Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removal of /api/{login,logout} methods #827

Closed
Pierrci opened this issue Apr 8, 2022 · 4 comments
Closed

Removal of /api/{login,logout} methods #827

Pierrci opened this issue Apr 8, 2022 · 4 comments
Labels
API discussion

Comments

@Pierrci
Copy link
Member

Pierrci commented Apr 8, 2022
edited
Loading

We're in the process of completely removing the support of session tokens as a way to authenticate on the hub, which implies removing the /api/{login,logout} endpoints (cc @allendorf) - which would affect the huggingface_hub library.

I know it's currently showing as deprecated and scheduled to be removed in v0.7.0, but given the very low usage we're seeing (< 100 calls/day to /api/login on average), is it possible to accelerate the extinction of those methods? When are v0.6.0 and v0.7.0 planned (roughly)?

Thanks!
@LysandreJik
Copy link
Member

At the rythm at which we're going, I would expect one release a month, so in ~1 month and 3 weeks we should be at the v0.7.

What would the endpoints return when deprecated? Would it return a 404 error when pointing to /api/log{in,out}, or can it return an error message pointing to what to do now?

The core issue with removing that endpoint is that several libraries have pinned huggingface_hub to an earlier version (as we recommend) to not be affected by breaking changes. Checking on pepy.tech, we still have older versions with significant number of downloads, for example 0.0.8 at 421k/month, and 0.1.2 at 1M/month. These versions would just stop, and updating to a more recent version implies handling the breaking changes.

@osanseviero do you have knowledge on which libraries use version 0.0.8 and 0.1.2? We could nudge them to upgrade/open a PR to help them out, which would help. I took a look at the most downloaded libraries listed here but didn't manage to find the ones that had such requirements in place.

@julien-c
Copy link
Member

Would it return a 404 error when pointing to /api/log{in,out}, or can it return an error message pointing to what to do now?

Yes the 404 can definitely contain a custom message

These versions would just stop, and updating to a more recent version implies handling the breaking changes.

I'm not sure any of those libraries use the /login endpoint though (just the resolver endpoints)

This has been deprecated for a while so i think we'll need to turn off the endpoint soon-ish in any case

@LysandreJik
Copy link
Member

I checked ~20 repositories on GitHub that were leveraging versions anterior to v0.2.0 which introduced access tokens, and none of the ones I checked leverage the /login endpoint indeed, it's only used for fetching.

As long as the 404 contains a message which can be read from the runtime when trying to login it's fine for me.

@LysandreJik LysandreJik mentioned this issue Jun 10, 2022
Closed
@Pierrci
Copy link
Member Author

Pierrci commented Jun 27, 2022

Closing this since removed in v0.8, thanks @LysandreJik!

@Pierrci Pierrci closed this as completed Jun 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@julien-c @Pierrci @LysandreJik