Adds a security note to the Oauth section (#8901)

* security note * Update guides/03_additional-features/09_sharing-your-app.md Co-authored-by: Ali Abdalla <ali.si3luwa@gmail.com> --------- Co-authored-by: Ali Abdalla <ali.si3luwa@gmail.com>
2025-03-31 12:20:26 +08:00 · 2024-07-24 20:00:02 -07:00 · 2024-07-24 20:00:02 -07:00 · 10a2260fc0
commit 10a2260fc0
parent 684e9cbbd0
1 changed files with 2 additions and 0 deletions
--- a/guides/03_additional-features/09_sharing-your-app.md
+++ b/guides/03_additional-features/09_sharing-your-app.md
@ -311,6 +311,8 @@ Users can revoke access to their profile at any time in their [settings](https:/
 As seen above, OAuth features are available only when your app runs in a Space. However, you often need to test your app
 locally before deploying it. To test OAuth features locally, your machine must be logged in to Hugging Face. Please run `huggingface-cli login` or set `HF_TOKEN` as environment variable with one of your access token. You can generate a new token in your settings page (https://huggingface.co/settings/tokens). Then, clicking on the `gr.LoginButton` will login your local Hugging Face profile, allowing you to debug your app with your Hugging Face account before deploying it to a Space.

+**Security Note**: It is important to note that adding a `gr.LoginButton` does not restrict users from using your app, in the same way that adding [username-password authentication](/guides/sharing-your-app#password-protected-app) does. This means that users of your app who have not logged in with Hugging Face can still access and run events in your Gradio app -- the difference is that the `gr.OAuthProfile` or `gr.OAuthToken` will be `None` in the corresponding functions. 
+

 ### OAuth (with external providers)