Skip to content
This repository was archived by the owner on Dec 5, 2025. It is now read-only.
This repository was archived by the owner on Dec 5, 2025. It is now read-only.

Login to HuggingChat is broken #48

Description

@SpiraMira

@cyrilzakka - bonjour!

  • The current implementation uses a custom scheme url app callback that no longer works "huggingchat://“. Not sure if it ever did...
  • As we can surmise from the output below, the redirect_uri must match https://huggingface.co/chat/login/callback.
  • The HuggingChat backend (/chat/api) is a SvelteKit application that (seems to) acts as its own OAuth Client.
  • So while the HuggingChat interface API (/chat/api) is enabled via OAuth2, it requires another approach because it uses Session Cookies (hf-chat) derived from the OAuth flow, rather than standard Bearer tokens.
  • To access /chat/api endpoints (like /user etc.. ), we must "piggyback" on the official web session. We need to use a WKWebView to perform the login, allow the official callback to execute, and then extract the hf-chat cookies to use in our programmatic URLSession.

I have a fix and a new client that seems to work well
I can develop and create a PR if there’s enough interest and this app is still live/relevant
NOTE: my current version of the app is

  • mlx-libraries:2.29.1
  • a custom version of WhisperKit compatible with swift-transformers 1.0.0, just to avoid version hell... (until the next update of mlx-libs argh!)
  • a late 2024 revision of Cyril’s MarkdownView
  • Xcode 26.1
  • OS26 compatible

debugging/tracing output below:

❯ curl -i "https://huggingface.co/chat/login?callback=huggingchat%3A%2F%2Flogin%2Fcallback" HTTP/2 302 location: https://huggingface.co/oauth/authorize?client_id=8f1a1d63-479b-46c8-84cb-521fe9f3222f&scope=openid%20profile%20inference-api%20read-mcp&response_type=code&redirect_uri=https%3A%2F%2Fhuggingface.co%2Fchat%2Flogin%2Fcallback&state=eyJkYXRhIjp7ImV4cGlyYXRpb24iOjE3NjM0NDIxMzYyODAsInJlZGlyZWN0VXJsIjoiaHR0cHM6Ly9odWdnaW5nZmFjZS5jby9jaGF0L2xvZ2luL2NhbGxiYWNrIiwibmV4dCI6Ii9jaGF0LyJ9LCJzaWduYXR1cmUiOiIzNWZjMGEzMTQxYzQ0YTI4Y2Y0MTM4NDgxOTI4MjJlMTg1NDA5NzQzYjM4YzYwZmI5OTZiNTY4N2VmMzM4Y2FlIn0%3D date: Tue, 18 Nov 2025 04:02:16 GMT set-cookie: hf-chat=eb6b6fdb-5783-4f02-810e-b0636742fe25; Path=/; Expires=Tue, 02 Dec 2025 04:02:16 GMT; HttpOnly; Secure; SameSite=Lax cache-control: no-store content-security-policy: frame-ancestors 'none'; x-cache: Miss from cloudfront via: 1.1 e3e31445c00bbce77f755b563c056d44.cloudfront.net (CloudFront) x-amz-cf-pop: JFK50-P9 x-amz-cf-id: 4Sd5ht-CXwVR6LzvMjChMzNwiSDvfkdS8LwpeLQXqJNwwSzDmdiWhw==

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions