Solved

Error when run a transformation from the course.

  • 14 March 2023
  • 10 replies
  • 150 views

Badge +3

i need support for the course Python SDK Transformations.
Im running the comands from notebook that was given in git and a stoped on:

result = client.transformations.run(asset_transformation.id, wait=False)

The error resulted is :

CogniteAPIError: Invalid source/destination credentials: Could not authenticate with the OIDC credentials. Please check your credentials. | code: 403 | X-Request-ID: 78e0e54a-a3ca-9bc4-b2f5-e303ed6a7207

iv checked the authentication process and i can perform all task like search list add datasets assets and everything but i cant run the transformation.

Any one knows how to solve it ?

i have the same problen in the UI
 

 

icon

Best answer by roman.chesnokov 15 March 2023, 21:40

View original

10 replies

Userlevel 3

Hey Jasar, to instantiate CogniteClient you use your account and interactive authentication workflow. But it doesn’t work for transformations. You should set the source and destination credentials. If you use the same project to read and write data, they could be the same. You need to generate a client secret as described in that lesson and use it for running your transformations. 

You enter it in one of the first cells:

CLIENT_SECRET = "" # Enter secret

Userlevel 3

I found out that we have a temporary issue with the secret generator in the course. But I’ve provided you with a working secret for that project in the direct messages. Let me know if you have any other blockers.

Badge +3

hi Roman i got the same error when running the given notebook in github repo
 

 

Userlevel 3

Could you try to instantiate a client with the client secret and send here token capabilities:

from cognite.client.credentials import OAuthClientCredentials

creds_test = OAuthClientCredentials(token_url=f"{AUTHORITY_URI}/oauth2/v2.0/token", client_id=CLIENT_ID, scopes=" ".join(SCOPES), client_secret=CLIENT_SECRET)

cnf_test = ClientConfig(
project=COGNITE_PROJECT,
base_url=f'https://{CDF_CLUSTER}.cognitedata.com',
client_name='cognite-python-dev',
credentials=creds_test
)
client_test = CogniteClient(cnf_test)
client_test.iam.token.inspect()

 

 

Badge +3

this is the result:

 

[{ "url_name": "de-transformations", "groups": [ 3974891759857484 ] }, { "url_name": "infield-training", "groups": [ 1376085367190226 ] }, { "url_name": "publicdata", "groups": [ 1701516184810448, 4860375157547584 ] }, { "url_name": "cdf-fundamentals", "groups": [ 7233047623736400 ] }]

Userlevel 3

That looks like a result for a normal client with interactive auth workflow. Could you add a cell and run my code from the previous message? It will print not only projects but also capabilities.

Badge +3

sorry, here is it:

 

{
"subject": "c104bf67-8010-4ef2-8ee8-33237899dda2",
"projects": [
{
"url_name": "de-transformations",
"groups": [
3974891759857484
]
}
],
"capabilities": [
{
"assetsAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"datasetsAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"groupsAcl": {
"actions": [
"LIST"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"rawAcl": {
"actions": [
"READ",
"WRITE",
"LIST"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"projectsAcl": {
"actions": [
"LIST"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"assetsAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"threedAcl": {
"actions": [
"READ",
"CREATE",
"DELETE",
"UPDATE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"filesAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"eventsAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"timeSeriesAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"entitymatchingAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"sequencesAcl": {
"actions": [
"READ"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"labelsAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"sessionsAcl": {
"actions": [
"LIST",
"CREATE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"annotationsAcl": {
"actions": [
"WRITE",
"READ"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"transformationsAcl": {
"actions": [
"READ",
"WRITE"
],
"scope": {
"all": {}
}
},
"projectScope": {
"projects": [
"de-transformations"
]
}
},
{
"userProfilesAcl": {
"actions": [
"READ"
],
"scope": {
"all": {}
},
"version": 1
},
"projectScope": {
"projects": [
"de-transformations"
]
}
}
]
}

 

Userlevel 3

That looks ok. I removed your transformation now, could you try to create it again? The credentials were not updated since we’re not updating the transformation but trying to create it again.

Badge +3

it worked thank you

Badge +2

Hi guys, I got the same authentication error:

CogniteAPIError: Invalid source/destination credentials: Could not authenticate with the OIDC credentials. Please check your credentials. | code: 403 | X-Request-ID: ac53bf90-712a-9d39-80f2-38340573b994.

Reply