How to connect with OIDC in Python using the OAuthClientCredentials and publicdata [Community Contributed]

Leaving this as a how to guide for others that struggled like I have been.

I am in the position where I want to use the publicdata with Python using a ClientSecret. I did not want to use interactive logons or the device flow. I struggled to understand exactly which bits of the SDK and which values to use where.

Working Python code that will run in a Django management command is below but it should be trivial to change it for other apps.

import asyncio
import atexit
import datetime
import os
import time

from channels.layers import get_channel_layer
from cognite.client import ClientConfig, CogniteClient
from cognite.client.credentials import OAuthClientCredentials, Token
from django.core.management.base import BaseCommand
from msal import PublicClientApplication, SerializableTokenCache

# Contact Project Administrator to get these
TENANT_ID = "48d5043c-cf70-4c49-881c-c638f5796997" # use Cognite Client details from https://hub.cognite.com/open-industrial-data-211/openid-connect-on-open-industrial-data-993
CLIENT_ID = "1b90ede3-271e-401b-81a0-a4d52bea3273" # use Cognite Client details from https://hub.cognite.com/open-industrial-data-211/openid-connect-on-open-industrial-data-993
CLIENT_SECRET = "generated from the widget at https://hub.cognite.com/open-industrial-data-211"  # generated from the widget at https://hub.cognite.com/open-industrial-data-211

CDF_CLUSTER = "api"  # api, westeurope-1 etc
COGNITE_PROJECT = "publicdata"
BASE_URL = f"https://{CDF_CLUSTER}.cognitedata.com"

CACHE_FILENAME = "cache.bin"
SCOPES = [f"https://{CDF_CLUSTER}.cognitedata.com/.default"]


AUTHORITY_HOST_URI = "https://login.microsoftonline.com"
AUTHORITY_URI = AUTHORITY_HOST_URI + "/" + TENANT_ID

TOKEN_URL = f"https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token"

PORT = 53000


class Command(BaseCommand):
    group_name = "cognite"
    channel_name = "thedata"
    channel_layer = get_channel_layer()

    def add_arguments(self, parser):
        pass

    def handle(self, *args, **options):
        try:

            # this means we can use the secret generated from the hub and not require any manual logging in
            creds = OAuthClientCredentials(
                token_url=TOKEN_URL,
                client_id=CLIENT_ID,
                client_secret=CLIENT_SECRET,
                scopes=SCOPES,
            )

            self.cnf = ClientConfig(
                client_name="make-up-a-client-name",
                project=COGNITE_PROJECT,
                credentials=creds,
                base_url=BASE_URL,
            )

            self.client = CogniteClient(self.cnf)

            print(self.client.assets.list())

            while True:
                val = self.client.datapoints.retrieve_latest(id=52336799167961)[0]
                print(val)
                theData = val.dump()
                loop = asyncio.get_event_loop()
                coroutine = self.channel_layer.group_send(
                    self.group_name,
                    {
                        "type": "receive",
                        "thedata": theData,
                    },
                )
                loop.run_until_complete(coroutine)

                time.sleep(5)

        except Exception as e:
            print("ERROR")
            print(e)

        return "Done"