+
@app.route('/login/callback')
|
| 47 |
+
def login_callback():
|
| 48 |
+
# Retrieve the authorization code and state from the callback URL
|
| 49 |
+
code = request.args.get('code')
|
| 50 |
+
state = request.args.get('state')
|
| 51 |
+
|
| 52 |
+
# You should verify the state here (compare it to the one you stored before redirecting the user)
|
| 53 |
+
# For simplicity, this step is not shown
|
| 54 |
+
|
| 55 |
+
# Exchange the code for tokens
|
| 56 |
+
token_url = 'https://huggingface.co/oauth/token'
|
| 57 |
+
credentials = f"{OAUTH_CLIENT_ID}:{OAUTH_CLIENT_SECRET}"
|
| 58 |
+
basic_auth_header = base64.b64encode(credentials.encode('utf-8')).decode('utf-8')
|
| 59 |
+
|
| 60 |
+
headers = {
|
| 61 |
+
'Authorization': f'Basic {basic_auth_header}',
|
| 62 |
+
'Content-Type': 'application/x-www-form-urlencoded'
|
| 63 |
+
}
|
| 64 |
+
|
| 65 |
+
data = {
|
| 66 |
+
'grant_type': 'authorization_code',
|
| 67 |
+
'code': code,
|
| 68 |
+
'redirect_uri': redirect_uri,
|
| 69 |
+
'client_id': OAUTH_CLIENT_ID
|
| 70 |
+
}
|
| 71 |
+
|
| 72 |
+
response = requests.post(token_url, headers=headers, data=data)
|
| 73 |
+
|
| 74 |
+
if response.ok:
|
| 75 |
+
tokens = response.json()
|
| 76 |
+
access_token = tokens['access_token']
|
| 77 |
+
id_token = tokens.get('id_token')
|
| 78 |
+
|
| 79 |
+
# Now you can use the access_token (and id_token) to access protected resources or identify the user
|
| 80 |
+
# For example, fetch user info from the userinfo endpoint if needed
|
| 81 |
+
|
| 82 |
+
return "Login successful" # Redirect to another page or show a message
|
| 83 |
+
else:
|
| 84 |
+
return "Error exchanging code for tokens", 400
|
| 85 |
|
| 86 |
|
| 87 |
|