[Auth] Keyless CI/CD auth via OIDC token exchange

[hanouticelina]

This PR lets CI jobs authenticate to the Hub without storing an HF_TOKEN secret, using the Hub's Trusted Publishers. Set HF_OIDC_RESOURCE to the repo (or username) to scope a short-lived token to, and huggingface_hub does the OIDC exchange under the hood, no token, no setup code.

Example: publish a model and a dataset from one training run

name: Publish to the Hub

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      id-token: write    # required so the job can mint an OIDC token
      contents: read
    steps:
      - uses: actions/checkout@v4

      - name: Install the hf CLI
        run: |
          curl -LsSf https://hf.co/cli/install.sh | bash
          echo "$HOME/.local/bin" >> "$GITHUB_PATH"

      - name: Train
        run: ./train.sh    # produces ./model and ./dataset

      # Scope `HF_OIDC_RESOURCE` per step to the repo that step pushes to.
      - name: Push the model
        env:
          HF_OIDC_RESOURCE: acme/awesome-model
        run: hf upload acme/awesome-model ./model .

      - name: Push the dataset
        env:
          HF_OIDC_RESOURCE: datasets/acme/awesome-dataset
        run: hf upload acme/awesome-dataset ./dataset . --repo-type dataset

Under the hood, get_token() gains a last-resort source: when HF_OIDC_RESOURCE is set and a supported CI provider is detected, it mints the provider's OIDC id token, exchanges it at POST /oauth/token for a short-lived Hub token, and caches it.

---

Note

High Risk
Changes core authentication in get_token() and introduces token exchange; misconfiguration or exchange failures affect all Hub calls when HF_OIDC_RESOURCE is set.

Overview
Adds Trusted Publishers keyless CI auth: CI jobs can authenticate to the Hub via OIDC token exchange instead of storing HF_TOKEN.

A new internal _oidc module mints GitHub Actions OIDC id tokens (when permissions: id-token: write is set) and exchanges them at POST /oauth/token (RFC 8693), scoped with resource. Other providers can pass a pre-minted id token via HF_OIDC_ID_TOKEN.

get_token() now tries OIDC last when HF_OIDC_RESOURCE is set (repo or username to scope the token). Failures raise OIDCError instead of silently returning unauthenticated. Exchanged tokens are cached with refresh before expiry for auto-minted GitHub flows.

Debug HF_DEBUG curl logging redacts OAuth body fields such as subject_token.

^{Reviewed by Cursor Bugbot for commit a48753a. Configure here.}

[bot-ci-comment]

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

[coyotte508]

Nice!

[coyotte508]

maybe add a way to pass the ID token directly for other providers than Github

eg HF_OIDC_ID_TOKEN=... HF_OIDC_RESOURCE=... hf upload ...

so the Gitlab example can also be simplified!

[Wauplin]

in addition of HF_OIDC_ID_TOKEN we could also support Gitlab, etc. natively (can be a follow-up PR)

[Wauplin]

Thanks for the PR! I left some cosmetic changes but otherwise looks good to me.

Could you also update the PR description with a more up-to-date example? e.g. install hf CLI using installer. Also potentially could be a more complex example pushing to both a dataset and a model at the end of a training step => would need to set HF_OIDC_RESOURCE per step targeting different resources. (asking because example will likely be copied to release notes)

Once merged the follow-up would be:

• update hub-docs
• add support/examples for more providers

[Wauplin]

Thank you!

[hanouticelina]

@Wauplin updated the PR description with a better example ✔️

[hanouticelina]

I'm talking care of the follow-up PRs as well

[julien-c]

This is very elegantly implemented! kudos

[huggingface-hub-bot]

This PR has been shipped as part of the v1.19.0 release.