Adds a security note to the Oauth section (gradio-app#8901)

* security note * Update guides/03_additional-features/09_sharing-your-app.md Co-authored-by: Ali Abdalla <ali.si3luwa@gmail.com> --------- Co-authored-by: Ali Abdalla <ali.si3luwa@gmail.com>
Yancy456 · Jul 25, 2024 · 10a2260 · 10a2260
1 parent 684e9cb
commit 10a2260
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/guides/03_additional-features/09_sharing-your-app.md b/guides/03_additional-features/09_sharing-your-app.md
@@ -311,6 +311,8 @@ Users can revoke access to their profile at any time in their [settings](https:/
 As seen above, OAuth features are available only when your app runs in a Space. However, you often need to test your app
 locally before deploying it. To test OAuth features locally, your machine must be logged in to Hugging Face. Please run `huggingface-cli login` or set `HF_TOKEN` as environment variable with one of your access token. You can generate a new token in your settings page (https://huggingface.co/settings/tokens). Then, clicking on the `gr.LoginButton` will login your local Hugging Face profile, allowing you to debug your app with your Hugging Face account before deploying it to a Space.
 
+**Security Note**: It is important to note that adding a `gr.LoginButton` does not restrict users from using your app, in the same way that adding [username-password authentication](/guides/sharing-your-app#password-protected-app) does. This means that users of your app who have not logged in with Hugging Face can still access and run events in your Gradio app -- the difference is that the `gr.OAuthProfile` or `gr.OAuthToken` will be `None` in the corresponding functions. 
+
 
 ### OAuth (with external providers)