Skip to content
This repository was archived by the owner on Dec 5, 2025. It is now read-only.
This repository was archived by the owner on Dec 5, 2025. It is now read-only.

Login to HuggingChat is broken #48

Open
Open
Login to HuggingChat is broken#48
@SpiraMira

Description

@SpiraMira
SpiraMira
opened on Nov 19, 2025

@cyrilzakka - bonjour!

  • The current implementation uses a custom scheme url app callback that no longer works "huggingchat://“. Not sure if it ever did...
  • As we can surmise from the output below, the redirect_uri must match https://huggingface.co/chat/login/callback.
  • The HuggingChat backend (/chat/api) is a SvelteKit application that (seems to) acts as its own OAuth Client.
  • So while the HuggingChat interface API (/chat/api) is enabled via OAuth2, it requires another approach because it uses Session Cookies (hf-chat) derived from the OAuth flow, rather than standard Bearer tokens.
  • To access /chat/api endpoints (like /user etc.. ), we must "piggyback" on the official web session. We need to use a WKWebView to perform the login, allow the official callback to execute, and then extract the hf-chat cookies to use in our programmatic URLSession.

I have a fix and a new client that seems to work well
I can develop and create a PR if there’s enough interest and this app is still live/relevant
NOTE: my current version of the app is

  • mlx-libraries:2.29.1
  • a custom version of WhisperKit compatible with swift-transformers 1.0.0, just to avoid version hell... (until the next update of mlx-libs argh!)
  • a late 2024 revision of Cyril’s MarkdownView
  • Xcode 26.1
  • OS26 compatible

debugging/tracing output below:

❯ curl -i "https://huggingface.co/chat/login?callback=huggingchat%3A%2F%2Flogin%2Fcallback" HTTP/2 302 location: https://huggingface.co/oauth/authorize?client_id=8f1a1d63-479b-46c8-84cb-521fe9f3222f&scope=openid%20profile%20inference-api%20read-mcp&response_type=code&redirect_uri=https%3A%2F%2Fhuggingface.co%2Fchat%2Flogin%2Fcallback&state=eyJkYXRhIjp7ImV4cGlyYXRpb24iOjE3NjM0NDIxMzYyODAsInJlZGlyZWN0VXJsIjoiaHR0cHM6Ly9odWdnaW5nZmFjZS5jby9jaGF0L2xvZ2luL2NhbGxiYWNrIiwibmV4dCI6Ii9jaGF0LyJ9LCJzaWduYXR1cmUiOiIzNWZjMGEzMTQxYzQ0YTI4Y2Y0MTM4NDgxOTI4MjJlMTg1NDA5NzQzYjM4YzYwZmI5OTZiNTY4N2VmMzM4Y2FlIn0%3D date: Tue, 18 Nov 2025 04:02:16 GMT set-cookie: hf-chat=eb6b6fdb-5783-4f02-810e-b0636742fe25; Path=/; Expires=Tue, 02 Dec 2025 04:02:16 GMT; HttpOnly; Secure; SameSite=Lax cache-control: no-store content-security-policy: frame-ancestors 'none'; x-cache: Miss from cloudfront via: 1.1 e3e31445c00bbce77f755b563c056d44.cloudfront.net (CloudFront) x-amz-cf-pop: JFK50-P9 x-amz-cf-id: 4Sd5ht-CXwVR6LzvMjChMzNwiSDvfkdS8LwpeLQXqJNwwSzDmdiWhw==

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions