def _init_clients(self):
'''init_ cliends will obtain the tranfer and access tokens, and then
use them to create a transfer client.
'''
self._client = globus_sdk.NativeAppAuthClient(self._client_id)
self._load_secrets()
def globus_get_authorizer() -> globus_sdk.RefreshTokenAuthorizer:
"""Returns Globus authorization information (requires user interaction)
Return:
The authorizer instance
"""
auth_client = globus_sdk.NativeAppAuthClient(GLOBUS_CLIENT_ID)
auth_client.oauth2_start_flow(refresh_tokens=True)
authorize_url = auth_client.oauth2_get_authorize_url()
print("Authorization URL: %s" % authorize_url)
print("Go to the following URL to obtain the authorization code:",
authorize_url)
get_input = getattr(__builtins__, 'raw_input', input)
auth_code = get_input('Enter the authorization code: ').strip()
token_response = auth_client.oauth2_exchange_code_for_tokens(auth_code)
transfer_info = token_response.by_resource_server[
'transfer.api.globus.org']
return globus_sdk.RefreshTokenAuthorizer(
transfer_info['refresh_token'],
auth_client,
access_token=transfer_info['access_token'],
expires_at=transfer_info['expires_at_seconds'])
def get_transfer_client(client_id, transfer_rt, transfer_at, expires_at_s):
client = globus_sdk.NativeAppAuthClient(client_id)
client.oauth2_start_flow(refresh_tokens=True)
authorizer = globus_sdk.RefreshTokenAuthorizer(
transfer_rt, client, access_token=transfer_at, expires_at=int(expires_at_s))
tc = globus_sdk.TransferClient(authorizer=authorizer)
return tc
def __init__(self):
"""
Initializes the HuBMAP downloader with client ID and hubmap endpoint.
Here the user is asked to authenticate himself.
"""
self.CLIENT_ID = '40628e5b-29ae-43c7-adc5-38c75ff907b9'
self.hubmap_endpoint_id = "af603d86-eab9-4eec-bb1d-9d26556741bb"
client = globus_sdk.NativeAppAuthClient(self.CLIENT_ID)
client.oauth2_start_flow()
authorize_url = client.oauth2_get_authorize_url()
print('Please go to this URL and login: {0}'.format(authorize_url))
# this is to work on Python2 and Python3 -- you can just use raw_input() or
# input() for your specific version
get_input = getattr(__builtins__, 'raw_input', input)
auth_code = get_input(
'Please enter the code you get after login here: ').strip()
token_response = client.oauth2_exchange_code_for_tokens(auth_code)
globus_auth_data = token_response.by_resource_server['auth.globus.org']
globus_transfer_data = token_response.by_resource_server[
'transfer.api.globus.org']
# most specifically, you want these tokens as strings
self.AUTH_TOKEN = globus_auth_data['access_token']
self.TRANSFER_TOKEN = globus_transfer_data['access_token']
self.authorizer = globus_sdk.AccessTokenAuthorizer(self.TRANSFER_TOKEN)
self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
self.transfers = []
def setUp(self):
"""
Creates a NativeAppAuthClient for testing
"""
super(NativeAppAuthClientIntegrationTests, self).setUp()
self.nac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
def do_native_app_authentication(client_id,
redirect_uri,
requested_scopes=None):
"""
Does a Native App authentication flow and returns a
dict of tokens keyed by service name.
"""
client = globus_sdk.NativeAppAuthClient(client_id=client_id)
# pass refresh_tokens=True to request refresh tokens
client.oauth2_start_flow(requested_scopes=requested_scopes,
redirect_uri=redirect_uri,
refresh_tokens=True)
url = client.oauth2_get_authorize_url()
print('Native App Authorization URL: \n{}'.format(url))
if not is_remote_session():
webbrowser.open(url, new=1)
auth_code = GET_INPUT('Enter the auth code: ').strip()
token_response = client.oauth2_exchange_code_for_tokens(auth_code)
# return a set of tokens, organized by resource server name
return token_response.by_resource_server
def create_token():
"""Creates access tokens manually if they don't already exist in the users home dir"""
logging.debug("create_token: Starting")
client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
client.oauth2_start_flow(refresh_tokens=True)
authorize_url = client.oauth2_get_authorize_url()
print('Please go to this URL and login: {0}'.format(authorize_url))
get_input = getattr(__builtins__, 'raw_input', input)
auth_code = get_input('Please enter the code you get after login here: ')
token_response = client.oauth2_exchange_code_for_tokens(auth_code)
globus_auth_data = token_response.by_resource_server['auth.globus.org']
globus_transfer_data = token_response.by_resource_server[
'transfer.api.globus.org']
# most specifically, you want these tokens as strings
transfer_rt = globus_transfer_data['refresh_token']
transfer_at = globus_transfer_data['access_token']
token = {"transfer_at": transfer_at, "transfer_rt": transfer_rt}
# AUTH_TOKEN = globus_auth_data['access_token']
# TRANSFER_TOKEN = globus_transfer_data['access_token']
save_tokens_to_file(token_path, token)
authorizer = activate_token(token)
#need some try except stuff here
return authorizer
def get_transfer_client():
tokens = None
try:
# if we already have tokens, load and use them
tokens = load_tokens_from_file(p.opt["globusTokenFile"])
except:
pass
if not tokens:
# if we need to get tokens, start the Native App authentication process
tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI, SCOPES)
try:
save_tokens_to_file(p.opt["globusTokenFile"], tokens)
except:
pass
transfer_tokens = tokens['transfer.api.globus.org']
auth_client = globus_sdk.NativeAppAuthClient(client_id=CLIENT_ID)
authorizer = globus_sdk.RefreshTokenAuthorizer(
transfer_tokens['refresh_token'],
auth_client,
access_token=transfer_tokens['access_token'],
expires_at=transfer_tokens['expires_at_seconds'],
on_refresh=update_tokens_file_on_refresh)
transfer = globus_sdk.TransferClient(authorizer=authorizer)
myproxy_lifetime = 720 # in hours. What's the maximum?
try:
r = transfer.endpoint_autoactivate(p.opt["archiveEndPoint"],
if_expires_in=3600)
while (r["code"] == "AutoActivationFailed"):
print(
"Endpoint requires manual activation, please use your UCAS name/password for this activation. "
"You can activate via the command line or via web browser:\n"
"WEB BROWSER -- Open the following URL in a browser to activate the "
"endpoint:")
print(
f"https://app.globus.org/file-manager?origin_id={p.opt['archiveEndPoint']}"
)
print("CMD LINE -- run this from your shell: ")
print(
f"globus endpoint activate --myproxy --myproxy-lifetime {myproxy_lifetime} {p.opt['archiveEndPoint']}"
)
input("Press ENTER after activating the endpoint:")
r = transfer.endpoint_autoactivate(p.opt["archiveEndPoint"],
if_expires_in=3600)
except globus_sdk.exc.GlobusAPIError as ex:
print("endpoint_autoactivation failed.")
print(ex)
if ex.http_status == 401:
sys.exit('Refresh token has expired. '
'Please delete refresh-tokens.json and try again.')
else:
raise ex
return transfer
def _get_native_app_authorizer(client_id):
tokens = None
try:
tokens = _load_tokens_from_file(TOKEN_FILE)
except Exception:
pass
if not tokens:
tokens = _do_native_app_authentication(client_id=client_id,
redirect_uri=REDIRECT_URI,
requested_scopes=SCOPES)
try:
_save_tokens_to_file(TOKEN_FILE, tokens)
except Exception:
pass
transfer_tokens = tokens['transfer.api.globus.org']
auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id)
return globus_sdk.RefreshTokenAuthorizer(
transfer_tokens['refresh_token'],
auth_client,
access_token=transfer_tokens['access_token'],
expires_at=transfer_tokens['expires_at_seconds'],
on_refresh=_update_tokens_file_on_refresh)
def get_globus_access_token(client_id):
client = globus_sdk.NativeAppAuthClient(client_id)
client.oauth2_start_flow()
# client.oauth2_start_flow_native_app()
authorize_url = client.oauth2_get_authorize_url()
print('Please go to this URL and login: {0}'.format(authorize_url))
# this is to work on Python2 and Python3 -- you can just use raw_input() or
# # input() for your specific version
get_input = getattr(__builtins__, 'raw_input', input)
auth_code = get_input(
'Please enter the code you get after login here: ').strip()
token_response = client.oauth2_exchange_code_for_tokens(auth_code)
globus_auth_data = token_response.by_resource_server['auth.globus.org']
globus_transfer_data = token_response.by_resource_server[
'transfer.api.globus.org']
# most specifically, you want these tokens as strings
auth_token = globus_auth_data['access_token']
transfer_token = globus_transfer_data['access_token']
return auth_token, transfer_token
def __init__(self,
token_storage=MultiClientTokenStorage(),
local_server_code_handler=None,
secondary_code_handler=None,
code_handlers=(LocalServerCodeHandler(), InputCodeHandler()),
default_scopes=None,
*args,
**kwargs):
self.client = globus_sdk.NativeAppAuthClient(*args, **kwargs)
self.token_storage = token_storage
if token_storage is not None:
self.verify_token_storage(self.token_storage)
self.app_name = kwargs.get('app_name') or 'My App'
if local_server_code_handler or secondary_code_handler:
log.warning('Specifying "local_server_code_handler" or '
'"code_handler" will be removed. Instead, specify '
'handlers in a list with keyword "code_handlers"')
self.code_handlers = [
local_server_code_handler or LocalServerCodeHandler(),
secondary_code_handler or InputCodeHandler()
]
else:
self.code_handlers = code_handlers
log.debug('Using code handlers {}'.format(self.code_handlers))
if isinstance(self.token_storage, MultiClientTokenStorage):
self.token_storage.set_client_id(kwargs.get('client_id'))
log.debug('Token storage set to {}'.format(self.token_storage))
log.debug('Automatically open browser: {}'
''.format(InputCodeHandler.is_browser_enabled()))
self.default_scopes = default_scopes
def get_native_app_authorizer(client_id):
tokens = None
client = NativeClient(client_id=client_id, app_name=APP_NAME)
try:
# if we already have tokens, load and use them
tokens = client.load_tokens(requested_scopes=SCOPES)
except:
pass
if not tokens:
tokens = client.login(requested_scopes=SCOPES, refresh_tokens=True)
try:
client.save_tokens(tokens)
except:
pass
transfer_tokens = tokens['transfer.api.globus.org']
auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id)
return globus_sdk.RefreshTokenAuthorizer(
transfer_tokens['refresh_token'],
auth_client,
access_token=transfer_tokens['access_token'],
expires_at=transfer_tokens['expires_at_seconds'])
def internal_auth_client():
"""
Get the globus native app client.
:return:
"""
return globus_sdk.NativeAppAuthClient(CLIENT_ID, app_name=version.app_name)
def get_transfer_client(self):
# Cache the client so we don't create a new one for every call, but don't hold on to it for too long.
if self.transfer_client is not None:
seconds = (self.transfer_client_date - datetime.now()).total_seconds()
if seconds < 3200:
return self.transfer_client
self.client = globus_sdk.NativeAppAuthClient(self.GLOBUS_CLIENT_ID)
self.client.oauth2_start_flow(refresh_tokens=True)
# Refresh the token - so we don't get logged out.
oauth_data = self.client.oauth2_refresh_token(self.GLOBUS_TRANSFER_RT)
new_at = oauth_data.data['access_token']
transfer_authorizer = globus_sdk.RefreshTokenAuthorizer(self.GLOBUS_TRANSFER_RT, self.client,
access_token=new_at,
expires_at=self.EXPIRES_AT)
transfer_client = globus_sdk.TransferClient(authorizer=transfer_authorizer)
# Be sure to activate both endpoints
r = transfer_client.endpoint_autoactivate(self.GLOBUS_DTN_ENDPOINT, if_expires_in=3600)
r2 = transfer_client.endpoint_autoactivate(self.GLOBUS_IVY_ENDPOINT, if_expires_in=3600)
if r['code'] == 'AutoActivationFailed' or r2['code'] == 'AutoActivationFailed':
app.logger.error('Endpoint({}) Not Active! Error! Source message: {}'.format(self.GLOBUS_CLIENT_ID, r['message']))
elif r['code'] == 'AutoActivated.CachedCredential' or r2['code'] == 'AutoActivated.CachedCredential':
app.logger.error('Endpoint({}) autoactivated using a cached credential.'.format(self.GLOBUS_CLIENT_ID))
elif r['code'] == 'AutoActivated.GlobusOnlineCredential' or r2['code'] == 'AutoActivated.GlobusOnlineCredential':
app.logger.error(('Endpoint({}) autoactivated using a built-in Globus credential.').format(self.GLOBUS_CLIENT_ID))
elif r['code'] == 'AlreadyActivated' or r2['code'] == 'AlreadyActivated':
app.logger.info('Endpoint({}) already active until at least {}'.format(self.GLOBUS_CLIENT_ID, 3600))
self.transfer_client = transfer_client
self.transfer_client_date = datetime.now()
return self.transfer_client
def setUp(self):
"""
Makes a refresh_token grant to get new tokens for teseting
Sets up an AuthClient and a RefreshTokenAuthorizer with a mock
on_refresh function for testing their interactions
"""
super(RefreshTokenAuthorizerIntegrationTests, self).setUp()
client_id = get_client_data()["native_app_client1"]["id"]
form_data = {'refresh_token': SDKTESTER1A_NATIVE1_TRANSFER_RT,
'grant_type': 'refresh_token',
'client_id': client_id}
token_res = globus_sdk.AuthClient().oauth2_token(form_data)
token_res = token_res.by_resource_server
self.access_token = token_res[
'transfer.api.globus.org']['access_token']
self.expires_at = token_res[
'transfer.api.globus.org']['expires_at_seconds']
self.on_refresh = mock.Mock()
self.nac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
self.authorizer = globus_sdk.RefreshTokenAuthorizer(
SDKTESTER1A_NATIVE1_TRANSFER_RT, self.nac,
access_token=self.access_token, expires_at=self.expires_at,
on_refresh=self.on_refresh)
self.tc = globus_sdk.TransferClient(authorizer=self.authorizer)
def do_native_app_authentication(client_id,
requested_scopes=None): # pragma: no cover
"""
Does a Native App authentication flow and returns a
dict of tokens keyed by service name.
"""
server = start_local_server()
redirect_uri = "http://{a[0]}:{a[1]}".format(a=server.server_address)
client = globus_sdk.NativeAppAuthClient(client_id=client_id)
client.oauth2_start_flow(requested_scopes=SCOPES,
redirect_uri=redirect_uri,
refresh_tokens=True)
url = client.oauth2_get_authorize_url()
webbrowser.open(url, new=1)
print(
"Waiting for completion of Globus Authentication in your webbrowser..."
)
try:
auth_code = server.wait_for_code()
except KeyboardInterrupt:
raise AuthenticationError("Failed to authenticate with Globus.")
finally:
server.shutdown()
token_response = client.oauth2_exchange_code_for_tokens(auth_code)
# return a set of tokens, organized by resource server name
return token_response.by_resource_server
def do_native_app_authentication(client_id, redirect_uri,
requested_scopes=None):
"""
Does a Native App authentication flow and returns a
dict of tokens keyed by service name.
"""
client = globus_sdk.NativeAppAuthClient(client_id=client_id)
# pass refresh_tokens=True to request refresh tokens
client.oauth2_start_flow(
requested_scopes=requested_scopes,
redirect_uri=redirect_uri,
refresh_tokens=True)
url = client.oauth2_get_authorize_url()
print('Native App Authorization URL: \n{}'.format(url))
if not is_remote_session():
# There was a bug in webbrowser recently that this fixes:
# https://bugs.python.org/issue30392
if sys.platform == 'darwin':
webbrowser.get('safari').open(url, new=1)
else:
webbrowser.open(url, new=1)
auth_code = get_input('Enter the auth code: ').strip()
token_response = client.oauth2_exchange_code_for_tokens(auth_code)
# return a set of tokens, organized by resource server name
return token_response.by_resource_server
def get_native_app_authorizer(client_id, service):
tokens = None
try:
# if we already have tokens, load and use them
tokens = load_tokens_from_file(TOKEN_FILE)
except:
pass
if not tokens:
tokens = do_native_app_authentication(client_id=client_id,
redirect_uri=REDIRECT_URI,
requested_scopes=SCOPES)
try:
save_tokens_to_file(TOKEN_FILE, tokens)
except:
pass
tokens = tokens[service]
auth_client = globus_sdk.NativeAppAuthClient(client_id=client_id)
return globus_sdk.RefreshTokenAuthorizer(
tokens['refresh_token'],
auth_client,
access_token=tokens['access_token'],
expires_at=tokens['expires_at_seconds'],
on_refresh=update_tokens_file_on_refresh)
def activate_token(token):
logging.debug("activate_token: Starting")
client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
authorizer = globus_sdk.RefreshTokenAuthorizer(token['transfer_rt'],
client)
logging.debug(authorizer)
return authorizer
def setUp(self):
"""
Instantiates an NativeAppAuthClient
"""
super(NativeAppAuthClientTests, self).setUp()
self.nac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
def test_init(self):
"""
Confirms value error when trying to init with an authorizer
"""
with self.assertRaises(ValueError):
globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"],
authorizer=globus_sdk.AccessTokenAuthorizer(""))
def __init__(self):
self.transfer_rt = TRANSFER_RT
self.transfer_at = TRANSFER_AT
self.client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
self.authorizer = globus_sdk.RefreshTokenAuthorizer(
self.transfer_rt, self.client, access_token=self.transfer_at)
self.transfer_client = globus_sdk.TransferClient(
authorizer=self.authorizer)
def login_auto(globus_client_id, str_app='globus'):
token = params.read(str_app)
if not token:
raise ValueError(
"Token file doesn't exist, run ibllib.io.globus.setup first")
client = globus.NativeAppAuthClient(globus_client_id)
client.oauth2_start_flow(refresh_tokens=True)
authorizer = globus.RefreshTokenAuthorizer(token.transfer_rt, client)
return globus.TransferClient(authorizer=authorizer)
def check_token(token):
"""Check tokens from users file"""
# from globus_sdk import AuthClient
logging.debug("check_token: Starting")
logging.debug("token is %s", token)
client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
data = client.oauth2_validate_token(token)
logging.debug('check_auth %s', data)
return data['active']
def setUpClass(self):
"""
Sets up transfer client for creating Data objects
"""
ac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
authorizer = globus_sdk.RefreshTokenAuthorizer(
SDKTESTER1A_NATIVE1_TRANSFER_RT, ac)
self.tc = globus_sdk.TransferClient(authorizer=authorizer)
def main():
"""
main program
"""
my_end_points = (
'ncsa#BlueWaters',
'ncsa#BlueWaters-Duo',
'ncsa#BlueWatersAWS',
'BW Google Drive Endpoint',
'ncsa#jyc',
'umn#pgc-terranova',
'illinois_duo',
)
tokens = load_tokens_from_file(TOKEN_FILE)
if not tokens:
# if we need to get tokens, start the Native App authentication process
tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI, SCOPES)
save_tokens_to_file(TOKEN_FILE, tokens)
transfer_tokens = tokens['transfer.api.globus.org']
auth_client = globus_sdk.NativeAppAuthClient(client_id=CLIENT_ID)
authorizer = globus_sdk.RefreshTokenAuthorizer(
transfer_tokens['refresh_token'],
auth_client,
access_token=transfer_tokens['access_token'],
expires_at=transfer_tokens['expires_at_seconds'],
on_refresh=update_tokens_file_on_refresh)
tclient = globus_sdk.TransferClient(authorizer=authorizer)
# for the GO endpoints listed above ...
total_servers_down = 0
for endpoint in my_end_points:
# Find the endpoint with search so that a replaced endpoint
# with a replacement id will still be checked.
for myep in tclient.endpoint_search(filter_fulltext=endpoint):
# Isolate the search results to an exact match by forcing
# /^endpoint$/ as the regex search we are matching.
epsearchstring = "^" + endpoint + "$"
if re.search(epsearchstring, myep['display_name'], flags=0):
print("-->", myep['display_name'], myep['id'])
total_servers_down += my_endpoint_manager_server_check(
tclient, myep['id'])
# Something is broken in the endpoint_search for illinois#iccp so this one is handled
# separately. The id below is updated manually from the GO web page of endpoints.
illinois_iccp_id = "9cd89c31-6d04-11e5-ba46-22000b92c6ec"
print("--> illinois#iccp", illinois_iccp_id)
total_servers_down += my_endpoint_manager_server_check(
tclient, illinois_iccp_id)
if total_servers_down > 0:
# for the Jenkins test harness
sys.exit(-1)
def login_auto(globus_client_id, str_app='globus/default'):
token = params.read(str_app)
required_fields = {'refresh_token', 'access_token', 'expires_at_seconds'}
if not (token and required_fields.issubset(token.as_dict())):
raise ValueError(
"Token file doesn't exist, run ibllib.io.globus.setup first")
client = globus.NativeAppAuthClient(globus_client_id)
client.oauth2_start_flow(refresh_tokens=True)
authorizer = globus.RefreshTokenAuthorizer(token.refresh_token, client)
return globus.TransferClient(authorizer=authorizer)
def get_deriva_token():
# TODO: When decision is made about user auth vs. conf client auth, implement.
# Currently using personal refresh token for scope.
# Refresh token will expire in six months(?)
# Date last generated: 9-26-2019
return globus_sdk.RefreshTokenAuthorizer(
refresh_token=CONFIG["TEMP_REFRESH_TOKEN"],
auth_client=globus_sdk.NativeAppAuthClient(
CONFIG["GLOBUS_NATIVE_APP"])).access_token
def setUpClass(self):
"""
Creates a BaseClient object for testing
"""
ac = globus_sdk.NativeAppAuthClient(
client_id=get_client_data()["native_app_client1"]["id"])
authorizer = globus_sdk.RefreshTokenAuthorizer(
SDKTESTER1A_NATIVE1_TRANSFER_RT, ac)
self.bc = BaseClient("transfer",
base_path="/v0.10/",
authorizer=authorizer)
def _generate_new_deriva_token():
# Generate new Refresh Token to be used in get_deriva_token()
native_client = globus_sdk.NativeAppAuthClient(CONFIG["GLOBUS_NATIVE_APP"])
native_flow = native_client.oauth2_start_flow(
requested_scopes=("https://auth.globus.org/scopes/demo."
"derivacloud.org/deriva_all"),
refresh_tokens=True)
code = input(
f"Auth at '{native_flow.get_authorize_url()}' and paste code:\n")
tokens = native_flow.exchange_code_for_tokens(code)
return tokens["refresh_token"]
