ESA World Cereal

21

The nabtaplaya account is not properly enrolled yet to use openeo.cloud. This is for example the reason for failure with request id r-c6e2646044c14a76964f349a21a895db above

For the other account or use cases: it’s hard to investigate without clear information like a full stack trace including a request id.
For example, the sherif.ab....@..ail.com seems to be enrolled, but you haven’t provided concrete error information yet (stack trace, request id, …) we can work with to figure out what is going wrong.

22

What exactly need to be provided from my side so it can give you proper information?
I executed all functions you asked me to execute.
Is there something extra I could do ?

23

First of all: what openEO backend connection URL are you using or do you want to use?

This is the openEO Platform forum, so by default openeo.cloud is assumed.
However, in your snippets I see https://openeo.vito.be/openeo/1.2 . The distinction is important with relation to the enrollment issues you reported.

Additionally, are you intentionally using the 1.2 version endpoint with https://openeo.vito.be/openeo/1.2 ? This endpoint is experimental and not explicitly marked yet as production ready. Normally, one should just use openeo.vito.be, which at the moment redirects to https://openeo.vito.be/openeo/1.1/ (highest production ready variant)

24

Do you have the full stack trace of this error? There is not much to work with here. For example: which of the individual statements of your snippet triggered the error? Is it the openeo.connect() at the start or the cube.download() at the end?

25

Is the last part cube.download

26

I always used the same procedure used here:
https://esa-worldcereal.org/en/about/worldcereal-products

Not sure about the versions.
For me what is important is to download the masks.
Is their a convenient way to download it ? And how to configure my account accordingly ?

27

I only see “openEO Platform” and “openeo.cloud” references there.
Why are you using openeo.vito.be URLs then in your snippets?

28

Hay sir,
As i mentioned, i am new to platform and just interested in some masks and have no clue about thing you mentioned. I just followed procedure blindly as in link i sent to get the masks.

When things started not to work, i was trying to play around hoping it to work with no success.

What shall i do now or change or configure in order to get my account running ?

29

Can you execute the following snippet (with extra logging) and reply with the full output (including all DEBUG logging and complete error stack trace) . Please use your normal openEO platform account (which is enrolled for openEO Platform), not that nabtaplaya account which is not enrolled.

import openeo
import logging

logging.basicConfig(level=logging.DEBUG)
con = openeo.connect("openeo.cloud")
con.authenticate_oidc_device()
cube = con.load_collection(
    "ESA_WORLDCEREAL_MAIZE",
    temporal_extent=["2020-09-01", "2021-12-20"],
    spatial_extent={"west": 3, "south": 51, "east": 3.1, "north": 51.1},
    bands=["classification"],
)
cube.download("maize.tif")
30

the log is massive

31

DEBUG:openeo.config:Config file candidate: C:\Users\Sherif\openeo-client-config.ini DEBUG:openeo.config:Config file candidate: C:\Users\Sherif.openeo-client-config.ini INFO:openeo.config:Loaded openEO client config from sources: DEBUG:openeo.rest.connection:Request GET [https://openeo.cloud/.well-known/openeo](https://openeo.cloud/.well-known/openeo`) with headers None, auth NullAuth, kwargs [‘stream’, ‘timeout’] DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): openeo.cloud:443 DEBUG:urllib3.connectionpool:https://openeo.cloud:443 “GET /.well-known/openeo HTTP/1.1” 200 123 DEBUG:openeo.rest.connection:Got <Response [200]> headers {‘Server’: ‘nginx’, ‘Date’: ‘Thu, 02 Nov 2023 17:19:44 GMT’, ‘Content-Type’: ‘application/json’, ‘Content-Length’: ‘123’, ‘Last-Modified’: ‘Mon, 19 Jul 2021 12:42:40 GMT’, ‘Connection’: ‘keep-alive’, ‘ETag’: ‘“60f57340-7b”’, ‘Access-Control-Allow-Origin’: ‘', ‘Accept-Ranges’: ‘bytes’} DEBUG:openeo.rest.connection:Highest supported version available in backend: {‘url’: ‘https://openeocloud.vito.be/openeo/1.0.0/’, ‘api_version’: ‘1.0.0’} DEBUG:openeo.rest.connection:Request GET [https://openeocloud.vito.be/openeo/1.0.0/](https://openeocloud.vito.be/openeo/1.0.0/`) with headers None, auth NullAuth, kwargs [‘stream’] DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): openeocloud.vito.be:443 DEBUG:urllib3.connectionpool:https://openeocloud.vito.be:443 “GET /openeo/1.0.0/ HTTP/1.1” 200 3169 DEBUG:openeo.rest.connection:Got <Response [200]> headers {‘Date’: ‘Thu, 02 Nov 2023 17:23:09 GMT’, ‘Content-Type’: ‘application/json’, ‘Content-Length’: ‘3169’, ‘Connection’: ‘keep-alive’, ‘Cache-Control’: ‘max-age=900, public’, ‘Expires’: ‘Thu, 02 Nov 2023 17:38:09 GMT’, ‘Request-Id’: ‘r-0aa28ca2534c4bbf8050ef19ee42b769’, ‘Access-Control-Allow-Origin’: '’, ‘Access-Control-Expose-Headers’: ‘Accept-Ranges, Content-Encoding, Content-Range, Link, Location, OpenEO-Costs, OpenEO-Identifier’, ‘Strict-Transport-Security’: ‘max-age=31536000; includeSubDomains’} DEBUG:openeo.rest.connection:Request GET [https://openeocloud.vito.be/openeo/1.0.0/credentials/oidc](https://openeocloud.vito.be/openeo/1.0.0/credentials/oidc`) with headers None, auth NullAuth, kwargs [‘stream’] DEBUG:urllib3.connectionpool:https://openeocloud.vito.be:443 “GET /openeo/1.0.0/credentials/oidc HTTP/1.1” 200 453 DEBUG:openeo.rest.connection:Got <Response [200]> headers {‘Date’: ‘Thu, 02 Nov 2023 17:23:09 GMT’, ‘Content-Type’: ‘application/json’, ‘Content-Length’: ‘453’, ‘Connection’: ‘keep-alive’, ‘Cache-Control’: ‘max-age=900, public’, ‘Expires’: ‘Thu, 02 Nov 2023 17:38:09 GMT’, ‘Request-Id’: ‘r-9462b3c1418f4b7ab816b4374f8add06’, ‘Access-Control-Allow-Origin’: ‘*’, ‘Access-Control-Expose-Headers’: ‘Accept-Ranges, Content-Encoding, Content-Range, Link, Location, OpenEO-Costs, OpenEO-Identifier’, ‘Strict-Transport-Security’: ‘max-age=31536000; includeSubDomains’} INFO:openeo.rest.connection:Found OIDC providers: [‘egi’] INFO:openeo.rest.connection:No OIDC provider given, but only one available: ‘egi’. Using that one. DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): aai.egi.eu:443 DEBUG:urllib3.connectionpool:https://aai.egi.eu:443 “GET /auth/realms/egi/.well-known/openid-configuration HTTP/1.1” 200 6169 DEBUG:openeo.rest.auth.oidc:Scopes: provider supported [‘openid’, ‘voperson_external_affiliation’, ‘email’, ‘orcid’, ‘aarc’, ‘cert_entitlement’, ‘eduperson_scoped_affiliation’, ‘voperson_id’, ‘ssh_public_key’, ‘profile’, ‘offline_access’, ‘eduperson_unique_id’, ‘eduperson_entitlement’] & backend desired [‘openid’, ‘email’, ‘eduperson_entitlement’, ‘eduperson_scoped_affiliation’] → {‘eduperson_scoped_affiliation’, ‘openid’, ‘email’, ‘eduperson_entitlement’} DEBUG:openeo.rest.connection:No client_id: checking config for preferred client_id INFO:openeo.config:Created user dir for ‘openeo-python-client’: C:\Users\Sherif\AppData\Roaming\openeo-python-client DEBUG:openeo.rest.connection:No client_id given: checking default clients in backend’s provider info INFO:openeo.rest.connection:Using default client_id ‘openeo-platform-default-client’ from OIDC provider ‘egi’ info. DEBUG:openeo.rest.auth.oidc:Using scopes: {‘eduperson_scoped_affiliation’, ‘openid’, ‘email’, ‘eduperson_entitlement’} DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): aai.egi.eu:443 DEBUG:urllib3.connectionpool:https://aai.egi.eu:443 “POST /auth/realms/egi/protocol/openid-connect/auth/device HTTP/1.1” 200 238 DEBUG:openeo.rest.auth.oidc:Verification info: VerificationInfo(verification_uri=‘Sign in to egi’, verification_uri_complete=‘Sign in to egi’, device_code=‘2H-A9TzrB30Gf0HX-9GOkzN76APwUPYwZRxTqW7Vkcc’, user_code=‘CMYT-XTYH’, interval=5) DEBUG:openeo.rest.auth.oidc:Start polling token endpoint (interval 5s)

Visit Sign in to egi :clipboard: to authenticate.

[################################-----] :white_check_mark: Authorized successfully

DEBUG:openeo.rest.auth.oidc:Doing ‘urn:ietf:params:oauth:grant-type:device_code’ token request ‘https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token’ with post data fields [‘client_id’, ‘device_code’, ‘grant_type’, ‘code_verifier’] (client_id ‘openeo-platform-default-client’) DEBUG:urllib3.connectionpool:https://aai.egi.eu:443 “POST /auth/realms/egi/protocol/openid-connect/token HTTP/1.1” 400 98 INFO:openeo.rest.auth.oidc:[ 6.1s] not authorized yet: authorization_pending DEBUG:openeo.rest.auth.oidc:Doing ‘urn:ietf:params:oauth:grant-type:device_code’ token request ‘https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token’ with post data fields [‘client_id’, ‘device_code’, ‘grant_type’, ‘code_verifier’] (client_id ‘openeo-platform-default-client’) DEBUG:urllib3.connectionpool:https://aai.egi.eu:443 “POST /auth/realms/egi/protocol/openid-connect/token HTTP/1.1” 400 98 INFO:openeo.rest.auth.oidc:[ 12.2s] not authorized yet: authorization_pending DEBUG:openeo.rest.auth.oidc:Doing ‘urn:ietf:params:oauth:grant-type:device_code’ token request ‘https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token’ with post data fields [‘client_id’, ‘device_code’, ‘grant_type’, ‘code_verifier’] (client_id ‘openeo-platform-default-client’) DEBUG:urllib3.connectionpool:https://aai.egi.eu:443 “POST /auth/realms/egi/protocol/openid-connect/token HTTP/1.1” 400 98 INFO:openeo.rest.auth.oidc:[ 18.3s] not authorized yet: authorization_pending DEBUG:openeo.rest.auth.oidc:Doing ‘urn:ietf:params:oauth:grant-type:device_code’ token request ‘https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token’ with post data fields [‘client_id’, ‘device_code’, ‘grant_type’, ‘code_verifier’] (client_id ‘openeo-platform-default-client’) DEBUG:urllib3.connectionpool:https://aai.egi.eu:443 “POST /auth/realms/egi/protocol/openid-connect/token HTTP/1.1” 400 98 INFO:openeo.rest.auth.oidc:[ 24.4s] not authorized yet: authorization_pending DEBUG:openeo.rest.auth.oidc:Doing ‘urn:ietf:params:oauth:grant-type:device_code’ token request ‘https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token’ with post data fields [‘client_id’, ‘device_code’, ‘grant_type’, ‘code_verifier’] (client_id ‘openeo-platform-default-client’) DEBUG:urllib3.connectionpool:https://aai.egi.eu:443 “POST /auth/realms/egi/protocol/openid-connect/token HTTP/1.1” 400 98 INFO:openeo.rest.auth.oidc:[ 30.5s] not authorized yet: authorization_pending DEBUG:openeo.rest.auth.oidc:Doing ‘urn:ietf:params:oauth:grant-type:device_code’ token request ‘https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token’ with post data fields [‘client_id’, ‘device_code’, ‘grant_type’, ‘code_verifier’] (client_id ‘openeo-platform-default-client’) DEBUG:urllib3.connectionpool:https://aai.egi.eu:443 “POST /auth/realms/egi/protocol/openid-connect/token HTTP/1.1” 200 2468 INFO:openeo.rest.auth.oidc:[ 36.6s] Authorized successfully. INFO:openeo.rest.connection:Obtained tokens: [‘access_token’, ‘id_token’] DEBUG:openeo.rest.connection:Request GET [https://openeocloud.vito.be/openeo/1.0.0/collections/ESA_WORLDCEREAL_MAIZE](https://openeocloud.vito.be/openeo/1.0.0/collections/ESA_WORLDCEREAL_MAIZE`) with headers None, auth OidcBearerAuth, kwargs [‘stream’] DEBUG:urllib3.connectionpool:https://openeocloud.vito.be:443 “GET /openeo/1.0.0/collections/ESA_WORLDCEREAL_MAIZE HTTP/1.1” 200 3294 DEBUG:openeo.rest.connection:Got <Response [200]> headers {‘Date’: ‘Thu, 02 Nov 2023 17:23:50 GMT’, ‘Content-Type’: ‘application/json’, ‘Content-Length’: ‘3294’, ‘Connection’: ‘keep-alive’, ‘Cache-Control’: ‘max-age=900, public’, ‘Expires’: ‘Thu, 02 Nov 2023 17:38:50 GMT’, ‘Request-Id’: ‘r-78f44506c7ec4cb9bbe2f1de3c42486e’, ‘Access-Control-Allow-Origin’: ‘', ‘Access-Control-Expose-Headers’: ‘Accept-Ranges, Content-Encoding, Content-Range, Link, Location, OpenEO-Costs, OpenEO-Identifier’, ‘Strict-Transport-Security’: ‘max-age=31536000; includeSubDomains’} D:\10_programfiles\Anaconda\Lib\site-packages\openeo\metadata.py:325: UserWarning: Band name mismatch: [‘classification’, ‘confidence’] != [‘CLASSIFICATION’, ‘CONFIDENCE’] complain(“Band name mismatch: {a} != {b}”.format(a=cube_dimension_band_names, b=eo_band_names)) DEBUG:openeo.rest.connection:Request GET [https://openeocloud.vito.be/openeo/1.0.0/file_formats](https://openeocloud.vito.be/openeo/1.0.0/file_formats`) with headers None, auth OidcBearerAuth, kwargs [‘stream’] DEBUG:urllib3.connectionpool:https://openeocloud.vito.be:443 “GET /openeo/1.0.0/file_formats HTTP/1.1” 200 5542 DEBUG:openeo.rest.connection:Got <Response [200]> headers {‘Date’: ‘Thu, 02 Nov 2023 17:23:50 GMT’, ‘Content-Type’: ‘application/json’, ‘Content-Length’: ‘5542’, ‘Connection’: ‘keep-alive’, ‘Cache-Control’: ‘max-age=900, public’, ‘Expires’: ‘Thu, 02 Nov 2023 17:38:50 GMT’, ‘Request-Id’: ‘r-9ae7602bcbfd4ceead811ae888fa307e’, ‘Access-Control-Allow-Origin’: '’, ‘Access-Control-Expose-Headers’: ‘Accept-Ranges, Content-Encoding, Content-Range, Link, Location, OpenEO-Costs, OpenEO-Identifier’, ‘Strict-Transport-Security’: ‘max-age=31536000; includeSubDomains’} DEBUG:openeo.rest.connection:Request POST [https://openeocloud.vito.be/openeo/1.0.0/result](https://openeocloud.vito.be/openeo/1.0.0/result`) with headers None, auth OidcBearerAuth, kwargs [‘json’, ‘allow_redirects’, ‘stream’, ‘timeout’] DEBUG:urllib3.connectionpool:https://openeocloud.vito.be:443 “POST /openeo/1.0.0/result HTTP/1.1” 500 169 DEBUG:openeo.rest.connection:Got <Response [500]> headers {‘Date’: ‘Thu, 02 Nov 2023 17:23:52 GMT’, ‘Content-Type’: ‘application/json’, ‘Content-Length’: ‘169’, ‘Connection’: ‘keep-alive’, ‘Access-Control-Allow-Origin’: ‘*’, ‘Access-Control-Expose-Headers’: ‘Accept-Ranges, Content-Encoding, Content-Range, Link, Location, OpenEO-Costs, OpenEO-Identifier’, ‘Request-Id’: ‘r-b8d047d75e644e829bf8bc210c6dd862’, ‘Strict-Transport-Security’: ‘max-age=31536000; includeSubDomains’}

--------------------------------------------------------------------------- OpenEoApiError Traceback (most recent call last) Cell In[6], line 10 3 con.authenticate_oidc_device() 4 cube = con.load_collection( 5 “ESA_WORLDCEREAL_MAIZE”, 6 temporal_extent=[“2020-09-01”, “2021-12-20”], 7 spatial_extent={“west”: 3, “south”: 51, “east”: 3.1, “north”: 51.1}, 8 bands=[“classification”], 9 ) —> 10 cube.download(“maize.tif”) File D:\10_programfiles\Anaconda\Lib\site-packages\openeo\rest\datacube.py:2004, in DataCube.download(self, outputfile, format, options, validate) 2002 format = guess_format(outputfile) 2003 cube = self._ensure_save_result(format=format, options=options) → 2004 return self._connection.download(cube.flat_graph(), outputfile, validate=validate) File D:\10_programfiles\Anaconda\Lib\site-packages\openeo\rest\connection.py:1540, in Connection.download(self, graph, outputfile, timeout, validate) 1538 pg_with_metadata = self._build_request_with_process_graph(process_graph=graph) 1539 self._preflight_validation(pg_with_metadata=pg_with_metadata, validate=validate) → 1540 response = self.post( 1541 path=“/result”, 1542 json=pg_with_metadata, 1543 expected_status=200, 1544 stream=True, 1545 timeout=timeout or DEFAULT_TIMEOUT_SYNCHRONOUS_EXECUTE, 1546 ) 1548 if outputfile is not None: 1549 with Path(outputfile).open(mode=“wb”) as f: File D:\10_programfiles\Anaconda\Lib\site-packages\openeo\rest\connection.py:217, in RestApiConnection.post(self, path, json, **kwargs) 209 def post(self, path: str, json: Optional[dict] = None, **kwargs) → Response: 210 “”" 211 Do POST request to REST API. 212 (…) 215 :return: response: Response 216 “”" → 217 return self.request(“post”, path=path, json=json, allow_redirects=False, **kwargs) File D:\10_programfiles\Anaconda\Lib\site-packages\openeo\rest\connection.py:756, in Connection.request(self, method, path, headers, auth, check_error, expected_status, **kwargs) 749 return super(Connection, self).request( 750 method=method, path=path, headers=headers, auth=auth, 751 check_error=check_error, expected_status=expected_status, **kwargs, 752 ) 754 try: 755 # Initial request attempt → 756 return _request() 757 except OpenEoApiError as api_exc: 758 if api_exc.http_status_code == 403 and api_exc.code == “TokenInvalid”: 759 # Auth token expired: can we refresh? File D:\10_programfiles\Anaconda\Lib\site-packages\openeo\rest\connection.py:749, in Connection.request.._request() 748 def _request(): → 749 return super(Connection, self).request( 750 method=method, path=path, headers=headers, auth=auth, 751 check_error=check_error, expected_status=expected_status, **kwargs, 752 ) File D:\10_programfiles\Anaconda\Lib\site-packages\openeo\rest\connection.py:164, in RestApiConnection.request(self, method, path, headers, auth, check_error, expected_status, **kwargs) 162 expected_status = ensure_list(expected_status) if expected_status else 163 if check_error and status >= 400 and status not in expected_status: → 164 self._raise_api_error(resp) 165 if expected_status and status not in expected_status: 166 raise OpenEoRestError(“Got status code {s!r} for {m} {p} (expected {e!r}) with body {body}”.format( 167 m=method.upper(), p=path, s=status, e=expected_status, body=resp.text) 168 ) File D:\10_programfiles\Anaconda\Lib\site-packages\openeo\rest\connection.py:196, in RestApiConnection._raise_api_error(self, response) 190 error_message = ( 191 “Received 502 Proxy Error.” 192 " This typically happens when a synchronous openEO processing request takes too long and is aborted." 193 " Consider using a batch job instead." 194 ) 195 exception = OpenEoApiPlainError(message=text, http_status_code=status_code, error_message=error_message) → 196 raise exception OpenEoApiError: [500] Internal: Failed to process synchronously on backend vito: OpenEoApiError(‘[401] unknown: Unauthorized’) (ref: r-b8d047d75e644e829bf8bc210c6dd862)

32

Thanks, I’m also getting some comparable reports from other users for this [401] unknown: Unauthorized’ issue. Started a ticket for further follow up at

33

Thank you so much and looking forward to have it agan

Is there any updates or news regarding the matter .

34

Hello @sherif.abdeltawab.el

Could you find any solution for this issue?

35

Hi, the github issue above has some new comments that explain the cause and the solution.

The API backend is now updated to return a better response code in these cases. It should also provide a better integration with the python client in case tokens get expired.

However, the issue can have several causes. The most plausible solution is the one provided by @Simoniman. In case you are receiving this error, please confirm your registration by registering through https://openeo.cloud/.

Given the latest back-end changes (and some python client side tweaks), the actual error message won’t be [401] unknown: Unauthorized anymore, and will instead contain more information about the actual problem.
It think we can close this ticket […]