How to modify the FastAPI JWT Token Expiration Setting Issued by HuggingFace

Spaces
1

Dears,

We come across a problem regarding FastAPI app deployed in a private space. The problem is a JWT token, which is issued by HuggingFace, last for only 24 hours. This token is used to authenticate our access to HuggingFace account in either on-site access or API call. Following is a token sample that token is assigned to a parameter (__sign)

https://abc.hf.space/?__sign=

We’re wondering if there is a way for us to modify this token expiration length, or there is a way to retrieve the refresh token through an API call in client side script?

We tried to set FastAPI user authentication and JWT token in our app, but it didn’t work because this token from __sign is for HuggingFace user login purpose.

We also tried to use the HF access token that is available to copy in the account setting. It didn’t work as well

Looking forward to hearing your thoughts and advice. Thanks in advance!!

Terry

2

hi @louis1999super ,

We have an undocumented endpoint used by our Gradio client. Here is a JavaScript example for your reference.

async function get_jwt(
	space: string,
	token: `hf_${string}`
): Promise<string | false> {
	try {
		const r = await fetch(`https://huggingface.co/api/spaces/${space}/jwt`, {
			headers: {
				Authorization: `Bearer ${token}`
			}
		});

		const jwt = (await r.json()).token;

		return jwt || false;
	} catch (e) {
		console.error(e);
		return false;
	}
}
1 Like
3

Hi Radames,

Thank you for the prompt response and help! It’s working now : )

Here is the Python version is working we tried before and it’s pasted here for the community someone else might need…

HF_Token = "<your token>"

headers = {
    "Authorization": "Bearer " + HF_Token
}

url = "https://huggingface.co/api/spaces/<your space>/jwt"
result = requests.get(url, headers=headers).json()
## Dict ##
print(result) 
## Refresh Token
print(result['token'])

Have a nice day!
Terry

1 Like
4

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.