def _init_clients(self): '''init_ cliends will obtain the tranfer and access tokens, and then use them to create a transfer client. ''' self._client = globus_sdk.NativeAppAuthClient(self._client_id) self._load_secrets()
def globus_get_authorizer() -> globus_sdk.RefreshTokenAuthorizer: """Returns Globus authorization information (requires user interaction) Return: The authorizer instance """ auth_client = globus_sdk.NativeAppAuthClient(GLOBUS_CLIENT_ID) auth_client.oauth2_start_flow(refresh_tokens=True) authorize_url = auth_client.oauth2_get_authorize_url() print("Authorization URL: %s" % authorize_url) print("Go to the following URL to obtain the authorization code:", authorize_url) get_input = getattr(__builtins__, 'raw_input', input) auth_code = get_input('Enter the authorization code: ').strip() token_response = auth_client.oauth2_exchange_code_for_tokens(auth_code) transfer_info = token_response.by_resource_server[ 'transfer.api.globus.org'] return globus_sdk.RefreshTokenAuthorizer( transfer_info['refresh_token'], auth_client, access_token=transfer_info['access_token'], expires_at=transfer_info['expires_at_seconds'])
def get_transfer_client(client_id, transfer_rt, transfer_at, expires_at_s): client = globus_sdk.NativeAppAuthClient(client_id) client.oauth2_start_flow(refresh_tokens=True) authorizer = globus_sdk.RefreshTokenAuthorizer( transfer_rt, client, access_token=transfer_at, expires_at=int(expires_at_s)) tc = globus_sdk.TransferClient(authorizer=authorizer) return tc
def __init__(self): """ Initializes the HuBMAP downloader with client ID and hubmap endpoint. Here the user is asked to authenticate himself. """ self.CLIENT_ID = '40628e5b-29ae-43c7-adc5-38c75ff907b9' self.hubmap_endpoint_id = "af603d86-eab9-4eec-bb1d-9d26556741bb" client = globus_sdk.NativeAppAuthClient(self.CLIENT_ID) client.oauth2_start_flow() authorize_url = client.oauth2_get_authorize_url() print('Please go to this URL and login: {0}'.format(authorize_url)) # this is to work on Python2 and Python3 -- you can just use raw_input() or # input() for your specific version get_input = getattr(__builtins__, 'raw_input', input) auth_code = get_input( 'Please enter the code you get after login here: ').strip() token_response = client.oauth2_exchange_code_for_tokens(auth_code) globus_auth_data = token_response.by_resource_server['auth.globus.org'] globus_transfer_data = token_response.by_resource_server[ 'transfer.api.globus.org'] # most specifically, you want these tokens as strings self.AUTH_TOKEN = globus_auth_data['access_token'] self.TRANSFER_TOKEN = globus_transfer_data['access_token'] self.authorizer = globus_sdk.AccessTokenAuthorizer(self.TRANSFER_TOKEN) self.tc = globus_sdk.TransferClient(authorizer=self.authorizer) self.transfers = []
def setUp(self): """ Creates a NativeAppAuthClient for testing """ super(NativeAppAuthClientIntegrationTests, self).setUp() self.nac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"])
def do_native_app_authentication(client_id, redirect_uri, requested_scopes=None): """ Does a Native App authentication flow and returns a dict of tokens keyed by service name. """ client = globus_sdk.NativeAppAuthClient(client_id=client_id) # pass refresh_tokens=True to request refresh tokens client.oauth2_start_flow(requested_scopes=requested_scopes, redirect_uri=redirect_uri, refresh_tokens=True) url = client.oauth2_get_authorize_url() print('Native App Authorization URL: \n{}'.format(url)) if not is_remote_session(): webbrowser.open(url, new=1) auth_code = GET_INPUT('Enter the auth code: ').strip() token_response = client.oauth2_exchange_code_for_tokens(auth_code) # return a set of tokens, organized by resource server name return token_response.by_resource_server
def create_token(): """Creates access tokens manually if they don't already exist in the users home dir""" logging.debug("create_token: Starting") client = globus_sdk.NativeAppAuthClient(CLIENT_ID) client.oauth2_start_flow(refresh_tokens=True) authorize_url = client.oauth2_get_authorize_url() print('Please go to this URL and login: {0}'.format(authorize_url)) get_input = getattr(__builtins__, 'raw_input', input) auth_code = get_input('Please enter the code you get after login here: ') token_response = client.oauth2_exchange_code_for_tokens(auth_code) globus_auth_data = token_response.by_resource_server['auth.globus.org'] globus_transfer_data = token_response.by_resource_server[ 'transfer.api.globus.org'] # most specifically, you want these tokens as strings transfer_rt = globus_transfer_data['refresh_token'] transfer_at = globus_transfer_data['access_token'] token = {"transfer_at": transfer_at, "transfer_rt": transfer_rt} # AUTH_TOKEN = globus_auth_data['access_token'] # TRANSFER_TOKEN = globus_transfer_data['access_token'] save_tokens_to_file(token_path, token) authorizer = activate_token(token) #need some try except stuff here return authorizer
def get_transfer_client(): tokens = None try: # if we already have tokens, load and use them tokens = load_tokens_from_file(p.opt["globusTokenFile"]) except: pass if not tokens: # if we need to get tokens, start the Native App authentication process tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI, SCOPES) try: save_tokens_to_file(p.opt["globusTokenFile"], tokens) except: pass transfer_tokens = tokens['transfer.api.globus.org'] auth_client = globus_sdk.NativeAppAuthClient(client_id=CLIENT_ID) authorizer = globus_sdk.RefreshTokenAuthorizer( transfer_tokens['refresh_token'], auth_client, access_token=transfer_tokens['access_token'], expires_at=transfer_tokens['expires_at_seconds'], on_refresh=update_tokens_file_on_refresh) transfer = globus_sdk.TransferClient(authorizer=authorizer) myproxy_lifetime = 720 # in hours. What's the maximum? try: r = transfer.endpoint_autoactivate(p.opt["archiveEndPoint"], if_expires_in=3600) while (r["code"] == "AutoActivationFailed"): print( "Endpoint requires manual activation, please use your UCAS name/password for this activation. " "You can activate via the command line or via web browser:\n" "WEB BROWSER -- Open the following URL in a browser to activate the " "endpoint:") print( f"https://app.globus.org/file-manager?origin_id={p.opt['archiveEndPoint']}" ) print("CMD LINE -- run this from your shell: ") print( f"globus endpoint activate --myproxy --myproxy-lifetime {myproxy_lifetime} {p.opt['archiveEndPoint']}" ) input("Press ENTER after activating the endpoint:") r = transfer.endpoint_autoactivate(p.opt["archiveEndPoint"], if_expires_in=3600) except globus_sdk.exc.GlobusAPIError as ex: print("endpoint_autoactivation failed.") print(ex) if ex.http_status == 401: sys.exit('Refresh token has expired. ' 'Please delete refresh-tokens.json and try again.') else: raise ex return transfer
def _get_native_app_authorizer(client_id): tokens = None try: tokens = _load_tokens_from_file(TOKEN_FILE) except Exception: pass if not tokens: tokens = _do_native_app_authentication(client_id=client_id, redirect_uri=REDIRECT_URI, requested_scopes=SCOPES) try: _save_tokens_to_file(TOKEN_FILE, tokens) except Exception: pass transfer_tokens = tokens['transfer.api.globus.org'] auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id) return globus_sdk.RefreshTokenAuthorizer( transfer_tokens['refresh_token'], auth_client, access_token=transfer_tokens['access_token'], expires_at=transfer_tokens['expires_at_seconds'], on_refresh=_update_tokens_file_on_refresh)
def get_globus_access_token(client_id): client = globus_sdk.NativeAppAuthClient(client_id) client.oauth2_start_flow() # client.oauth2_start_flow_native_app() authorize_url = client.oauth2_get_authorize_url() print('Please go to this URL and login: {0}'.format(authorize_url)) # this is to work on Python2 and Python3 -- you can just use raw_input() or # # input() for your specific version get_input = getattr(__builtins__, 'raw_input', input) auth_code = get_input( 'Please enter the code you get after login here: ').strip() token_response = client.oauth2_exchange_code_for_tokens(auth_code) globus_auth_data = token_response.by_resource_server['auth.globus.org'] globus_transfer_data = token_response.by_resource_server[ 'transfer.api.globus.org'] # most specifically, you want these tokens as strings auth_token = globus_auth_data['access_token'] transfer_token = globus_transfer_data['access_token'] return auth_token, transfer_token
def __init__(self, token_storage=MultiClientTokenStorage(), local_server_code_handler=None, secondary_code_handler=None, code_handlers=(LocalServerCodeHandler(), InputCodeHandler()), default_scopes=None, *args, **kwargs): self.client = globus_sdk.NativeAppAuthClient(*args, **kwargs) self.token_storage = token_storage if token_storage is not None: self.verify_token_storage(self.token_storage) self.app_name = kwargs.get('app_name') or 'My App' if local_server_code_handler or secondary_code_handler: log.warning('Specifying "local_server_code_handler" or ' '"code_handler" will be removed. Instead, specify ' 'handlers in a list with keyword "code_handlers"') self.code_handlers = [ local_server_code_handler or LocalServerCodeHandler(), secondary_code_handler or InputCodeHandler() ] else: self.code_handlers = code_handlers log.debug('Using code handlers {}'.format(self.code_handlers)) if isinstance(self.token_storage, MultiClientTokenStorage): self.token_storage.set_client_id(kwargs.get('client_id')) log.debug('Token storage set to {}'.format(self.token_storage)) log.debug('Automatically open browser: {}' ''.format(InputCodeHandler.is_browser_enabled())) self.default_scopes = default_scopes
def get_native_app_authorizer(client_id): tokens = None client = NativeClient(client_id=client_id, app_name=APP_NAME) try: # if we already have tokens, load and use them tokens = client.load_tokens(requested_scopes=SCOPES) except: pass if not tokens: tokens = client.login(requested_scopes=SCOPES, refresh_tokens=True) try: client.save_tokens(tokens) except: pass transfer_tokens = tokens['transfer.api.globus.org'] auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id) return globus_sdk.RefreshTokenAuthorizer( transfer_tokens['refresh_token'], auth_client, access_token=transfer_tokens['access_token'], expires_at=transfer_tokens['expires_at_seconds'])
def internal_auth_client(): """ Get the globus native app client. :return: """ return globus_sdk.NativeAppAuthClient(CLIENT_ID, app_name=version.app_name)
def get_transfer_client(self): # Cache the client so we don't create a new one for every call, but don't hold on to it for too long. if self.transfer_client is not None: seconds = (self.transfer_client_date - datetime.now()).total_seconds() if seconds < 3200: return self.transfer_client self.client = globus_sdk.NativeAppAuthClient(self.GLOBUS_CLIENT_ID) self.client.oauth2_start_flow(refresh_tokens=True) # Refresh the token - so we don't get logged out. oauth_data = self.client.oauth2_refresh_token(self.GLOBUS_TRANSFER_RT) new_at = oauth_data.data['access_token'] transfer_authorizer = globus_sdk.RefreshTokenAuthorizer(self.GLOBUS_TRANSFER_RT, self.client, access_token=new_at, expires_at=self.EXPIRES_AT) transfer_client = globus_sdk.TransferClient(authorizer=transfer_authorizer) # Be sure to activate both endpoints r = transfer_client.endpoint_autoactivate(self.GLOBUS_DTN_ENDPOINT, if_expires_in=3600) r2 = transfer_client.endpoint_autoactivate(self.GLOBUS_IVY_ENDPOINT, if_expires_in=3600) if r['code'] == 'AutoActivationFailed' or r2['code'] == 'AutoActivationFailed': app.logger.error('Endpoint({}) Not Active! Error! Source message: {}'.format(self.GLOBUS_CLIENT_ID, r['message'])) elif r['code'] == 'AutoActivated.CachedCredential' or r2['code'] == 'AutoActivated.CachedCredential': app.logger.error('Endpoint({}) autoactivated using a cached credential.'.format(self.GLOBUS_CLIENT_ID)) elif r['code'] == 'AutoActivated.GlobusOnlineCredential' or r2['code'] == 'AutoActivated.GlobusOnlineCredential': app.logger.error(('Endpoint({}) autoactivated using a built-in Globus credential.').format(self.GLOBUS_CLIENT_ID)) elif r['code'] == 'AlreadyActivated' or r2['code'] == 'AlreadyActivated': app.logger.info('Endpoint({}) already active until at least {}'.format(self.GLOBUS_CLIENT_ID, 3600)) self.transfer_client = transfer_client self.transfer_client_date = datetime.now() return self.transfer_client
def setUp(self): """ Makes a refresh_token grant to get new tokens for teseting Sets up an AuthClient and a RefreshTokenAuthorizer with a mock on_refresh function for testing their interactions """ super(RefreshTokenAuthorizerIntegrationTests, self).setUp() client_id = get_client_data()["native_app_client1"]["id"] form_data = {'refresh_token': SDKTESTER1A_NATIVE1_TRANSFER_RT, 'grant_type': 'refresh_token', 'client_id': client_id} token_res = globus_sdk.AuthClient().oauth2_token(form_data) token_res = token_res.by_resource_server self.access_token = token_res[ 'transfer.api.globus.org']['access_token'] self.expires_at = token_res[ 'transfer.api.globus.org']['expires_at_seconds'] self.on_refresh = mock.Mock() self.nac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) self.authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, self.nac, access_token=self.access_token, expires_at=self.expires_at, on_refresh=self.on_refresh) self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
def do_native_app_authentication(client_id, requested_scopes=None): # pragma: no cover """ Does a Native App authentication flow and returns a dict of tokens keyed by service name. """ server = start_local_server() redirect_uri = "http://{a[0]}:{a[1]}".format(a=server.server_address) client = globus_sdk.NativeAppAuthClient(client_id=client_id) client.oauth2_start_flow(requested_scopes=SCOPES, redirect_uri=redirect_uri, refresh_tokens=True) url = client.oauth2_get_authorize_url() webbrowser.open(url, new=1) print( "Waiting for completion of Globus Authentication in your webbrowser..." ) try: auth_code = server.wait_for_code() except KeyboardInterrupt: raise AuthenticationError("Failed to authenticate with Globus.") finally: server.shutdown() token_response = client.oauth2_exchange_code_for_tokens(auth_code) # return a set of tokens, organized by resource server name return token_response.by_resource_server
def do_native_app_authentication(client_id, redirect_uri, requested_scopes=None): """ Does a Native App authentication flow and returns a dict of tokens keyed by service name. """ client = globus_sdk.NativeAppAuthClient(client_id=client_id) # pass refresh_tokens=True to request refresh tokens client.oauth2_start_flow( requested_scopes=requested_scopes, redirect_uri=redirect_uri, refresh_tokens=True) url = client.oauth2_get_authorize_url() print('Native App Authorization URL: \n{}'.format(url)) if not is_remote_session(): # There was a bug in webbrowser recently that this fixes: # https://bugs.python.org/issue30392 if sys.platform == 'darwin': webbrowser.get('safari').open(url, new=1) else: webbrowser.open(url, new=1) auth_code = get_input('Enter the auth code: ').strip() token_response = client.oauth2_exchange_code_for_tokens(auth_code) # return a set of tokens, organized by resource server name return token_response.by_resource_server
def get_native_app_authorizer(client_id, service): tokens = None try: # if we already have tokens, load and use them tokens = load_tokens_from_file(TOKEN_FILE) except: pass if not tokens: tokens = do_native_app_authentication(client_id=client_id, redirect_uri=REDIRECT_URI, requested_scopes=SCOPES) try: save_tokens_to_file(TOKEN_FILE, tokens) except: pass tokens = tokens[service] auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id) return globus_sdk.RefreshTokenAuthorizer( tokens['refresh_token'], auth_client, access_token=tokens['access_token'], expires_at=tokens['expires_at_seconds'], on_refresh=update_tokens_file_on_refresh)
def activate_token(token): logging.debug("activate_token: Starting") client = globus_sdk.NativeAppAuthClient(CLIENT_ID) authorizer = globus_sdk.RefreshTokenAuthorizer(token['transfer_rt'], client) logging.debug(authorizer) return authorizer
def setUp(self): """ Instantiates an NativeAppAuthClient """ super(NativeAppAuthClientTests, self).setUp() self.nac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"])
def test_init(self): """ Confirms value error when trying to init with an authorizer """ with self.assertRaises(ValueError): globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"], authorizer=globus_sdk.AccessTokenAuthorizer(""))
def __init__(self): self.transfer_rt = TRANSFER_RT self.transfer_at = TRANSFER_AT self.client = globus_sdk.NativeAppAuthClient(CLIENT_ID) self.authorizer = globus_sdk.RefreshTokenAuthorizer( self.transfer_rt, self.client, access_token=self.transfer_at) self.transfer_client = globus_sdk.TransferClient( authorizer=self.authorizer)
def login_auto(globus_client_id, str_app='globus'): token = params.read(str_app) if not token: raise ValueError( "Token file doesn't exist, run ibllib.io.globus.setup first") client = globus.NativeAppAuthClient(globus_client_id) client.oauth2_start_flow(refresh_tokens=True) authorizer = globus.RefreshTokenAuthorizer(token.transfer_rt, client) return globus.TransferClient(authorizer=authorizer)
def check_token(token): """Check tokens from users file""" # from globus_sdk import AuthClient logging.debug("check_token: Starting") logging.debug("token is %s", token) client = globus_sdk.NativeAppAuthClient(CLIENT_ID) data = client.oauth2_validate_token(token) logging.debug('check_auth %s', data) return data['active']
def setUpClass(self): """ Sets up transfer client for creating Data objects """ ac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, ac) self.tc = globus_sdk.TransferClient(authorizer=authorizer)
def main(): """ main program """ my_end_points = ( 'ncsa#BlueWaters', 'ncsa#BlueWaters-Duo', 'ncsa#BlueWatersAWS', 'BW Google Drive Endpoint', 'ncsa#jyc', 'umn#pgc-terranova', 'illinois_duo', ) tokens = load_tokens_from_file(TOKEN_FILE) if not tokens: # if we need to get tokens, start the Native App authentication process tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI, SCOPES) save_tokens_to_file(TOKEN_FILE, tokens) transfer_tokens = tokens['transfer.api.globus.org'] auth_client = globus_sdk.NativeAppAuthClient(client_id=CLIENT_ID) authorizer = globus_sdk.RefreshTokenAuthorizer( transfer_tokens['refresh_token'], auth_client, access_token=transfer_tokens['access_token'], expires_at=transfer_tokens['expires_at_seconds'], on_refresh=update_tokens_file_on_refresh) tclient = globus_sdk.TransferClient(authorizer=authorizer) # for the GO endpoints listed above ... total_servers_down = 0 for endpoint in my_end_points: # Find the endpoint with search so that a replaced endpoint # with a replacement id will still be checked. for myep in tclient.endpoint_search(filter_fulltext=endpoint): # Isolate the search results to an exact match by forcing # /^endpoint$/ as the regex search we are matching. epsearchstring = "^" + endpoint + "$" if re.search(epsearchstring, myep['display_name'], flags=0): print("-->", myep['display_name'], myep['id']) total_servers_down += my_endpoint_manager_server_check( tclient, myep['id']) # Something is broken in the endpoint_search for illinois#iccp so this one is handled # separately. The id below is updated manually from the GO web page of endpoints. illinois_iccp_id = "9cd89c31-6d04-11e5-ba46-22000b92c6ec" print("--> illinois#iccp", illinois_iccp_id) total_servers_down += my_endpoint_manager_server_check( tclient, illinois_iccp_id) if total_servers_down > 0: # for the Jenkins test harness sys.exit(-1)
def login_auto(globus_client_id, str_app='globus/default'): token = params.read(str_app) required_fields = {'refresh_token', 'access_token', 'expires_at_seconds'} if not (token and required_fields.issubset(token.as_dict())): raise ValueError( "Token file doesn't exist, run ibllib.io.globus.setup first") client = globus.NativeAppAuthClient(globus_client_id) client.oauth2_start_flow(refresh_tokens=True) authorizer = globus.RefreshTokenAuthorizer(token.refresh_token, client) return globus.TransferClient(authorizer=authorizer)
def get_deriva_token(): # TODO: When decision is made about user auth vs. conf client auth, implement. # Currently using personal refresh token for scope. # Refresh token will expire in six months(?) # Date last generated: 9-26-2019 return globus_sdk.RefreshTokenAuthorizer( refresh_token=CONFIG["TEMP_REFRESH_TOKEN"], auth_client=globus_sdk.NativeAppAuthClient( CONFIG["GLOBUS_NATIVE_APP"])).access_token
def setUpClass(self): """ Creates a BaseClient object for testing """ ac = globus_sdk.NativeAppAuthClient( client_id=get_client_data()["native_app_client1"]["id"]) authorizer = globus_sdk.RefreshTokenAuthorizer( SDKTESTER1A_NATIVE1_TRANSFER_RT, ac) self.bc = BaseClient("transfer", base_path="/v0.10/", authorizer=authorizer)
def _generate_new_deriva_token(): # Generate new Refresh Token to be used in get_deriva_token() native_client = globus_sdk.NativeAppAuthClient(CONFIG["GLOBUS_NATIVE_APP"]) native_flow = native_client.oauth2_start_flow( requested_scopes=("https://auth.globus.org/scopes/demo." "derivacloud.org/deriva_all"), refresh_tokens=True) code = input( f"Auth at '{native_flow.get_authorize_url()}' and paste code:\n") tokens = native_flow.exchange_code_for_tokens(code) return tokens["refresh_token"]