Credential Providers

class cognite.client.credentials.Token(token: Union[str, Callable[[], str]])

Token credential provider

Parameters:token (Union[str, Callable[[], str]) – A token or a token factory.

Examples

>>> from cognite.client.credentials import Token
>>> token_provider = Token("my secret token")
>>> token_factory_provider = Token(lambda: "my secret token")

Note

If you pass in a callable, we will expect that you supplied a function that may do a token refresh under the hood, so it will be called while holding a thread lock (threading.Lock()).

class cognite.client.credentials.OAuthClientCredentials(token_url: str, client_id: str, client_secret: str, scopes: List[str], token_expiry_leeway_seconds: int = 15, **token_custom_args)

OAuth credential provider for the “Client Credentials” flow.

Parameters:
  • token_url (str) – OAuth token url
  • client_id (str) – Your application’s client id.
  • client_secret (str) – Your application’s client secret
  • scopes (List[str]) – A list of scopes.
  • token_expiry_leeway_seconds (int) – The token is refreshed at the earliest when this number of seconds is left before expiry. Default: 15 sec
  • **token_custom_args (Any) – Optional additional arguments to pass as query parameters to the token fetch request.

Examples

>>> from cognite.client.credentials import OAuthClientCredentials
>>> import os
>>> oauth_provider = OAuthClientCredentials(
...     token_url="https://login.microsoftonline.com/xyz/oauth2/v2.0/token",
...     client_id="abcd",
...     client_secret=os.environ["OAUTH_CLIENT_SECRET"],
...     scopes=["https://greenfield.cognitedata.com/.default"],
...     # Any additional IDP-specific token args. e.g.
...     audience="some-audience"
... )
class cognite.client.credentials.OAuthInteractive(authority_url: str, client_id: str, scopes: List[str], redirect_port: int = 53000, token_cache_path: Optional[pathlib.Path] = None, token_expiry_leeway_seconds: int = 15)

OAuth credential provider for an interactive login flow.

Make sure you have http://localhost:port in Redirect URI in App Registration as type “Mobile and desktop applications”.

Parameters:
  • authority_url (str) – OAuth authority url
  • client_id (str) – Your application’s client id.
  • scopes (List[str]) – A list of scopes.
  • redirect_port (List[str]) – Redirect port defaults to 53000.
  • token_cache_path (Path) – Location to store token cache, defaults to os temp directory/cognitetokencache.{client_id}.bin.
  • token_expiry_leeway_seconds (int) – The token is refreshed at the earliest when this number of seconds is left before expiry. Default: 15 sec

Examples

>>> from cognite.client.credentials import OAuthInteractive
>>> oauth_provider = OAuthInteractive(
...     authority_url="https://login.microsoftonline.com/xyz",
...     client_id="abcd",
...     scopes=["https://greenfield.cognitedata.com/.default"],
... )
class cognite.client.credentials.OAuthDeviceCode(authority_url: str, client_id: str, scopes: List[str], token_cache_path: Optional[pathlib.Path] = None, token_expiry_leeway_seconds: int = 15)

OAuth credential provider for the device code login flow.

Parameters:
  • authority_url (str) – OAuth authority url
  • client_id (str) – Your application’s client id.
  • scopes (List[str]) – A list of scopes.
  • token_cache_path (Path) – Location to store token cache, defaults to os temp directory/cognitetokencache.{client_id}.bin.
  • token_expiry_leeway_seconds (int) – The token is refreshed at the earliest when this number of seconds is left before expiry. Default: 15 sec

Examples

>>> from cognite.client.credentials import OAuthDeviceCode
>>> oauth_provider = OAuthDeviceCode(
...     authority_url="https://login.microsoftonline.com/xyz",
...     client_id="abcd",
...     scopes=["https://greenfield.cognitedata.com/.default"],
... )
class cognite.client.credentials.OAuthClientCertificate(authority_url: str, client_id: str, cert_thumbprint: str, certificate: str, scopes: List[str], token_expiry_leeway_seconds: int = 15)

OAuth credential provider for authenticating with a client certificate.

Parameters:
  • authority_url (str) – OAuth authority url
  • client_id (str) – Your application’s client id.
  • cert_thumbprint (str) – Your certificate’s thumbprint. You get it when you upload your certificate to Azure AD.
  • certificate (str) – Your private certificate, typically read from a .pem file
  • scopes (List[str]) – A list of scopes.
  • token_expiry_leeway_seconds (int) – The token is refreshed at the earliest when this number of seconds is left before expiry. Default: 15 sec

Examples

>>> from cognite.client.credentials import OAuthClientCertificate
>>> from pathlib import Path
>>> oauth_provider = OAuthClientCertificate(
...     authority_url="https://login.microsoftonline.com/xyz",
...     client_id="abcd",
...     cert_thumbprint="XYZ123",
...     certificate=Path("certificate.pem").read_text(),
...     scopes=["https://greenfield.cognitedata.com/.default"],
... )