Skip to main content
Solved

Python API calls work in Jupyter Notebook, but fail when running as a Python script


Peter Quinn
Committed
Forum|alt.badge.img+2

I have some code working great via a Notebook, but I want to move it to a server where I can run it as daemon. The authentication is failing when I run it on the server.

I suspect the problem is with the Scopes - User impersonation might work in the browser where I’m already logged in to the right project. What scope should I use instead when I’m calling directly from Python?

Also tried 

myscope = '[f"https://westeurope-1.cognitedata.com/.default"]'

as suggested in the documentation

oauthlib.oauth2.rfc6749.errors.AccessDeniedError: (access_denied) Unauthorized

from cognite.client import CogniteClient, ClientConfig
from cognite.client.credentials import OAuthClientCredentials
from cognite.client.data_classes import TimeSeries

host = "https://westeurope-1.cognitedata.com"
myproject = "rok-buandcollaborators-53"
clientid = "realStuffWasHere"
secret = "secretsecretsecretsecretsecretsecret"
#myscope = "https://westeurope-1.cognitedata.com/.default"
myscope='["IDENTITY", "user_impersonation"]'
token="https://datamosaix-prod.us.auth0.com/oauth/token"
dataset = 8883655420989208 #chemdemo dataset

#creds = OAuthClientCredentials(token_url=token,client_id=clientid, client_secret=secret, scopes=myscope)
#cnf = ClientConfig(client_name="SJC_Raspi3b", base_url=host, project=myproject, credentials=creds)
creds = OAuthClientCredentials(
        token_url=token, # https://datamosaix-qa.us.auth0.com/oauth/token
        client_id=clientid,
        client_secret=secret,
        scopes=["IDENTITY", "user_impersonation"]
)

cnf = ClientConfig(
    client_name="SJC_Raspi3b",
    project=myproject,
    credentials=creds,
    base_url=host
)

cdf_client = CogniteClient(cnf)

ts_list = cdf_client.time_series.list() #debugging test for creds. not needed for real
print (ts_list)

 

Best answer by Fredrik Holm

Hi Peter.

Here’s a sample script that runs fine on my side, both in a notebook and as a deamon 

import os
from cognite.client import CogniteClient, ClientConfig
from cognite.client.credentials import OAuthClientCredentials

scopes="user_impersonation"
audience="https://cognitedata.com"
projectName= "holminc-36"
host= "https://westeurope-1.cognitedata.com"
token_url="https://datamosaix-qa.us.auth0.com/oauth/token"
client_id= os.environ["holm_inc_qa_ext_client_id"]
client_secret= os.environ["holm_inc_qa_ext_client_secret"]

oauth_provider = OAuthClientCredentials(
    token_url=token_url,
    client_id=client_id,
    client_secret=client_secret,
    scopes=scopes,
    audience=audience
)
clientConfig = ClientConfig(
    client_name="Non-prod testing",
    project=projectName,
    credentials=oauth_provider,
    base_url=host,
    debug=False
)

client = CogniteClient(clientConfig)
print(client.raw.tables.list("Holm Inc db", limit=5))

Please note that this is running in QA and that the scope assigned there are recently changed. The following scope should work in prod now, but needs to change as the scope change in QA is rolled out to prod. 

scopes="IDENTITY user_impersonation"

 

View original
Did this topic help you find an answer to your question?

4 replies

Forum|alt.badge.img

Starting with version 6.6.1 of the SDK, some convenience methods were added to CogniteClient that I suspect might give you an easier way to instantiate a client:

from cognite.client import CogniteClient

client = CogniteClient.default_oauth_client_credentials(
    project="rok-buandcollaborators-53",
    cdf_cluster="westeurope-1",
    tenant_id="0abcdef...",
    client_id="d9b2bd26...",
    client_secret="...",
    client_name="Who am I?",
)

# For easy interactive login, check out:
CogniteClient.default_oauth_interactive

Peter Quinn
Committed
Forum|alt.badge.img+2
  • Author
  • Committed
  • 18 replies
  • August 2, 2023

Thanks. This looks promising How do I find my tenant_id? Does this assume it’s AzureAD? We’re not using that.


Forum|alt.badge.img
  • Practitioner
  • 6 replies
  • Answer
  • August 3, 2023

Hi Peter.

Here’s a sample script that runs fine on my side, both in a notebook and as a deamon 

import os
from cognite.client import CogniteClient, ClientConfig
from cognite.client.credentials import OAuthClientCredentials

scopes="user_impersonation"
audience="https://cognitedata.com"
projectName= "holminc-36"
host= "https://westeurope-1.cognitedata.com"
token_url="https://datamosaix-qa.us.auth0.com/oauth/token"
client_id= os.environ["holm_inc_qa_ext_client_id"]
client_secret= os.environ["holm_inc_qa_ext_client_secret"]

oauth_provider = OAuthClientCredentials(
    token_url=token_url,
    client_id=client_id,
    client_secret=client_secret,
    scopes=scopes,
    audience=audience
)
clientConfig = ClientConfig(
    client_name="Non-prod testing",
    project=projectName,
    credentials=oauth_provider,
    base_url=host,
    debug=False
)

client = CogniteClient(clientConfig)
print(client.raw.tables.list("Holm Inc db", limit=5))

Please note that this is running in QA and that the scope assigned there are recently changed. The following scope should work in prod now, but needs to change as the scope change in QA is rolled out to prod. 

scopes="IDENTITY user_impersonation"

 


Peter Quinn
Committed
Forum|alt.badge.img+2
  • Author
  • Committed
  • 18 replies
  • August 3, 2023

This is strange. It runs on Jupyter Notebook. It runs on Python on my corp Windows laptop. It fails on the Raspberry Pi that I want to run it on, since that doesn’t get shut off every night. Is there possibly a Windows vs Unix (case sensitivity?) issue? 

Anyway, my immediate need has passed so there’s no urgency in solving this mystery


Reply


Cookie Policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie Settings