OpenID Connect on Open Industrial Data

  • 18 July 2022
  • 3 replies

Userlevel 2
Badge +1

OpenID Connect is now available on Open Industrial Data (OID). When you sign up to Cognite Hub, you get an account to the Open Industrial Data project.

Whether you are new to OID or have been using API keys to access the data in this project, here’s all you need to get started with OIDC.


Details to create the Cognite client 

  • Tenant ID - 48d5043c-cf70-4c49-881c-c638f5796997,

  • Client ID - 1b90ede3-271e-401b-81a0-a4d52bea3273,

  • project=publicdata,

  • CDF_CLUSTER - api


How to use Postman with OIDC?

We recommend that you download, install and use Postman to test API requests and verify responses.

Update authorization:


How to use Cognite python SDK with OIDC

You can authenticate the Python SDK with Azure AD by using a token retrieved when a user authenticates or with a static client secret for long-running jobs like extractors.

Learn more:


Let me know if you have any questions!

3 replies


I’m using the Cognite Python SDK to query some data from the OpenIndustrialData project. I’m confused about the new OIDC authentication process.

[This guide]( mentions that the following arguments should be passed to the `CogniteClient`:

from cognite.client import CogniteClient

client = CogniteClient(
token_url= "<token-url>",
token_client_id= "<your-client-id>",
project= "<your-cognite-project>",

Alternatively, an api-key can be passed (although this process is being deprecated):

from cognite.client import CogniteClient

c = CogniteClient(api_key="<your-api-key>",

However, as of cognite-sdk Python package version 4.0.1 the `CogniteClient` still expects `config` of class `ClientConfig` as an argument. Passing `token_url` or `api_key` as an argument throws an “unexptected keyword argument” error.

Would you be able to clarify how we are expected to authenticate to access data from the OpenIndustrialData project using the Python SDK?


Userlevel 2
Badge +1

Hi Denis,

Our engineering team has done some changes to authenticate CDF via SDK on the 15th Aug 2022 as stated in Cognite python sdk repository.

SDK team has already updated this in our python sdk docs. However, some code samples and parts of the docs are still not updated and I have opened a separate bug to update those.


You can use the below code sample to access OpenIndustrialData project with interactive login and token refresh.

import atexit
import os

from cognite.client import CogniteClient, ClientConfig
from cognite.client.credentials import Token
from msal import PublicClientApplication, SerializableTokenCache

# Contact Project Administrator to get these
TENANT_ID = "48d5043c-cf70-4c49-881c-c638f5796997"
CLIENT_ID = "1b90ede3-271e-401b-81a0-a4d52bea3273"
CDF_CLUSTER = "api" # api, westeurope-1 etc
COGNITE_PROJECT = "publicdata"

CACHE_FILENAME = "cache.bin"
SCOPES = [f"https://{CDF_CLUSTER}"]

PORT = 53000

def create_cache():
cache = SerializableTokenCache()
if os.path.exists(CACHE_FILENAME):
cache.deserialize(open(CACHE_FILENAME, "r").read())
open(CACHE_FILENAME, "w").write(cache.serialize()) if cache.has_state_changed else None
return cache

def authenticate_azure(app):
# Firstly, check the cache to see if this end user has signed in before
accounts = app.get_accounts()
if accounts:
creds = app.acquire_token_silent(SCOPES, account=accounts[0])
# interactive login - make sure you have http://localhost:port in Redirect URI in App Registration as type "Mobile and desktop applications"
creds = app.acquire_token_interactive(scopes=SCOPES, port=PORT,)

return creds

app = PublicClientApplication(client_id=CLIENT_ID, authority=AUTHORITY_URI)

def get_token():
return authenticate_azure(app)["access_token"]

cnf = ClientConfig(client_name="my-special-client", project="publicdata", credentials=Token(get_token))
client = CogniteClient(cnf)




Userlevel 1

Hi @gontcharovd! You’re right, it has been changed in the most recent version of the Python SDK, and the new pattern should be documented here:

I wrote an example of how you can access Open Industrial Data using OIDC with the Python SDK here. A bit of extra code is needed to manage the interactive login flow on the identity provider (Azure) for human users :)


Edit: @Shehan Karunaratne got to it just before me :) Now you have a couple of alternatives to choose from :)