def __init__(self, endpoints, sync_level='exists', log_level='INFO'):
transfer_scope = 'urn:globus:auth:scope:transfer.api.globus.org:all'
native_client = NativeClient(client_id=CLIENT_ID,
app_name="FuncX Continuum Scheduler",
token_storage=JSONTokenStorage(TOKEN_LOC))
native_client.login(requested_scopes=[transfer_scope],
no_browser=True,
no_local_server=True,
refresh_tokens=True)
all_authorizers = native_client.get_authorizers_by_scope(
requested_scopes=[transfer_scope])
transfer_authorizer = all_authorizers[transfer_scope]
self.transfer_client = globus_sdk.TransferClient(transfer_authorizer)
self.endpoints = endpoints
self.sync_level = sync_level
logger.setLevel(log_level)
# Track pending transfers
self._next = 0
self.active_transfers = {}
self.completed_transfers = {}
self.transfer_ids = {}
# Initialize thread to wait on transfers
self._polling_interval = 1
self._tracker = Thread(target=self._track_transfers)
self._tracker.daemon = True
self._tracker.start()
def spawn_tokens(client_id=CLIENT_ID, req_scopes=SCOPES, name=APP_NAME):
"""
Checks if Globus tokens already exists and spawns them if they don't.
Returns instance of 'NativeClient'.
"""
tokens = os.getenv('GLOBUS_DATA')
# try to load tokens from local file (native app config)
client = NativeClient(client_id=client_id, app_name=name)
# try:
# tokens = client.load_tokens(requested_scopes=req_scopes)
# except:
# pass
if not tokens:
# if no tokens, need to start Native App authentication process to get tokens
tokens = client.login(requested_scopes=req_scopes, refresh_tokens=True)
try:
# save the tokens
client.save_tokens(tokens)
# create environment variable
os.environ['GLOBUS_DATA'] = json.dumps(tokens,
indent=4,
sort_keys=True)
except:
pass
def get_native_app_authorizer(client_id):
tokens = None
client = NativeClient(client_id=client_id, app_name=APP_NAME)
try:
# if we already have tokens, load and use them
tokens = client.load_tokens(requested_scopes=SCOPES)
except:
pass
if not tokens:
tokens = client.login(requested_scopes=SCOPES, refresh_tokens=True)
try:
client.save_tokens(tokens)
except:
pass
transfer_tokens = tokens['transfer.api.globus.org']
auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id)
return globus_sdk.RefreshTokenAuthorizer(
transfer_tokens['refresh_token'],
auth_client,
access_token=transfer_tokens['access_token'],
expires_at=transfer_tokens['expires_at_seconds'])
def globus_native_auth_login():
client = NativeClient(client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5')
tokens = client.login(requested_scopes=[
'https://auth.globus.org/scopes/56ceac29-e98a-440a-a594-b41e7a084b62/all',
'urn:globus:auth:scope:transfer.api.globus.org:all',
"https://auth.globus.org/scopes/facd7ccc-c5f4-42aa-916b-a0e270e2c2a9/all",
"urn:globus:auth:scope:data.materialsdatafacility.org:all", 'email',
'openid', 'urn:globus:auth:scope:search.api.globus.org:all'
],
no_local_server=True,
no_browser=True)
print(tokens)
auth_token = tokens["petrel_https_server"]['access_token']
transfer_token = tokens['transfer.api.globus.org']['access_token']
mdf_token = tokens["data.materialsdatafacility.org"]['access_token']
funcx_token = tokens['funcx_service']['access_token']
search_token = tokens['search.api.globus.org']['access_token']
openid_token = tokens['auth.globus.org']['access_token']
headers = {
'Authorization': f"Bearer {funcx_token}",
'Transfer': transfer_token,
'FuncX': funcx_token,
'Petrel': mdf_token,
'Search': search_token,
'Openid': openid_token
}
print(f"Headers: {headers}")
return headers
def live_client_destructive():
storage = ConfigParserTokenStorage(filename='integ_testing_destruct.cfg')
client = NativeClient(client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5',
token_storage=storage,
default_scopes=['openid'])
yield client
client.logout()
os.unlink('integ_testing_destruct.cfg')
def main():
tokens = None
client = NativeClient(client_id=CLIENT_ID, app_name=APP_NAME)
try:
# if we already have tokens, load and use them
tokens = client.load_tokens(requested_scope=SCOPES)
except:
pass
if not tokens:
# if we need to get tokens, start the Native App authentication process
# need to specify that we want refresh tokens
tokens = client.login(requested_scopes=SCOPES, refresh_tokens=True)
try:
client.save_tokens(tokens)
except:
pass
transfer = setup_transfer_client(tokens['transfer.api.globus.org'])
try:
task_data = load_data_from_file(DATA_FILE)['task']
task = transfer.get_task(task_data['task_id'])
if task['status'] not in PREVIOUS_TASK_RUN_CASES:
print('The last transfer status is {}, skipping run...'.format(
task['status']))
sys.exit(1)
except KeyError:
# Ignore if there is no previous task
pass
check_endpoint_path(transfer, SOURCE_ENDPOINT, SOURCE_PATH)
if CREATE_DESTINATION_FOLDER:
create_destination_directory(transfer, DESTINATION_ENDPOINT,
DESTINATION_PATH)
else:
check_endpoint_path(transfer, DESTINATION_ENDPOINT, DESTINATION_PATH)
tdata = TransferData(transfer,
SOURCE_ENDPOINT,
DESTINATION_ENDPOINT,
label=TRANSFER_LABEL,
sync_level="checksum")
tdata.add_item(SOURCE_PATH, DESTINATION_PATH, recursive=True)
task = transfer.submit_transfer(tdata)
save_data_to_file(DATA_FILE, 'task', task.data)
print('Transfer has been started from\n {}:{}\nto\n {}:{}'.format(
SOURCE_ENDPOINT, SOURCE_PATH, DESTINATION_ENDPOINT, DESTINATION_PATH))
url_string = 'https://globus.org/app/transfer?' + \
six.moves.urllib.parse.urlencode({
'origin_id': SOURCE_ENDPOINT,
'origin_path': SOURCE_PATH,
'destination_id': DESTINATION_ENDPOINT,
'destination_path': DESTINATION_PATH
})
print('Visit the link below to see the changes:\n{}'.format(url_string))
def get_headers():
client = NativeClient(client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5')
tokens = client.login(requested_scopes=[
'https://auth.globus.org/scopes/56ceac29-e98a-440a-a594-b41e7a084b62/all'
])
auth_token = tokens["petrel_https_server"]['access_token']
headers = {'Authorization': f'Bearer {auth_token}'}
return headers
def tasks():
client = NativeClient(client_id=CLIENT_ID, app_name=APP_NAME)
client.login(requested_scopes=SCOPES)
tokens = client.load_tokens(requested_scopes=SCOPES)
auther = globus_sdk.AccessTokenAuthorizer(
tokens['search.api.globus.org']['access_token'])
sc = globus_sdk.SearchClient(authorizer=auther)
print(sc.get_task_list(INDEX))
print('Finished')
def __init__(self,
http_timeout=None,
funcx_home=os.path.join('~', '.funcx'),
force_login=False,
fx_authorizer=None,
funcx_service_address='https://dev.funcx.org/api/v1',
**kwargs):
""" Initialize the client
Parameters
----------
http_timeout: int
Timeout for any call to service in seconds.
Default is no timeout
force_login: bool
Whether to force a login to get new credentials.
fx_authorizer:class:`GlobusAuthorizer <globus_sdk.authorizers.base.GlobusAuthorizer>`:
A custom authorizer instance to communicate with funcX.
Default: ``None``, will be created.
service_address: str
The address of the funcX web service to communicate with.
Default: https://dev.funcx.org/api/v1
Keyword arguments are the same as for BaseClient.
"""
self.ep_registration_path = 'register_endpoint_2'
self.funcx_home = os.path.expanduser(funcx_home)
native_client = NativeClient(client_id=self.CLIENT_ID)
fx_scope = "https://auth.globus.org/scopes/facd7ccc-c5f4-42aa-916b-a0e270e2c2a9/all"
if not fx_authorizer:
native_client.login(
requested_scopes=[fx_scope],
no_local_server=kwargs.get("no_local_server", True),
no_browser=kwargs.get("no_browser", True),
refresh_tokens=kwargs.get("refresh_tokens", True),
force=force_login)
all_authorizers = native_client.get_authorizers_by_scope(
requested_scopes=[fx_scope])
fx_authorizer = all_authorizers[fx_scope]
super(FuncXClient, self).__init__("funcX",
environment='funcx',
authorizer=fx_authorizer,
http_timeout=http_timeout,
base_url=funcx_service_address,
**kwargs)
self.fx_serializer = FuncXSerializer()
def logout(app_name=None, client_id=None):
"""Revoke and delete all saved tokens for the app.
Arguments:
app_name (str): Name of the app/script/client.
**Default**: ``'UNKNOWN_APP'``.
client_id (str): The ID of the client.
**Default**: The MDF Native Clients ID.
"""
if not app_name:
app_name = DEFAULT_APP_NAME
if not client_id:
client_id = DEFAULT_CLIENT_ID
NativeClient(app_name=app_name, client_id=client_id).logout()
def test_json_token_storage(mock_tokens, mock_revoke, monkeypatch):
cli = NativeClient(client_id=str(uuid.uuid4()),
token_storage=JSONTokenStorage())
# Mock actual call to open(). Catch the data 'written' and use it in the
# load function. This is a cheap and easy (and hacky) way to test that the
# stuff we get read was the same as the stuff written in.
monkeypatch.setattr(os.path, 'exists', lambda x: True)
mo = mock_open()
with patch(BUILTIN_OPEN, mo):
cli.save_tokens(mock_tokens)
written = ''.join([c[1][0] for c in mo().write.mock_calls])
with patch(BUILTIN_OPEN, mock_open(read_data=written)):
tokens = cli.load_tokens()
assert tokens == MOCK_TOKEN_SET
mock_remove = Mock()
with patch('os.remove', mock_remove):
cli.logout()
assert mock_remove.called
def __init__(self, *args, **kwargs):
super(GlobusContentsManager, self).__init__(*args, **kwargs)
# TODO: Make this check for tokens in the environment (i.e., JupyterHub)
# Then load via Native App. Figure out login.
client = NativeClient(client_id=self.client_id, app_name=self.app_name)
tokens = client.load_tokens()
transfer_access_token = tokens['transfer.api.globus.org'][
'access_token']
# then use that token to create an AccessTokenAuthorizer
transfer_auth = globus_sdk.AccessTokenAuthorizer(transfer_access_token)
# finally, use the authorizer to create a TransferClient object
self.transfer_client = globus_sdk.TransferClient(
authorizer=transfer_auth)
self.transfer_client.endpoint_autoactivate(self.globus_remote_endpoint)
# TODO: How to handle caching dir? Needs to be writable. On laptops,
# tmp dirs may not be accessible by GCP
#self._cache_dir = tempfile.TemporaryDirectory()
self._cache_dir = '/Users/rpwagner/tmp/jupyter_contents_cache'
def get_authorizer_for_scope(scope: str,
client_id: str = CLIENT_ID
) -> AccessTokenAuthorizer:
client = NativeClient(
client_id=client_id,
app_name="globus-automate CLI",
token_storage=MultiScopeTokenStorage(scope),
default_scopes=[scope],
)
try:
client.login(
requested_scopes=[scope],
refresh_tokens=True,
)
except (LocalServerError, AuthAPIError, AuthFailure) as e:
print(f"Login Unsuccessful: {str(e)}")
raise SystemExit
authorizers = client.get_authorizers_by_scope(requested_scopes=[scope])
return authorizers[scope]
def delete(filename):
with open(filename) as f:
ingest_doc = json.loads(f.read())
client = NativeClient(client_id=CLIENT_ID, app_name=APP_NAME)
client.login(requested_scopes=SCOPES)
tokens = client.load_tokens(requested_scopes=SCOPES)
auther = globus_sdk.AccessTokenAuthorizer(
tokens['search.api.globus.org']['access_token'])
sc = globus_sdk.SearchClient(authorizer=auther)
subject = ingest_doc['ingest_data']['subject']
print(subject)
print('Deleting from "{}"?'.format(
sc.get_index(INDEX).data['display_name']))
#user_input = input('Y/N> ')
#if user_input in ['yes', 'Y', 'y', 'yarr']:
result = sc.delete_subject(INDEX, subject)
print('Finished')
print(result)
def listind():
client = NativeClient(client_id=CLIENT_ID, app_name=APP_NAME)
client.login(requested_scopes=SCOPES)
tokens = client.load_tokens(requested_scopes=SCOPES)
auther = globus_sdk.AccessTokenAuthorizer(
tokens['search.api.globus.org']['access_token'])
sc = globus_sdk.SearchClient(authorizer=auther)
search_results = sc.search(index_id=INDEX, q='*')
header = 'Title Data Dataframe Rows Cols Size Filename'
print(header)
for i in search_results['gmeta']:
j = i['content'][0]
s, h = get_size(j['remote_file_manifest']['length'])
size = str(int(s)) + ' ' + h
print('{:21.20}'.format(j['dc']['titles'][0]['title']) +
'{:11.10}'.format(j['ncipilot']['data_type']) +
'{:10.9}'.format(j['ncipilot']['dataframe_type']) +
'{:7.6}'.format(str(j['ncipilot']['numrows'])) +
'{:7.6}'.format(str(j['ncipilot']['numcols'])) +
'{:7.6}'.format(size) +
'{:.16}'.format(j['remote_file_manifest']['filename']))
def get_tokens():
"""
Retrieves the Globus tokens.
"""
client = NativeClient(client_id=CLIENT_ID, app_name=APP_NAME)
return client.load_tokens()
def login(services, make_clients=True, clear_old_tokens=False, **kwargs):
"""Log in to Globus services.
Arguments:
services (list of str): The service names or scopes to authenticate to.
make_clients (bool): If ``True``, will make and return appropriate clients with
generated tokens. If ``False``, will only return authorizers.
**Default**: ``True``.
clear_old_tokens (bool): Force a login flow, even if loaded tokens are valid.
Same effect as ``force``. If one of these is ``True``, the effect triggers
**Default**: ``False``.
Keyword Arguments:
app_name (str): Name of the app/script/client. Used for the named grant during consent,
and the local server browser page by default.
**Default**: ``'UNKNOWN_APP'``.
client_id (str): The ID of the client registered with Globus at
https://developers.globus.org
**Default**: The MDF Native Clients ID.
no_local_server (bool): Disable spinning up a local server to automatically
copy-paste the auth code. THIS IS REQUIRED if you are on a remote server.
When used locally with no_local_server=False, the domain is localhost with
a randomly chosen open port number.
**Default**: ``False``.
no_browser (bool): Do not automatically open the browser for the Globus Auth URL.
Display the URL instead and let the user navigate to that location manually.
**Default**: ``False``.
refresh_tokens (bool): Use Globus Refresh Tokens to extend login time.
**Default**: ``True``.
force (bool): Force a login flow, even if loaded tokens are valid.
Same effect as ``clear_old_tokens``. If one of these is ``True``, the effect
triggers. **Default**: ``False``.
Returns:
dict: The clients and authorizers requested, indexed by service name.
For example, if ``login()`` is told to auth with ``'search'``
then the search client will be in the ``'search'`` field.
"""
if isinstance(services, str):
services = [services]
# Set up arg defaults
app_name = kwargs.get("app_name") or DEFAULT_APP_NAME
client_id = kwargs.get("client_id") or DEFAULT_CLIENT_ID
native_client = NativeClient(client_id=client_id, app_name=app_name)
# Translate known services into scopes, existing scopes are cleaned
servs = []
for serv in services:
serv = serv.lower().strip()
if type(serv) is str:
servs += serv.split(" ")
else:
servs += list(serv)
scopes = [KNOWN_SCOPES.get(sc, sc) for sc in servs]
native_client.login(requested_scopes=scopes,
no_local_server=kwargs.get("no_local_server", False),
no_browser=kwargs.get("no_browser", False),
refresh_tokens=kwargs.get("refresh_tokens", True),
force=clear_old_tokens or kwargs.get("force", False))
all_authorizers = native_client.get_authorizers_by_scope(
requested_scopes=scopes)
returnables = {}
# Process authorizers (rename keys to originals, make clients)
for scope, auth in all_authorizers.items():
# User specified known_scope name and not scope directly
if scope not in servs:
try:
key = [k for k, v in KNOWN_SCOPES.items() if scope == v][0]
except IndexError: # Not a known scope(?), fallback to scope as key
key = scope
# User specified scope directly
else:
key = scope
# User wants clients and client supported
if make_clients and scope in KNOWN_CLIENTS.keys():
returnables[key] = KNOWN_CLIENTS[scope](authorizer=auth,
http_timeout=STD_TIMEOUT)
# Returning authorizer only
else:
returnables[key] = auth
return returnables
def live_client():
storage = ConfigParserTokenStorage(filename='integ_testing_tokens.cfg')
client = NativeClient(client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5',
token_storage=storage,
default_scopes=['openid'])
return client
}, {
'url':
'globus://ddb59aef-6d04-11e5-ba46-22000b92c6ec/share/godata/file2.txt',
'filename':
'file2.txt',
'length':
4,
'sha256':
'dd8ed44a83ff94d557f9fd0412ed5a8cbca69ea04922d88c01184a07300a5a',
}, {
'url':
'globus://ddb59aef-6d04-11e5-ba46-22000b92c6ec/share/godata/file3.txt',
'filename':
'file3.txt',
'length':
6,
'sha256':
'f6936912184481f5edd4c304ce27c5a1a827804fc7f329f43d273b8621870776',
}]
}
client = NativeClient(client_id='e6c75d97-532a-4c88-b031-8584a319fa3e')
client.login(requested_scopes=scope)
headers = {
'Authorization':
f'Bearer {client.load_tokens_by_scope(requested_scopes=scope)[scope]["access_token"]}'
}
r = requests.post(url, headers=headers, json=manifest)
r.raise_for_status()
print(f'Created manifest: {r.json()["id"]}')
def __init__(self, **kwargs):
"""Create a CfdeClient.
Keyword Arguments:
no_browser (bool): Do not automatically open the browser for the Globus Auth URL.
Display the URL instead and let the user navigate to that location manually.
**Default**: ``False``.
refresh_tokens (bool): Use Globus Refresh Tokens to extend login time.
**Default**: ``True``.
force (bool): Force a login flow, even if loaded tokens are valid.
**Default**: ``False``.
service_instance (str): The instance of the Globus Automate Flow
and/or the DERIVA ingest Action Provider to use. Unless directed otherwise,
this should be left to the default. **Default**: ``prod``.
"""
self.__native_client = NativeClient(client_id=self.client_id,
app_name=self.app_name)
self.__native_client.login(
requested_scopes=CONFIG["ALL_SCOPES"],
no_browser=kwargs.get("no_browser", False),
no_local_server=kwargs.get("no_browser", False),
refresh_tokens=kwargs.get("refresh_tokens", True),
force=kwargs.get("force", False))
tokens = self.__native_client.load_tokens_by_scope()
flows_token_map = {
scope: token["access_token"]
for scope, token in tokens.items()
}
automate_authorizer = self.__native_client.get_authorizer(
tokens[globus_automate_client.flows_client.MANAGE_FLOWS_SCOPE])
self.__https_authorizer = self.__native_client.get_authorizer(
tokens[CONFIG["HTTPS_SCOPE"]])
self.flow_client = globus_automate_client.FlowsClient(
flows_token_map,
self.client_id,
"flows_client",
app_name=self.app_name,
base_url="https://flows.automate.globus.org",
authorizer=automate_authorizer)
self.last_flow_run = {}
# Fetch dynamic config info
self.service_instance = kwargs.get("service_instance") or "prod"
try:
dconf_res = requests.get(
CONFIG["DYNAMIC_CONFIG_LINKS"][self.service_instance])
if dconf_res.status_code >= 300:
raise ValueError(
"Unable to download required configuration: Error {}: {}".
format(dconf_res.status_code, dconf_res.content))
dconf = dconf_res.json()
self.catalogs = dconf["CATALOGS"]
self.flow_info = dconf["FLOWS"][self.service_instance]
except KeyError as e:
raise ValueError(
"Flow configuration for service_instance '{}' not found".
format(self.service_instance)) from e
except json.JSONDecodeError:
if b"<!DOCTYPE html>" in dconf_res.content:
raise ValueError("Unable to authenticate with Globus: "
"HTML authentication flow detected")
else:
raise ValueError("Flow configuration not JSON: \n{}".format(
dconf_res.content))
except Exception:
# TODO: Are there other exceptions that need to be handled/translated?
raise
# Verify client version is compatible with service
if parse_version(dconf["MIN_VERSION"]) > parse_version(VERSION):
raise RuntimeError(
"This CFDE Client is not up to date and can no longer make "
"submissions. Please update the client and try again.")
# Verify user has permission to view Flow
try:
self.flow_client.get_flow(self.flow_info["flow_id"])
except globus_sdk.GlobusAPIError as e:
if e.http_status == 404:
raise PermissionError(
"Unable to view ingest Flow. Are you in the CFDE DERIVA "
"Demo Globus Group? Check your membership or apply for access "
"here: https://app.globus.org/groups/a437abe3-c9a4-11e9-b441-"
"0efb3ba9a670/about")
else:
raise
"""
Typically, you want to save tokens after login. The simplest solution is
to use the built in helpers. This is best for scripting. If you're writing
a custom client and want more control over your config, see the complex config
module.
"""
from fair_research_login import NativeClient
# Supported built-in storage mechanisms
from fair_research_login import JSONTokenStorage, ConfigParserTokenStorage # noqa
app = NativeClient(
# Registered client on http://developers.globus.org
client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5',
token_storage=JSONTokenStorage('mytokens.json'))
# Saves tokens
app.login()
# Loads tokens
app.load_tokens()
# Clears tokens
app.logout()
"""
Here are some edge cases you may have to deal with in more complex scripts.
"""
import globus_sdk
from fair_research_login import NativeClient, TokensExpired
from fair_research_login.exc import LocalServerError
# Register a Native App for a client_id at https://developers.globus.org
client = NativeClient(client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5')
"""
Overwriting old live tokens results in revocation
"""
# Native Client revokes tokens when they're overwritten. It's generally bad to
# depend on an old authorizer after a new login.
# The following example will raise an error:
client.login(requested_scopes=['openid', 'profile'])
auth = client.get_authorizers()['auth.globus.org']
# Requesting a token with new scopes will revoke the old token
client.login(requested_scopes=['openid', 'profile', 'email'])
# Using the old authorizer will result in an error
globus_sdk.AuthClient(authorizer=auth).oauth2_userinfo()
"""
Handling when the user does not consent
"""
try:
client.login(
requested_scopes=['openid', 'profile'],
# Using the local server will essentially copy the auth code returned
def get_transfer_client():
nc = NativeClient(client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5')
nc.login(
requested_scopes=['urn:globus:auth:scope:transfer.api.globus.org:all'])
auth = nc.get_authorizers()['transfer.api.globus.org']
return globus_sdk.TransferClient(authorizer=auth)
def __init__(self,
http_timeout=None,
funcx_home=os.path.join('~', '.funcx'),
force_login=False,
fx_authorizer=None,
funcx_service_address='https://api.funcx.org/v1',
**kwargs):
""" Initialize the client
Parameters
----------
http_timeout: int
Timeout for any call to service in seconds.
Default is no timeout
force_login: bool
Whether to force a login to get new credentials.
fx_authorizer:class:`GlobusAuthorizer <globus_sdk.authorizers.base.GlobusAuthorizer>`:
A custom authorizer instance to communicate with funcX.
Default: ``None``, will be created.
funcx_service_address: str
The address of the funcX web service to communicate with.
Default: https://api.funcx.org/v1
Keyword arguments are the same as for BaseClient.
"""
self.func_table = {}
self.ep_registration_path = 'register_endpoint_2'
self.funcx_home = os.path.expanduser(funcx_home)
if not os.path.exists(self.TOKEN_DIR):
os.makedirs(self.TOKEN_DIR)
tokens_filename = os.path.join(self.TOKEN_DIR, self.TOKEN_FILENAME)
self.native_client = NativeClient(
client_id=self.CLIENT_ID,
app_name="FuncX SDK",
token_storage=JSONTokenStorage(tokens_filename))
# TODO: if fx_authorizer is given, we still need to get an authorizer for Search
fx_scope = "https://auth.globus.org/scopes/facd7ccc-c5f4-42aa-916b-a0e270e2c2a9/all"
search_scope = "urn:globus:auth:scope:search.api.globus.org:all"
scopes = [fx_scope, search_scope, "openid"]
search_authorizer = None
if not fx_authorizer:
self.native_client.login(
requested_scopes=scopes,
no_local_server=kwargs.get("no_local_server", True),
no_browser=kwargs.get("no_browser", True),
refresh_tokens=kwargs.get("refresh_tokens", True),
force=force_login)
all_authorizers = self.native_client.get_authorizers_by_scope(
requested_scopes=scopes)
fx_authorizer = all_authorizers[fx_scope]
search_authorizer = all_authorizers[search_scope]
openid_authorizer = all_authorizers["openid"]
super(FuncXClient, self).__init__("funcX",
environment='funcx',
authorizer=fx_authorizer,
http_timeout=http_timeout,
base_url=funcx_service_address,
**kwargs)
self.fx_serializer = FuncXSerializer()
authclient = AuthClient(authorizer=openid_authorizer)
user_info = authclient.oauth2_userinfo()
self.searcher = SearchHelper(authorizer=search_authorizer,
owner_uuid=user_info['sub'])
self.funcx_service_address = funcx_service_address
#!/usr/bin/env python import os import json from fair_research_login import NativeClient CLIENT_ID = '7414f0b4-7d05-4bb6-bb00-076fa3f17cf5' APP_NAME = 'My App' SCOPES = 'openid email profile urn:globus:auth:scope:transfer.api.globus.org:all urn:globus:auth:scope:search.api.globus.org:all' CONFIG_FILE = 'tokens-data.json' tokens = None # try to load tokens from local file (native app config) client = NativeClient(client_id=CLIENT_ID, app_name=APP_NAME) tokens = client.login(requested_scopes=SCOPES, refresh_tokens=True)
def __init__(
self,
http_timeout=None,
funcx_home=_FUNCX_HOME,
force_login=False,
fx_authorizer=None,
search_authorizer=None,
openid_authorizer=None,
funcx_service_address=None,
check_endpoint_version=False,
asynchronous=False,
loop=None,
results_ws_uri=None,
use_offprocess_checker=True,
environment=None,
**kwargs,
):
"""
Initialize the client
Parameters
----------
http_timeout: int
Timeout for any call to service in seconds.
Default is no timeout
force_login: bool
Whether to force a login to get new credentials.
fx_authorizer:class:`GlobusAuthorizer \
<globus_sdk.authorizers.base.GlobusAuthorizer>`:
A custom authorizer instance to communicate with funcX.
Default: ``None``, will be created.
search_authorizer:class:`GlobusAuthorizer \
<globus_sdk.authorizers.base.GlobusAuthorizer>`:
A custom authorizer instance to communicate with Globus Search.
Default: ``None``, will be created.
openid_authorizer:class:`GlobusAuthorizer \
<globus_sdk.authorizers.base.GlobusAuthorizer>`:
A custom authorizer instance to communicate with OpenID.
Default: ``None``, will be created.
funcx_service_address: str
For internal use only. The address of the web service.
results_ws_uri: str
For internal use only. The address of the websocket service.
environment: str
For internal use only. The name of the environment to use.
asynchronous: bool
Should the API use asynchronous interactions with the web service? Currently
only impacts the run method
Default: False
loop: AbstractEventLoop
If asynchronous mode is requested, then you can provide an optional event loop
instance. If None, then we will access asyncio.get_event_loop()
Default: None
use_offprocess_checker: Bool,
Use this option to disable the offprocess_checker in the FuncXSerializer
used by the client.
Default: True
Keyword arguments are the same as for BaseClient.
"""
# resolve URLs if not set
if funcx_service_address is None:
funcx_service_address = get_web_service_url(environment)
if results_ws_uri is None:
results_ws_uri = get_web_socket_url(environment)
self.func_table = {}
self.use_offprocess_checker = use_offprocess_checker
self.funcx_home = os.path.expanduser(funcx_home)
self.session_task_group_id = str(uuid.uuid4())
if not os.path.exists(self.TOKEN_DIR):
os.makedirs(self.TOKEN_DIR)
tokens_filename = os.path.join(self.TOKEN_DIR, self.TOKEN_FILENAME)
self.native_client = NativeClient(
client_id=self.FUNCX_SDK_CLIENT_ID,
app_name="FuncX SDK",
token_storage=JSONTokenStorage(tokens_filename),
)
# TODO: if fx_authorizer is given, we still need to get an authorizer for Search
search_scope = "urn:globus:auth:scope:search.api.globus.org:all"
scopes = [self.FUNCX_SCOPE, search_scope, "openid"]
if not fx_authorizer or not search_authorizer or not openid_authorizer:
self.native_client.login(
requested_scopes=scopes,
no_local_server=kwargs.get("no_local_server", True),
no_browser=kwargs.get("no_browser", True),
refresh_tokens=kwargs.get("refresh_tokens", True),
force=force_login,
)
all_authorizers = self.native_client.get_authorizers_by_scope(
requested_scopes=scopes
)
fx_authorizer = all_authorizers[self.FUNCX_SCOPE]
search_authorizer = all_authorizers[search_scope]
openid_authorizer = all_authorizers["openid"]
self.web_client = FuncxWebClient(
base_url=funcx_service_address, authorizer=fx_authorizer
)
self.fx_serializer = FuncXSerializer(
use_offprocess_checker=self.use_offprocess_checker
)
authclient = AuthClient(authorizer=openid_authorizer)
user_info = authclient.oauth2_userinfo()
self.searcher = SearchHelper(
authorizer=search_authorizer, owner_uuid=user_info["sub"]
)
self.funcx_service_address = funcx_service_address
self.check_endpoint_version = check_endpoint_version
self.version_check()
self.results_ws_uri = results_ws_uri
self.asynchronous = asynchronous
if asynchronous:
self.loop = loop if loop else asyncio.get_event_loop()
# Start up an asynchronous polling loop in the background
self.ws_polling_task = WebSocketPollingTask(
self,
self.loop,
init_task_group_id=self.session_task_group_id,
results_ws_uri=self.results_ws_uri,
)
else:
self.loop = None
globus_sdk.auth.token_response.OAuthTokenResponse.by_resource_server
No need to check expiration, that's handled by NativeClient.
"""
with open(self.FILENAME) as fh:
return json.load(fh)
def clear_tokens(self):
"""
Delete tokens from where they are stored. Before this method is called,
tokens will have been revoked. This is both for cleanup and to ensure
inactive tokens are not accidentally loaded in the future.
"""
os.remove(self.FILENAME)
# Provide an instance of your config object to Native Client. The only
# restrictions are your client MUST have the three methods above,
# or it will throw an AttributeError.
app = NativeClient(client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5',
token_storage=MyTokenStorage())
# Calls read_tokens() then write_tokens()
app.login()
# Calls read_tokens()
app.load_tokens()
# Calls clear_tokens()
app.logout()
# Be careful with enabling refresh tokens, they can leave a long-lived
# mechanism to retrieve access on your system
REFRESH_TOKENS = False
# Set this to True if you're running this on a remote
# system via SSH. The login URL will be shown,
HEADLESS = False
if __name__ == '__main__':
if len(sys.argv) != 2:
print('Usage: ./gettoken.py <scope>')
print('Example: ./gettoken.py openid')
sys.exit(1)
scope = sys.argv[1]
cli = NativeClient(client_id=CLIENT_ID,
default_scopes=[scope,])
try:
tokens = cli.load_tokens_by_scope(requested_scopes=[scope,])
except:
no_local_server=False
no_browser=False
if HEADLESS:
no_local_server=True
no_browser=True
cli.login(requested_scopes=[scope,],
refresh_tokens=REFRESH_TOKENS,
no_local_server=no_local_server,
no_browser=no_browser)
tokens = cli.load_tokens_by_scope(requested_scopes=[scope,])
print(tokens[scope]['access_token'])
</p>
"""
template_vars = {
'defaults': {
'app_name': '', # Auto-populated if blank, but can be changed
'post_login_message': '',
'error': '', # Present if there is an error in Globus Auth
},
'success': {
'login_result': 'Login Successful',
},
'error': {
'login_result': 'Login Failed',
}
}
app = NativeClient(
client_id='7414f0b4-7d05-4bb6-bb00-076fa3f17cf5',
# Turn off token storage for this example
token_storage=None,
# Use our custom local server
local_server_code_handler=LocalServerCodeHandler(template, template_vars),
# Automatically populates 'app_name' in template if defined
app_name='Native Login Examples',
)
tokens = app.login(no_local_server=False)
print(tokens)