Authentication Doc and Code may be out-of-date/not working

[muscionig]

Description

Hello,

Following the doc in the README: https://github.com/huggingface/chat-ui#basic-and-bearer. The UI should support (if setup in the .env.local file) Basic and Bearer authentication, however, what I noticed since the requests have been moved to the huggingface module is that the authorization flow has changed.

In the module:

#huggingface/inference/dist/index.mjs
[...]
  const { accessToken, model: _model, ...otherArgs } = args;
  let { model } = args;
  const { forceTask: task, includeCredentials, taskHint, ...otherOptions } = options ?? {};
  const headers = {};
  if (accessToken) {
    headers["Authorization"] = `Bearer ${accessToken}`;
  }
[...]

If I define a custom chat endpoint in this way:

"endpoints": [{"url": "URL/generate_stream", "type" : "tgi", "accessToken": "<bearer-token-only>"}]

then the accessToken is properly propagated, but the suggested "authorization": "Bearer/Basic <string>" does not work.

If this is intended:

1. I would be happy to open a quick PR to change the README to something like:

   
   #### Bearer

Custom endpoints may require authorization, depending on how you configure them. Chat-UI support Bearer authentication.

You can use a token, which can be grabbed from here.

You can then add the generated information and the accessToken parameter to your .env.local.

"endpoints": [
{
"url": "https://HOST:PORT",
"accessToken": "<bearer-token>",
}
]

**NOTE**: currently, `Basic` authentication is not supported

Please let me know what do you think, and if I am missing something.

Thanks, Guido

[galen-ft]

Hi @muscionig , I noticed the same thing and created this PR#579 which re-enables passing a custom authorization header to the TGI endpoint. I would appreciate it if you could give it a 👍

However, I agree with you that if the HF team do not plan to re-enable custom authorization headers, then it would be a good idea to update the readme to inform users about that.