is there a non-interactive authentication method?
I understand the advantages of using OIDC through EGI, but currently it requires the user to interact with the account to either login (e.g. if you are currently not logged into your GitHub or OICD provider account) and/or registering the service or creating tokens.
We plan to use openEO in dockerized solutions which are invoked by lambda calls (event-driven).
Any ideas or any plans on how to deal with authentication in these environments?
indeed, this is an issue that we are aware about, but have not fully solved yet with OIDC.
We do see that other tools, like GitHub, are continuing to move towards OIDC, also for these machine to machine use cases, so there probably are solutions, we just need to figure them out.
If you need something in the short term, we can also consider workarounds based on less secure basic authentication, which is still supported by most backends, but not recommended because of the security implications.
If you can give us an indication of when you would need a solution, we can consider if it’s feasible to work on an OIDC based solution.
thank you for the quick response. We do currently have a solution in place for a shiny application that uses gdalcubes instead of openEO and this might also work within dockerized services. It’s more that we see a lot of advantages in using openEO in terms of speed, available collections, etc. so this would be our preferred solution.
At this time I see no need to set up an immediate workaround, having a solution available somewhen in Q1/2022 would be great from our POV.
We have now a documented solution for the python-client available.
Please find it here:
The documented solutions will become available in the next release of the python-client which will be happening within the next 2 weeks.