WGET with Token not working

Beginners
1

Dear Hughingface Team,

I’m using runpod with the templates “ComfyUI - AI-Dock”.

In JupyterLab I want to download a login protected model, the one from black-forest-labs/FLUX.1-Krea-dev.

wget used to work like that, I can download the model from my browser after login on my local pc.

wget --header=“Authorization: Bearer TOKEN” ``https://huggingface.co/black-forest-labs/FLUX.1-dev/blob/main/flux1-dev.safetensors

But I get

401 Unauthorized
Username/Password Authentication Failed.

If I add –debug at the end. I get:

DEBUG output created by Wget 1.21.2 on linux-gnu.

Reading HSTS entries from /home/user/.wget-hsts
URI encoding = ‘UTF-8’
Converted file name 'flux1-dev.safetensors' (UTF-8) -> 'flux1-dev.safetensors' (UTF-8)
--2025-10-08 09:03:02--  https://huggingface.co/black-forest-labs/FLUX.1-dev/blob/main/flux1-dev.safetensors
Resolving huggingface.co (huggingface.co)... 52.84.217.103, 52.84.217.69, 52.84.217.102, ...
Caching huggingface.co => 52.84.217.103 52.84.217.69 52.84.217.102 52.84.217.88 2600:9000:203d:6200:17:b174:6d00:93a1 2600:9000:203d:e000:17:b174:6d00:93a1 2600:9000:203d:8800:17:b174:6d00:93a1 2600:9000:203d:e800:17:b174:6d00:93a1 2600:9000:203d:9600:17:b174:6d00:93a1 2600:9000:203d:2400:17:b174:6d00:93a1 2600:9000:203d:ee00:17:b174:6d00:93a1 2600:9000:203d:6400:17:b174:6d00:93a1
Connecting to huggingface.co (huggingface.co)|52.84.217.103|:443... connected.
Created socket 3.
Releasing 0x000061bc69c86ec0 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x000061bc69c888a0
certificate:
  subject: CN=huggingface.co
  issuer:  CN=Amazon RSA 2048 M02,O=Amazon,C=US
X509 certificate successfully verified and matches host huggingface.co

---request begin---
GET /black-forest-labs/FLUX.1-dev/blob/main/flux1-dev.safetensors HTTP/1.1
Host: huggingface.co
User-Agent: Wget/1.21.2
Accept: */*
Accept-Encoding: identity
Connection: Keep-Alive
Authorization: Bearer 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

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=utf-8
Content-Length: 22349
Connection: keep-alive
Date: Wed, 08 Oct 2025 09:03:02 GMT
ETag: W/"574d-1eC4sA5Q/PbQ5YhsvC0L0NiNhEc"
X-Powered-By: huggingface-moon
RateLimit: "pages";r=999;t=66
RateLimit-Policy: "fixed window";"pages";q=1000;w=300
cross-origin-opener-policy: same-origin
Referrer-Policy: strict-origin-when-cross-origin
X-Request-Id: Root=1-68e628c6-753c6a394bc274c7764e5a2f
X-Error-Message: Invalid credentials in Authorization header
x-frame-options: SAMEORIGIN
X-Cache: Error from cloudfront
Via: 1.1 fdd255cb127a7759980ee879db5de580.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DFW59-P5
X-Amz-Cf-Id: tZ4CtuVneK0RyHpWtL5_DbEc3eq4qqEMlGoXvt8V9CLxqmo2CX4puw==

---response end---
401 Unauthorized
Registered socket 3 for persistent reuse.
Disabling further reuse of socket 3.
Closed 3/SSL 0x000061bc69c888a0

Username/Password Authentication Failed.

Thank you for looking into that.

1 Like
2

How about resolve instead of blob for now?
wget --header="Authorization: Bearer TOKEN" "https://huggingface.co/black-forest-labs/FLUX.1-dev/resolve/main/flux1-dev.safetensors"

1 Like
3

resolve is solving the problem!

Thank you so much for your help.

Why I get blob instead of resolve in the url?

1 Like
4

blob is for web UI file-viewer URL. resolve is for file itself. Probably got mixed in from copy-pasting.

1 Like
5

Need to check that!

Thank you again.

1 Like
6

In this context, is curl better than wget?

1 Like
7

Yeah. Well, I think most people use curl. The HF sample also uses curl. Even in that case, though, you should probably use URLs with resolve in the default behavior.

8

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.