""" OAuth authentication utilities for HuggingFace token verification """ import requests from typing import Optional, Dict # HuggingFace OAuth userinfo endpoint HF_USERINFO_URL = 'https://huggingface.co/oauth/userinfo' def verify_hf_token(token: str) -> Optional[Dict]: """ Verify HF OAuth token and return user info Args: token: The HuggingFace OAuth access token Returns: User info dict with fields: sub, preferred_username, name, picture, email None if token is invalid Example: { "sub": "12345678", "preferred_username": "username", "name": "Display Name", "picture": "https://avatars.huggingface.co/...", "email": "user@example.com" } """ try: response = requests.get( HF_USERINFO_URL, headers={'Authorization': f'Bearer {token}'}, timeout=10 ) if response.status_code == 200: return response.json() else: print(f"Token verification failed with status {response.status_code}") return None except requests.RequestException as e: print(f"Token verification error: {e}") return None def extract_token_from_auth_header(auth_header: str) -> Optional[str]: """ Extract Bearer token from Authorization header Args: auth_header: The Authorization header value (e.g., "Bearer abc123...") Returns: The token string, or None if invalid format """ if not auth_header: return None if not auth_header.startswith('Bearer '): return None try: return auth_header.split(' ', 1)[1] except IndexError: return None def get_user_from_request_headers(headers: Dict[str, str]) -> Optional[Dict]: """ Extract and verify user info from request headers Args: headers: Dict of request headers (case-insensitive keys) Returns: User info dict if valid token, None otherwise """ # Try to get Authorization header (case-insensitive) auth_header = None for key, value in headers.items(): if key.lower() == 'authorization': auth_header = value break if not auth_header: return None token = extract_token_from_auth_header(auth_header) if not token: return None return verify_hf_token(token)