fix

index.html

@@ -3,131 +3,107 @@
   <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width" />
-    <title>HF OAuth Example</title>
+    <title>OAuth in a static Space (Vanilla JS)</title>
+    <link rel="stylesheet" href="style.css" />
     <style>
-      body { font-family: sans-serif; padding: 2rem; max-width: 600px; margin: 0 auto; }
-      button { padding: 0.5rem 1rem; margin: 0.5rem 0; cursor: pointer; }
-      #status { margin: 1rem 0; color: #666; }
-      pre { background: #f5f5f5; padding: 1rem; border-radius: 4px; overflow-x: auto; }
+      body { font-family: sans-serif; background: white; color: #222; }
+      .card { max-width: 420px; margin: 2rem auto 0 auto; background: #fff; border-radius: 16px; box-shadow: 0 2px 8px #0001; padding: 2rem; }
+      #status { margin-top: 1rem; word-break: break-all; color: #b00; }
+      button, img { margin-top: 1rem; }
+      pre { background: #eee; padding: 1em; border-radius: 4px; margin-top: 1rem; }
+      #signout { margin-left: 0; }
     </style>
   </head>
   <body>
-    <h1>HF OAuth Example</h1>
-    
-    <img src="https://huggingface.co/datasets/huggingface/badges/resolve/main/sign-in-with-huggingface-xl-dark.svg"
-         alt="Sign in with Hugging Face" id="signin" style="cursor:pointer;display:none;max-width:300px;">
-    
-    <button id="signout" style="display:none;">Sign out</button>
-    <div id="status"></div>
-    <pre id="userinfo" style="display:none;"></pre>
-    <script>
-      // Use environment variables provided by HF Spaces OAuth
-      const CLIENT_ID = window.OAUTH_CLIENT_ID || 'e0906ea6-519f-4aa0-a128-9b7df044e477';
-      const CLIENT_SECRET = window.OAUTH_CLIENT_SECRET;
+    <div class="card">
+      <h1>OAuth in a static Space (Vanilla JS)</h1>
+      <p>
+        This is a demonstration of the Hugging Face OAuth flow in a <b>static Space</b> using only vanilla JS.<br>
+        No external libraries are needed – just copy this HTML file in your Space!
+
+        After clicking "Signin with HF", you will be redirected to this space and the access token + user info will be displayed.
+      </p>
+      <img src="https://huggingface.co/datasets/huggingface/badges/resolve/main/sign-in-with-huggingface-xl-dark.svg"
+           alt="Sign in with Hugging Face" id="signin" style="cursor:pointer;display:none;max-width:100%;">
+      <button id="signout" style="display:none;">Sign out</button>
+      <div id="status"></div>
+      <pre id="userinfo" style="display:none"></pre>
+    </div>
+    <script type="module">
+      // Import de la librairie HF pour une méthode plus simple et fiable
+      import { oauthLoginUrl, oauthHandleRedirectIfPresent } from "https://cdn.skypack.dev/@huggingface/hub";
+      
+      // Fallback pour les variables OAuth si on utilise la méthode manuelle
+      const CLIENT_ID = window.OAUTH_CLIENT_ID || window.huggingface?.space?.oauth?.clientId;
+      const CLIENT_SECRET = window.OAUTH_CLIENT_SECRET || window.huggingface?.space?.oauth?.clientSecret;
       const REDIRECT_URI = window.location.origin + window.location.pathname;
+      const HF_OAUTH_URL = 'https://huggingface.co/oauth/authorize';
+      const HF_TOKEN_URL = 'https://huggingface.co/oauth/token';
 
+      // Helper pour afficher l'état et les infos utilisateur
       function showLoggedIn(userinfo) {
         document.getElementById('signin').style.display = 'none';
-        document.getElementById('signout').style.display = 'block';
+        document.getElementById('signout').style.display = '';
         document.getElementById('status').textContent = 'Logged in!';
-        document.getElementById('userinfo').style.display = 'block';
+        document.getElementById('userinfo').style.display = '';
         document.getElementById('userinfo').textContent = userinfo;
       }
-
       function showLoggedOut() {
-        document.getElementById('signin').style.display = 'block';
+        document.getElementById('signin').style.display = '';
         document.getElementById('signout').style.display = 'none';
         document.getElementById('status').textContent = '';
         document.getElementById('userinfo').style.display = 'none';
+        document.getElementById('userinfo').textContent = '';
       }
 
-      document.getElementById('signin').onclick = function () {
-        const state = Math.random().toString(36).slice(2);
-        localStorage.setItem('hf_oauth_state', state);
-        // Use official OAuth URL as per documentation
-        const url = `https://huggingface.co/oauth/authorize?redirect_uri=${encodeURIComponent(REDIRECT_URI)}&scope=openid%20profile&client_id=${CLIENT_ID}&state=${state}`;
-        // Open in new tab to avoid iframe issues
-        window.open(url, '_blank');
+      // Sign in button - utilise la méthode recommandée par HF
+      document.getElementById('signin').onclick = async function () {
+        try {
+          const loginUrl = await oauthLoginUrl();
+          window.location.href = loginUrl;
+        } catch (error) {
+          console.error('Erreur lors de la génération de l\'URL de login:', error);
+          document.getElementById('status').textContent = 'Erreur: Impossible de générer l\'URL de connexion. Vérifiez la configuration OAuth.';
+        }
       };
 
+      // Sign out button
       document.getElementById('signout').onclick = function () {
-        localStorage.clear();
+        localStorage.removeItem('hf_oauth_token');
+        localStorage.removeItem('hf_oauth_userinfo');
+        localStorage.removeItem('hf_oauth_state');
         showLoggedOut();
         window.history.replaceState({}, '', window.location.pathname);
       };
 
+      // Handle OAuth callback - utilise la méthode recommandée par HF
       window.onload = async function () {
-        const params = new URLSearchParams(window.location.search);
-        
-        if (params.has('code') && params.has('state')) {
-          const state = params.get('state');
-          if (state !== localStorage.getItem('hf_oauth_state')) {
-            document.getElementById('status').textContent = 'Invalid state parameter';
-            return;
-          }
-          
-          const code = params.get('code');
-          document.getElementById('status').textContent = 'Exchanging code for access token...';
+        try {
+          // Utilise la fonction HF pour gérer le redirect OAuth
+          const oauthResult = await oauthHandleRedirectIfPresent();
           
-          try {
-            // Official token exchange as per HF documentation
-            const tokenResponse = await fetch('https://huggingface.co/oauth/token', {
-              method: 'POST',
-              headers: {
-                'Content-Type': 'application/x-www-form-urlencoded',
-                'Authorization': `Basic ${btoa(CLIENT_ID + ':' + (CLIENT_SECRET || ''))}`
-              },
-              body: new URLSearchParams({
-                grant_type: 'authorization_code',
-                code: code,
-                redirect_uri: REDIRECT_URI,
-                client_id: CLIENT_ID
-              })
-            });
-            
-            if (!tokenResponse.ok) {
-              throw new Error(`Token exchange failed: ${tokenResponse.status}`);
-            }
-            
-            const tokenData = await tokenResponse.json();
-            
-            if (tokenData.access_token) {
-              // Get user info with access token
-              document.getElementById('status').textContent = 'Getting user information...';
-              
-              const userResponse = await fetch('https://huggingface.co/oauth/userinfo', {
-                headers: {
-                  'Authorization': `Bearer ${tokenData.access_token}`
-                }
-              });
-              
-              if (userResponse.ok) {
-                const userInfo = await userResponse.json();
-                const userInfoStr = JSON.stringify(userInfo, null, 2);
-                localStorage.setItem('hf_oauth_token', tokenData.access_token);
-                localStorage.setItem('hf_oauth_userinfo', userInfoStr);
-                showLoggedIn(userInfoStr);
-              } else {
-                throw new Error('Failed to get user info');
-              }
+          if (oauthResult) {
+            // L'utilisateur vient de se connecter
+            console.log('OAuth result:', oauthResult);
+            const userinfoStr = JSON.stringify(oauthResult.userInfo, null, 2);
+            localStorage.setItem('hf_oauth_token', oauthResult.accessToken);
+            localStorage.setItem('hf_oauth_userinfo', userinfoStr);
+            showLoggedIn(userinfoStr);
+            // Clean up URL
+            window.history.replaceState({}, '', window.location.pathname);
+          } else {
+            // Vérifier si l'utilisateur est déjà connecté
+            const token = localStorage.getItem('hf_oauth_token');
+            const userinfo = localStorage.getItem('hf_oauth_userinfo');
+            if (token && userinfo) {
+              showLoggedIn(userinfo);
             } else {
-              throw new Error('No access token received');
+              showLoggedOut();
             }
-            
-            window.history.replaceState({}, '', window.location.pathname);
-          } catch (error) {
-            console.error('OAuth error:', error);
-            document.getElementById('status').textContent = 'Error: ' + error.message;
-            showLoggedOut();
           }
-          return;
-        }
-
-        // Check if already logged in
-        const userinfo = localStorage.getItem('hf_oauth_userinfo');
-        if (userinfo) {
-          showLoggedIn(userinfo);
-        } else {
+        } catch (error) {
+          console.error('Erreur OAuth:', error);
+          document.getElementById('status').textContent = 'Erreur lors de la gestion OAuth: ' + error.message;
           showLoggedOut();
         }
       };