Acquiring an access token without user interaction

2 years ago
March 2, 2023
0 replies
62 views

Kanchana Premachandra
Practitioner

User sessions are managed via your IDP. Access token lifetime can vary from 60 to 90 minutes.

So once the session expires, the user would normally have to sign-in again.

How to overcome this?

With the OIDC workflow, it is possible to retrieve a new access token without prompting the user to provide credentials again. This is done by finding a valid access token from cache or by finding a valid refresh token from cache and then automatically use it to redeem a new access token.

The diagram below shows the normal OIDC workflow:

Below you can find a sample code snippet which uses the acquire_token_silent method available through the class: msal.PublicClientApplication:

def authenticate_azure(app):

    accounts = app.get_accounts()
    if accounts:
        print("Taking the token silently")
        creds = app.acquire_token_silent(SCOPES, account=accounts[0])
    else:

        print("Taking token interactively")
        creds = app.acquire_token_interactive(scopes=SCOPES, port=PORT)

    return creds

You can find the full code sample below, which uses both the acquire_token_interactive and acquire_token_silent methods:


import atexit
import os
import asyncio


from cognite.client import CogniteClient,ClientConfig 
from cognite.client.credentials import Token
from msal import PublicClientApplication, SerializableTokenCache
from cognite.client.data_classes import ExtractionPipeline




TENANT_ID = "<tenant_id>" 
CLIENT_ID = "<client_id>"
CDF_CLUSTER = "<cluster>"  // Ex: api, westeurope-1 etc
COGNITE_PROJECT = "<Your_Project>" 


CACHE_FILENAME = "cache.bin"
BASE_URL = f"https://{CDF_CLUSTER}.cognitedata.com"
SCOPES = [f"https://{CDF_CLUSTER}.cognitedata.com/.default"]


AUTHORITY_HOST_URI = "https://login.microsoftonline.com"
AUTHORITY_URI = AUTHORITY_HOST_URI + "/" + TENANT_ID
PORT = 3000
app = PublicClientApplication(client_id=CLIENT_ID, authority=AUTHORITY_URI)


def create_cache():
    cache = SerializableTokenCache()
    if os.path.exists(CACHE_FILENAME):
        cache.deserialize(open(CACHE_FILENAME, "r").read())
    atexit.register(lambda:
        open(CACHE_FILENAME, "w").write(cache.serialize()) if cache.has_state_changed else None
    )
    return cache




def authenticate_azure(app):

    accounts = app.get_accounts()
    if accounts:
        print("Taking the token silently")
        creds = app.acquire_token_silent(SCOPES, account=accounts[0])
    else:

        print("Taking token interactively")
        creds = app.acquire_token_interactive(scopes=SCOPES, port=PORT)

    return creds



app = PublicClientApplication(client_id=CLIENT_ID, authority=AUTHORITY_URI, token_cache=create_cache())


def get_token():
    return authenticate_azure(app)["access_token"]



cnf = ClientConfig(client_name="my-special-client", project=COGNITE_PROJECT, credentials=Token(get_token), base_url=BASE_URL)
client = CogniteClient(cnf)


print(client.iam.token.inspect())

Reply

Cookie Policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Sign up

Log in to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie Policy

Cookie settings