Beispiel #1
0
    def _init_clients(self):
        '''init_ cliends will obtain the tranfer and access tokens, and then
           use them to create a transfer client.
        '''

        self._client = globus_sdk.NativeAppAuthClient(self._client_id)
        self._load_secrets()
Beispiel #2
0
def globus_get_authorizer() -> globus_sdk.RefreshTokenAuthorizer:
    """Returns Globus authorization information (requires user interaction)
    Return:
        The authorizer instance
    """
    auth_client = globus_sdk.NativeAppAuthClient(GLOBUS_CLIENT_ID)
    auth_client.oauth2_start_flow(refresh_tokens=True)

    authorize_url = auth_client.oauth2_get_authorize_url()
    print("Authorization URL: %s" % authorize_url)
    print("Go to the following URL to obtain the authorization code:",
          authorize_url)

    get_input = getattr(__builtins__, 'raw_input', input)
    auth_code = get_input('Enter the authorization code: ').strip()

    token_response = auth_client.oauth2_exchange_code_for_tokens(auth_code)
    transfer_info = token_response.by_resource_server[
        'transfer.api.globus.org']

    return globus_sdk.RefreshTokenAuthorizer(
        transfer_info['refresh_token'],
        auth_client,
        access_token=transfer_info['access_token'],
        expires_at=transfer_info['expires_at_seconds'])
def get_transfer_client(client_id, transfer_rt, transfer_at, expires_at_s):
    client = globus_sdk.NativeAppAuthClient(client_id)
    client.oauth2_start_flow(refresh_tokens=True)
    authorizer = globus_sdk.RefreshTokenAuthorizer(
        transfer_rt, client, access_token=transfer_at, expires_at=int(expires_at_s))
    tc = globus_sdk.TransferClient(authorizer=authorizer)
    return tc
Beispiel #4
0
    def __init__(self):
        """
            Initializes the HuBMAP downloader with client ID and hubmap endpoint.

            Here the user is asked to authenticate himself.
        """

        self.CLIENT_ID = '40628e5b-29ae-43c7-adc5-38c75ff907b9'
        self.hubmap_endpoint_id = "af603d86-eab9-4eec-bb1d-9d26556741bb"

        client = globus_sdk.NativeAppAuthClient(self.CLIENT_ID)
        client.oauth2_start_flow()

        authorize_url = client.oauth2_get_authorize_url()
        print('Please go to this URL and login: {0}'.format(authorize_url))

        # this is to work on Python2 and Python3 -- you can just use raw_input() or
        # input() for your specific version
        get_input = getattr(__builtins__, 'raw_input', input)
        auth_code = get_input(
            'Please enter the code you get after login here: ').strip()
        token_response = client.oauth2_exchange_code_for_tokens(auth_code)

        globus_auth_data = token_response.by_resource_server['auth.globus.org']
        globus_transfer_data = token_response.by_resource_server[
            'transfer.api.globus.org']

        # most specifically, you want these tokens as strings
        self.AUTH_TOKEN = globus_auth_data['access_token']
        self.TRANSFER_TOKEN = globus_transfer_data['access_token']

        self.authorizer = globus_sdk.AccessTokenAuthorizer(self.TRANSFER_TOKEN)
        self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)

        self.transfers = []
 def setUp(self):
     """
     Creates a NativeAppAuthClient for testing
     """
     super(NativeAppAuthClientIntegrationTests, self).setUp()
     self.nac = globus_sdk.NativeAppAuthClient(
         client_id=get_client_data()["native_app_client1"]["id"])
Beispiel #6
0
def do_native_app_authentication(client_id,
                                 redirect_uri,
                                 requested_scopes=None):
    """
    Does a Native App authentication flow and returns a
    dict of tokens keyed by service name.
    """
    client = globus_sdk.NativeAppAuthClient(client_id=client_id)
    # pass refresh_tokens=True to request refresh tokens
    client.oauth2_start_flow(requested_scopes=requested_scopes,
                             redirect_uri=redirect_uri,
                             refresh_tokens=True)

    url = client.oauth2_get_authorize_url()

    print('Native App Authorization URL: \n{}'.format(url))

    if not is_remote_session():
        webbrowser.open(url, new=1)

    auth_code = GET_INPUT('Enter the auth code: ').strip()

    token_response = client.oauth2_exchange_code_for_tokens(auth_code)

    # return a set of tokens, organized by resource server name
    return token_response.by_resource_server
Beispiel #7
0
def create_token():
    """Creates access tokens manually if they don't already exist in the users home dir"""
    logging.debug("create_token: Starting")
    client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
    client.oauth2_start_flow(refresh_tokens=True)

    authorize_url = client.oauth2_get_authorize_url()
    print('Please go to this URL and login: {0}'.format(authorize_url))

    get_input = getattr(__builtins__, 'raw_input', input)
    auth_code = get_input('Please enter the code you get after login here: ')
    token_response = client.oauth2_exchange_code_for_tokens(auth_code)
    globus_auth_data = token_response.by_resource_server['auth.globus.org']
    globus_transfer_data = token_response.by_resource_server[
        'transfer.api.globus.org']

    # most specifically, you want these tokens as strings
    transfer_rt = globus_transfer_data['refresh_token']
    transfer_at = globus_transfer_data['access_token']
    token = {"transfer_at": transfer_at, "transfer_rt": transfer_rt}
    #    AUTH_TOKEN = globus_auth_data['access_token']
    #    TRANSFER_TOKEN = globus_transfer_data['access_token']
    save_tokens_to_file(token_path, token)
    authorizer = activate_token(token)

    #need some try except stuff here

    return authorizer
def get_transfer_client():
    tokens = None
    try:
        # if we already have tokens, load and use them
        tokens = load_tokens_from_file(p.opt["globusTokenFile"])
    except:
        pass

    if not tokens:
        # if we need to get tokens, start the Native App authentication process
        tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI, SCOPES)

        try:
            save_tokens_to_file(p.opt["globusTokenFile"], tokens)
        except:
            pass

    transfer_tokens = tokens['transfer.api.globus.org']

    auth_client = globus_sdk.NativeAppAuthClient(client_id=CLIENT_ID)

    authorizer = globus_sdk.RefreshTokenAuthorizer(
        transfer_tokens['refresh_token'],
        auth_client,
        access_token=transfer_tokens['access_token'],
        expires_at=transfer_tokens['expires_at_seconds'],
        on_refresh=update_tokens_file_on_refresh)

    transfer = globus_sdk.TransferClient(authorizer=authorizer)

    myproxy_lifetime = 720  # in hours.  What's the maximum?
    try:
        r = transfer.endpoint_autoactivate(p.opt["archiveEndPoint"],
                                           if_expires_in=3600)
        while (r["code"] == "AutoActivationFailed"):
            print(
                "Endpoint requires manual activation, please use your UCAS name/password for this activation. "
                "You can activate via the command line or via web browser:\n"
                "WEB BROWSER -- Open the following URL in a browser to activate the "
                "endpoint:")
            print(
                f"https://app.globus.org/file-manager?origin_id={p.opt['archiveEndPoint']}"
            )
            print("CMD LINE -- run this from your shell: ")
            print(
                f"globus endpoint activate --myproxy --myproxy-lifetime {myproxy_lifetime} {p.opt['archiveEndPoint']}"
            )
            input("Press ENTER after activating the endpoint:")
            r = transfer.endpoint_autoactivate(p.opt["archiveEndPoint"],
                                               if_expires_in=3600)

    except globus_sdk.exc.GlobusAPIError as ex:
        print("endpoint_autoactivation failed.")
        print(ex)
        if ex.http_status == 401:
            sys.exit('Refresh token has expired. '
                     'Please delete refresh-tokens.json and try again.')
        else:
            raise ex
    return transfer
Beispiel #9
0
def _get_native_app_authorizer(client_id):
    tokens = None
    try:
        tokens = _load_tokens_from_file(TOKEN_FILE)
    except Exception:
        pass

    if not tokens:
        tokens = _do_native_app_authentication(client_id=client_id,
                                               redirect_uri=REDIRECT_URI,
                                               requested_scopes=SCOPES)
        try:
            _save_tokens_to_file(TOKEN_FILE, tokens)
        except Exception:
            pass

    transfer_tokens = tokens['transfer.api.globus.org']

    auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id)

    return globus_sdk.RefreshTokenAuthorizer(
        transfer_tokens['refresh_token'],
        auth_client,
        access_token=transfer_tokens['access_token'],
        expires_at=transfer_tokens['expires_at_seconds'],
        on_refresh=_update_tokens_file_on_refresh)
def get_globus_access_token(client_id):

    client = globus_sdk.NativeAppAuthClient(client_id)
    client.oauth2_start_flow()
    #    client.oauth2_start_flow_native_app()

    authorize_url = client.oauth2_get_authorize_url()
    print('Please go to this URL and login: {0}'.format(authorize_url))

    # this is to work on Python2 and Python3 -- you can just use raw_input() or
    # # input() for your specific version
    get_input = getattr(__builtins__, 'raw_input', input)
    auth_code = get_input(
        'Please enter the code you get after login here: ').strip()
    token_response = client.oauth2_exchange_code_for_tokens(auth_code)

    globus_auth_data = token_response.by_resource_server['auth.globus.org']
    globus_transfer_data = token_response.by_resource_server[
        'transfer.api.globus.org']

    # most specifically, you want these tokens as strings
    auth_token = globus_auth_data['access_token']
    transfer_token = globus_transfer_data['access_token']

    return auth_token, transfer_token
Beispiel #11
0
 def __init__(self,
              token_storage=MultiClientTokenStorage(),
              local_server_code_handler=None,
              secondary_code_handler=None,
              code_handlers=(LocalServerCodeHandler(), InputCodeHandler()),
              default_scopes=None,
              *args,
              **kwargs):
     self.client = globus_sdk.NativeAppAuthClient(*args, **kwargs)
     self.token_storage = token_storage
     if token_storage is not None:
         self.verify_token_storage(self.token_storage)
     self.app_name = kwargs.get('app_name') or 'My App'
     if local_server_code_handler or secondary_code_handler:
         log.warning('Specifying "local_server_code_handler" or '
                     '"code_handler" will be removed. Instead, specify '
                     'handlers in a list with keyword "code_handlers"')
         self.code_handlers = [
             local_server_code_handler or LocalServerCodeHandler(),
             secondary_code_handler or InputCodeHandler()
         ]
     else:
         self.code_handlers = code_handlers
     log.debug('Using code handlers {}'.format(self.code_handlers))
     if isinstance(self.token_storage, MultiClientTokenStorage):
         self.token_storage.set_client_id(kwargs.get('client_id'))
     log.debug('Token storage set to {}'.format(self.token_storage))
     log.debug('Automatically open browser: {}'
               ''.format(InputCodeHandler.is_browser_enabled()))
     self.default_scopes = default_scopes
def get_native_app_authorizer(client_id):
    tokens = None
    client = NativeClient(client_id=client_id, app_name=APP_NAME)
    try:
        # if we already have tokens, load and use them
        tokens = client.load_tokens(requested_scopes=SCOPES)
    except:
        pass

    if not tokens:
        tokens = client.login(requested_scopes=SCOPES, refresh_tokens=True)
        try:
            client.save_tokens(tokens)
        except:
            pass

    transfer_tokens = tokens['transfer.api.globus.org']

    auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id)

    return globus_sdk.RefreshTokenAuthorizer(
        transfer_tokens['refresh_token'],
        auth_client,
        access_token=transfer_tokens['access_token'],
        expires_at=transfer_tokens['expires_at_seconds'])
Beispiel #13
0
def internal_auth_client():
    """
    Get the globus native app client.

    :return:
    """
    return globus_sdk.NativeAppAuthClient(CLIENT_ID, app_name=version.app_name)
Beispiel #14
0
    def get_transfer_client(self):

        # Cache the client so we don't create a new one for every call, but don't hold on to it for too long.
        if self.transfer_client is not None:
            seconds = (self.transfer_client_date - datetime.now()).total_seconds()
            if seconds < 3200:
                return self.transfer_client

        self.client = globus_sdk.NativeAppAuthClient(self.GLOBUS_CLIENT_ID)
        self.client.oauth2_start_flow(refresh_tokens=True)

        # Refresh the token - so we don't get logged out.
        oauth_data = self.client.oauth2_refresh_token(self.GLOBUS_TRANSFER_RT)
        new_at = oauth_data.data['access_token']
        transfer_authorizer = globus_sdk.RefreshTokenAuthorizer(self.GLOBUS_TRANSFER_RT, self.client,
                                                                access_token=new_at,
                                                                expires_at=self.EXPIRES_AT)
        transfer_client = globus_sdk.TransferClient(authorizer=transfer_authorizer)

        # Be sure to activate both endpoints
        r = transfer_client.endpoint_autoactivate(self.GLOBUS_DTN_ENDPOINT, if_expires_in=3600)
        r2 = transfer_client.endpoint_autoactivate(self.GLOBUS_IVY_ENDPOINT, if_expires_in=3600)

        if r['code'] == 'AutoActivationFailed' or r2['code'] == 'AutoActivationFailed':
            app.logger.error('Endpoint({}) Not Active! Error! Source message: {}'.format(self.GLOBUS_CLIENT_ID, r['message']))
        elif r['code'] == 'AutoActivated.CachedCredential' or r2['code'] == 'AutoActivated.CachedCredential':
            app.logger.error('Endpoint({}) autoactivated using a cached credential.'.format(self.GLOBUS_CLIENT_ID))
        elif r['code'] == 'AutoActivated.GlobusOnlineCredential' or r2['code'] == 'AutoActivated.GlobusOnlineCredential':
            app.logger.error(('Endpoint({}) autoactivated using a built-in Globus credential.').format(self.GLOBUS_CLIENT_ID))
        elif r['code'] == 'AlreadyActivated' or r2['code'] == 'AlreadyActivated':
            app.logger.info('Endpoint({}) already active until at least {}'.format(self.GLOBUS_CLIENT_ID, 3600))

        self.transfer_client = transfer_client
        self.transfer_client_date = datetime.now()
        return self.transfer_client
    def setUp(self):
        """
        Makes a refresh_token grant to get new tokens for teseting
        Sets up an AuthClient and a RefreshTokenAuthorizer with a mock
        on_refresh function for testing their interactions
        """
        super(RefreshTokenAuthorizerIntegrationTests, self).setUp()

        client_id = get_client_data()["native_app_client1"]["id"]
        form_data = {'refresh_token': SDKTESTER1A_NATIVE1_TRANSFER_RT,
                     'grant_type': 'refresh_token',
                     'client_id': client_id}
        token_res = globus_sdk.AuthClient().oauth2_token(form_data)
        token_res = token_res.by_resource_server

        self.access_token = token_res[
            'transfer.api.globus.org']['access_token']
        self.expires_at = token_res[
            'transfer.api.globus.org']['expires_at_seconds']

        self.on_refresh = mock.Mock()
        self.nac = globus_sdk.NativeAppAuthClient(
            client_id=get_client_data()["native_app_client1"]["id"])
        self.authorizer = globus_sdk.RefreshTokenAuthorizer(
            SDKTESTER1A_NATIVE1_TRANSFER_RT, self.nac,
            access_token=self.access_token, expires_at=self.expires_at,
            on_refresh=self.on_refresh)
        self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
Beispiel #16
0
def do_native_app_authentication(client_id,
                                 requested_scopes=None):  # pragma: no cover
    """
    Does a Native App authentication flow and returns a
    dict of tokens keyed by service name.
    """
    server = start_local_server()
    redirect_uri = "http://{a[0]}:{a[1]}".format(a=server.server_address)

    client = globus_sdk.NativeAppAuthClient(client_id=client_id)
    client.oauth2_start_flow(requested_scopes=SCOPES,
                             redirect_uri=redirect_uri,
                             refresh_tokens=True)
    url = client.oauth2_get_authorize_url()

    webbrowser.open(url, new=1)

    print(
        "Waiting for completion of Globus Authentication in your webbrowser..."
    )
    try:
        auth_code = server.wait_for_code()
    except KeyboardInterrupt:
        raise AuthenticationError("Failed to authenticate with Globus.")
    finally:
        server.shutdown()

    token_response = client.oauth2_exchange_code_for_tokens(auth_code)

    # return a set of tokens, organized by resource server name
    return token_response.by_resource_server
def do_native_app_authentication(client_id, redirect_uri,
                                 requested_scopes=None):
    """
    Does a Native App authentication flow and returns a
    dict of tokens keyed by service name.
    """
    client = globus_sdk.NativeAppAuthClient(client_id=client_id)
    # pass refresh_tokens=True to request refresh tokens
    client.oauth2_start_flow(
            requested_scopes=requested_scopes,
            redirect_uri=redirect_uri,
            refresh_tokens=True)

    url = client.oauth2_get_authorize_url()

    print('Native App Authorization URL: \n{}'.format(url))

    if not is_remote_session():
        # There was a bug in webbrowser recently that this fixes:
        # https://bugs.python.org/issue30392
        if sys.platform == 'darwin':
            webbrowser.get('safari').open(url, new=1)
        else:
            webbrowser.open(url, new=1)

    auth_code = get_input('Enter the auth code: ').strip()

    token_response = client.oauth2_exchange_code_for_tokens(auth_code)

    # return a set of tokens, organized by resource server name
    return token_response.by_resource_server
def get_native_app_authorizer(client_id, service):
    tokens = None
    try:
        # if we already have tokens, load and use them
        tokens = load_tokens_from_file(TOKEN_FILE)
    except:
        pass

    if not tokens:
        tokens = do_native_app_authentication(client_id=client_id,
                                              redirect_uri=REDIRECT_URI,
                                              requested_scopes=SCOPES)
        try:
            save_tokens_to_file(TOKEN_FILE, tokens)
        except:
            pass

    tokens = tokens[service]

    auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id)

    return globus_sdk.RefreshTokenAuthorizer(
        tokens['refresh_token'],
        auth_client,
        access_token=tokens['access_token'],
        expires_at=tokens['expires_at_seconds'],
        on_refresh=update_tokens_file_on_refresh)
Beispiel #19
0
def activate_token(token):
    logging.debug("activate_token: Starting")
    client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
    authorizer = globus_sdk.RefreshTokenAuthorizer(token['transfer_rt'],
                                                   client)
    logging.debug(authorizer)
    return authorizer
Beispiel #20
0
    def setUp(self):
        """
        Instantiates an NativeAppAuthClient
        """
        super(NativeAppAuthClientTests, self).setUp()

        self.nac = globus_sdk.NativeAppAuthClient(
            client_id=get_client_data()["native_app_client1"]["id"])
Beispiel #21
0
 def test_init(self):
     """
     Confirms value error when trying to init with an authorizer
     """
     with self.assertRaises(ValueError):
         globus_sdk.NativeAppAuthClient(
             client_id=get_client_data()["native_app_client1"]["id"],
             authorizer=globus_sdk.AccessTokenAuthorizer(""))
Beispiel #22
0
    def __init__(self):
        self.transfer_rt = TRANSFER_RT
        self.transfer_at = TRANSFER_AT
        self.client = globus_sdk.NativeAppAuthClient(CLIENT_ID)

        self.authorizer = globus_sdk.RefreshTokenAuthorizer(
            self.transfer_rt, self.client, access_token=self.transfer_at)
        self.transfer_client = globus_sdk.TransferClient(
            authorizer=self.authorizer)
Beispiel #23
0
def login_auto(globus_client_id, str_app='globus'):
    token = params.read(str_app)
    if not token:
        raise ValueError(
            "Token file doesn't exist, run ibllib.io.globus.setup first")
    client = globus.NativeAppAuthClient(globus_client_id)
    client.oauth2_start_flow(refresh_tokens=True)
    authorizer = globus.RefreshTokenAuthorizer(token.transfer_rt, client)
    return globus.TransferClient(authorizer=authorizer)
Beispiel #24
0
def check_token(token):
    """Check tokens from users file"""
    #    from globus_sdk import AuthClient
    logging.debug("check_token: Starting")
    logging.debug("token is %s", token)
    client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
    data = client.oauth2_validate_token(token)
    logging.debug('check_auth %s', data)
    return data['active']
Beispiel #25
0
 def setUpClass(self):
     """
     Sets up transfer client for creating Data objects
     """
     ac = globus_sdk.NativeAppAuthClient(
         client_id=get_client_data()["native_app_client1"]["id"])
     authorizer = globus_sdk.RefreshTokenAuthorizer(
         SDKTESTER1A_NATIVE1_TRANSFER_RT, ac)
     self.tc = globus_sdk.TransferClient(authorizer=authorizer)
def main():
    """
    main program
    """
    my_end_points = (
        'ncsa#BlueWaters',
        'ncsa#BlueWaters-Duo',
        'ncsa#BlueWatersAWS',
        'BW Google Drive Endpoint',
        'ncsa#jyc',
        'umn#pgc-terranova',
        'illinois_duo',
    )

    tokens = load_tokens_from_file(TOKEN_FILE)

    if not tokens:
        # if we need to get tokens, start the Native App authentication process
        tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI, SCOPES)
        save_tokens_to_file(TOKEN_FILE, tokens)

    transfer_tokens = tokens['transfer.api.globus.org']

    auth_client = globus_sdk.NativeAppAuthClient(client_id=CLIENT_ID)

    authorizer = globus_sdk.RefreshTokenAuthorizer(
        transfer_tokens['refresh_token'],
        auth_client,
        access_token=transfer_tokens['access_token'],
        expires_at=transfer_tokens['expires_at_seconds'],
        on_refresh=update_tokens_file_on_refresh)

    tclient = globus_sdk.TransferClient(authorizer=authorizer)

    # for the GO endpoints listed above ...
    total_servers_down = 0
    for endpoint in my_end_points:
        # Find the endpoint with search so that a replaced endpoint
        # with a replacement id will still be checked.
        for myep in tclient.endpoint_search(filter_fulltext=endpoint):
            # Isolate the search results to an exact match by forcing
            # /^endpoint$/  as the regex search we are matching.
            epsearchstring = "^" + endpoint + "$"
            if re.search(epsearchstring, myep['display_name'], flags=0):
                print("-->", myep['display_name'], myep['id'])
                total_servers_down += my_endpoint_manager_server_check(
                    tclient, myep['id'])
    # Something is broken in the endpoint_search for illinois#iccp so this one is handled
    # separately.  The id below is updated manually from the GO web page of endpoints.
    illinois_iccp_id = "9cd89c31-6d04-11e5-ba46-22000b92c6ec"
    print("--> illinois#iccp", illinois_iccp_id)
    total_servers_down += my_endpoint_manager_server_check(
        tclient, illinois_iccp_id)
    if total_servers_down > 0:
        # for the Jenkins test harness
        sys.exit(-1)
Beispiel #27
0
def login_auto(globus_client_id, str_app='globus/default'):
    token = params.read(str_app)
    required_fields = {'refresh_token', 'access_token', 'expires_at_seconds'}
    if not (token and required_fields.issubset(token.as_dict())):
        raise ValueError(
            "Token file doesn't exist, run ibllib.io.globus.setup first")
    client = globus.NativeAppAuthClient(globus_client_id)
    client.oauth2_start_flow(refresh_tokens=True)
    authorizer = globus.RefreshTokenAuthorizer(token.refresh_token, client)
    return globus.TransferClient(authorizer=authorizer)
def get_deriva_token():
    # TODO: When decision is made about user auth vs. conf client auth, implement.
    #       Currently using personal refresh token for scope.
    #       Refresh token will expire in six months(?)
    #       Date last generated: 9-26-2019

    return globus_sdk.RefreshTokenAuthorizer(
        refresh_token=CONFIG["TEMP_REFRESH_TOKEN"],
        auth_client=globus_sdk.NativeAppAuthClient(
            CONFIG["GLOBUS_NATIVE_APP"])).access_token
Beispiel #29
0
 def setUpClass(self):
     """
     Creates a BaseClient object for testing
     """
     ac = globus_sdk.NativeAppAuthClient(
         client_id=get_client_data()["native_app_client1"]["id"])
     authorizer = globus_sdk.RefreshTokenAuthorizer(
         SDKTESTER1A_NATIVE1_TRANSFER_RT, ac)
     self.bc = BaseClient("transfer",
                          base_path="/v0.10/",
                          authorizer=authorizer)
def _generate_new_deriva_token():
    # Generate new Refresh Token to be used in get_deriva_token()
    native_client = globus_sdk.NativeAppAuthClient(CONFIG["GLOBUS_NATIVE_APP"])
    native_flow = native_client.oauth2_start_flow(
        requested_scopes=("https://auth.globus.org/scopes/demo."
                          "derivacloud.org/deriva_all"),
        refresh_tokens=True)
    code = input(
        f"Auth at '{native_flow.get_authorize_url()}' and paste code:\n")
    tokens = native_flow.exchange_code_for_tokens(code)
    return tokens["refresh_token"]