Credential Providers¶
-
class
cognite.client.credentials.
Token
(token: Union[str, Callable[[], str]])¶ Token credential provider
Parameters: token (Union[str, Callable[[], str]) – A token or a token factory. Examples
>>> from cognite.client.credentials import Token >>> token_provider = Token("my secret token") >>> token_factory_provider = Token(lambda: "my secret token")
Note
If you pass in a callable, we will expect that you supplied a function that may do a token refresh under the hood, so it will be called while holding a thread lock (threading.Lock()).
-
class
cognite.client.credentials.
OAuthClientCredentials
(token_url: str, client_id: str, client_secret: str, scopes: List[str], token_expiry_leeway_seconds: int = 15, **token_custom_args)¶ OAuth credential provider for the “Client Credentials” flow.
Parameters: - token_url (str) – OAuth token url
- client_id (str) – Your application’s client id.
- client_secret (str) – Your application’s client secret
- scopes (List[str]) – A list of scopes.
- token_expiry_leeway_seconds (int) – The token is refreshed at the earliest when this number of seconds is left before expiry. Default: 15 sec
- **token_custom_args (Any) – Optional additional arguments to pass as query parameters to the token fetch request.
Examples
>>> from cognite.client.credentials import OAuthClientCredentials >>> import os >>> oauth_provider = OAuthClientCredentials( ... token_url="https://login.microsoftonline.com/xyz/oauth2/v2.0/token", ... client_id="abcd", ... client_secret=os.environ["OAUTH_CLIENT_SECRET"], ... scopes=["https://greenfield.cognitedata.com/.default"], ... # Any additional IDP-specific token args. e.g. ... audience="some-audience" ... )
-
class
cognite.client.credentials.
OAuthInteractive
(authority_url: str, client_id: str, scopes: List[str], redirect_port: int = 53000, token_cache_path: Optional[pathlib.Path] = None, token_expiry_leeway_seconds: int = 15)¶ OAuth credential provider for an interactive login flow.
Make sure you have http://localhost:port in Redirect URI in App Registration as type “Mobile and desktop applications”.
Parameters: - authority_url (str) – OAuth authority url
- client_id (str) – Your application’s client id.
- scopes (List[str]) – A list of scopes.
- redirect_port (List[str]) – Redirect port defaults to 53000.
- token_cache_path (Path) – Location to store token cache, defaults to os temp directory/cognitetokencache.{client_id}.bin.
- token_expiry_leeway_seconds (int) – The token is refreshed at the earliest when this number of seconds is left before expiry. Default: 15 sec
Examples
>>> from cognite.client.credentials import OAuthInteractive >>> oauth_provider = OAuthInteractive( ... authority_url="https://login.microsoftonline.com/xyz", ... client_id="abcd", ... scopes=["https://greenfield.cognitedata.com/.default"], ... )
-
class
cognite.client.credentials.
OAuthDeviceCode
(authority_url: str, client_id: str, scopes: List[str], token_cache_path: Optional[pathlib.Path] = None, token_expiry_leeway_seconds: int = 15)¶ OAuth credential provider for the device code login flow.
Parameters: - authority_url (str) – OAuth authority url
- client_id (str) – Your application’s client id.
- scopes (List[str]) – A list of scopes.
- token_cache_path (Path) – Location to store token cache, defaults to os temp directory/cognitetokencache.{client_id}.bin.
- token_expiry_leeway_seconds (int) – The token is refreshed at the earliest when this number of seconds is left before expiry. Default: 15 sec
Examples
>>> from cognite.client.credentials import OAuthDeviceCode >>> oauth_provider = OAuthDeviceCode( ... authority_url="https://login.microsoftonline.com/xyz", ... client_id="abcd", ... scopes=["https://greenfield.cognitedata.com/.default"], ... )
-
class
cognite.client.credentials.
OAuthClientCertificate
(authority_url: str, client_id: str, cert_thumbprint: str, certificate: str, scopes: List[str], token_expiry_leeway_seconds: int = 15)¶ OAuth credential provider for authenticating with a client certificate.
Parameters: - authority_url (str) – OAuth authority url
- client_id (str) – Your application’s client id.
- cert_thumbprint (str) – Your certificate’s thumbprint. You get it when you upload your certificate to Azure AD.
- certificate (str) – Your private certificate, typically read from a .pem file
- scopes (List[str]) – A list of scopes.
- token_expiry_leeway_seconds (int) – The token is refreshed at the earliest when this number of seconds is left before expiry. Default: 15 sec
Examples
>>> from cognite.client.credentials import OAuthClientCertificate >>> from pathlib import Path >>> oauth_provider = OAuthClientCertificate( ... authority_url="https://login.microsoftonline.com/xyz", ... client_id="abcd", ... cert_thumbprint="XYZ123", ... certificate=Path("certificate.pem").read_text(), ... scopes=["https://greenfield.cognitedata.com/.default"], ... )