Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should HfApi().login save the token? #154

Closed
osanseviero opened this issue Jul 2, 2021 · 5 comments
Closed

Should HfApi().login save the token? #154

osanseviero opened this issue Jul 2, 2021 · 5 comments
Labels
discussion

Comments

@osanseviero
Copy link
Member

Currently, login only returns the token, but I wonder if it should call save_token so it behaves closer to a login.

WDYT @LysandreJik? Would it make sense?
@LysandreJik
Copy link
Member

Good point! I think the current design is to have the API stateful during the Python runtime, but not across runtimes. As it is designed now, you would need to call the login/retrieve the token from the folder every time you enter a runtime, which I would expect if the expected behavior would be to change the user every time.

Since we expect users to have a single account that can manage several namespaces, I would expect the user to be logged in across runtimes, which would point towards making the change you're proposing here.

If we wish to go further, the HfApi isn't stateful in that it doesn't carry the token, which needs to be specified on every method call. It could eventually default to using the HfFolder's token when the token is not specified.

Pinging @julien-c as you designed the current API :)

@julien-c
Copy link
Member

julien-c commented Jul 5, 2021

no strong opinion

@osanseviero osanseviero mentioned this issue Sep 22, 2021
Merged
@LysandreJik
Copy link
Member

Also cc @adrinjalali with whom we have had a similar discussion recently.

@adrinjalali
Copy link
Contributor

Working with the API, I don't think login should save the token, rather, I think it should store the token in the instance, so that calling other methods would use the stored token. This is what I think the code should look like:

api = HfApi()
api.login(...)
api.create_repo(...) # w/o passing token

The user should be able to interact with an instance of HfApi w/o touching anything in the filesystem and as a user I would expect api.login to set the state of the instance as logged in.

@Wauplin
Copy link
Contributor

Wauplin commented Jun 30, 2023

To remove any confusion, HfApi.login is not available (has it been at some point?).

The only login mechanism are huggingface-cli login and huggingface_hub.login(). Both are explicitly enough IMO that it saves the token on the machine and not as a session token. Agree with @adrinjalali that HfApi.login would have been misleading if it would have saved the token locally.

@Wauplin Wauplin closed this as completed Jun 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@julien-c @adrinjalali @osanseviero @Wauplin @LysandreJik