fix

index.html

@@ -55,13 +55,40 @@
         document.getElementById('userinfo').textContent = '';
       }
 
+      // Helper pour générer PKCE
+      function generateCodeVerifier() {
+        const array = new Uint8Array(32);
+        crypto.getRandomValues(array);
+        return btoa(String.fromCharCode.apply(null, array))
+          .replace(/\+/g, '-')
+          .replace(/\//g, '_')
+          .replace(/=/g, '');
+      }
+      
+      async function generateCodeChallenge(verifier) {
+        const encoder = new TextEncoder();
+        const data = encoder.encode(verifier);
+        const digest = await crypto.subtle.digest('SHA-256', data);
+        return btoa(String.fromCharCode.apply(null, new Uint8Array(digest)))
+          .replace(/\+/g, '-')
+          .replace(/\//g, '_')
+          .replace(/=/g, '');
+      }
+
       // Sign in button
-      document.getElementById('signin').onclick = function () {
+      document.getElementById('signin').onclick = async function () {
         const state = Math.random().toString(36).slice(2);
+        const codeVerifier = generateCodeVerifier();
+        const codeChallenge = await generateCodeChallenge(codeVerifier);
+        
         localStorage.setItem('hf_oauth_state', state);
+        localStorage.setItem('hf_oauth_code_verifier', codeVerifier);
+        
         const url = `${HF_OAUTH_URL}?client_id=${CLIENT_ID}` +
           `&redirect_uri=${encodeURIComponent(REDIRECT_URI)}` +
-          `&response_type=code&scope=openid%20profile&state=${state}&prompt=consent`;
+          `&response_type=code&scope=openid%20profile` +
+          `&state=${state}&prompt=consent` +
+          `&code_challenge=${codeChallenge}&code_challenge_method=S256`;
         window.location = url;
       };
 
@@ -70,6 +97,7 @@
         localStorage.removeItem('hf_oauth_token');
         localStorage.removeItem('hf_oauth_userinfo');
         localStorage.removeItem('hf_oauth_state');
+        localStorage.removeItem('hf_oauth_code_verifier');
         showLoggedOut();
         window.history.replaceState({}, '', window.location.pathname);
       };
@@ -90,12 +118,15 @@
           console.log('window.huggingface.variables:', window.huggingface?.variables);
           console.log('Toutes les clés disponibles:', Object.keys(window.huggingface?.variables || {}));
           
-          // Retour aux paramètres de base pour débugger
+          // Utiliser PKCE comme dans huggingface.js
+          const codeVerifier = localStorage.getItem('hf_oauth_code_verifier');
+          console.log('Code verifier:', codeVerifier ? 'présent' : 'absent');
+          
           const body = new URLSearchParams({
-            client_id: CLIENT_ID,
             grant_type: 'authorization_code',
             code: code,
-            redirect_uri: REDIRECT_URI
+            redirect_uri: REDIRECT_URI,
+            code_verifier: codeVerifier
           });
           console.log('Body de la requête:', body.toString());
           document.getElementById('status').textContent = 'Exchanging code for token...';