Automating openEO Login Using Token or Credentials

ronbeiden7 · 28 December 2023 00:50

Hello openEO community,

I’ve been exploring the openEO R package, and I’m currently working with the login() method to connect to a specified host. While the process works seamlessly with manual interaction in the interactive environment using openeo::login(), I’m interested in automating this process, potentially using a token or credentials (ID/password/secret).

Here’s the current code snippet:

con <- openeo::connect(host = "https://openeo.dataspace.copernicus.eu")
openeo::login()

I’ve attempted to find a solution for automating the login process but haven’t had much success so far. Has anyone successfully automated the openEO login process using tokens or credentials, and if so, could you share your insights or point me in the right direction?

Thank you in advance for any assistance or advice on this matter!

stefaan.lippens · 9 January 2024 17:38

Hello,

I’m one of the maintainers of the openEO Python client library, and not very familiar with the R client, I hope another colleague can shine a better light on that.

Regardless: a popular solution for semi-automated login leverages the OIDC refresh token. With python client, one typically only has to do the following in their python script or app:

connection.authenticate_oidc()

If there is a (valid) refresh token available on the system, that statement will immediately work without the need for manual interaction. If there is not refresh token, or the token is expired, it will initiate the OIDC device code flow, which does require manual interaction (opening an URL in a browser and following the auth flow), but this has to be done only once a month or so.

Some more in-depth documentation on this feature can be found at Authentication and Account Management — openEO Python Client 0.27.0a1 documentation

I hope this already helps a bit

stefaan.lippens · 9 January 2024 17:50

@m.mohr do you have quick answers for the R-aspects of this problem? Or who else on this forum can help out here?

m.mohr · 9 January 2024 18:04

I don’t think there’s a simple automated solution available for R and OIDC yet, but I’m also not sure what OIDC flows CDSE offers specifically.

As far as I’m aware the R client supports:

authorization_code+pkce
urn:ietf:params:oauth:grant-type:device_code+pkce
urn:ietf:params:oauth:grant-type:device_code

I’m not sure about the refresh token handling in R, sorry.

(Also, isn’t this meant to be in the support channels for CDSE?)