Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

issue #685 move documentation of basic authentication under the OIDC documentation #697

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+50 −47
Open

issue #685 move documentation of basic authentication under the OIDC documentation #697

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e9b788b
issue #685 move documentation of basic authentication under the OIDC …
ElienVandermaesenVITO Jan 2, 2025
e6eff25
issue #685 place main section together with configs
ElienVandermaesenVITO Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 50 additions & 47 deletions docs/auth.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,29 +22,6 @@ we start form a back-end connection::

connection = openeo.connect("https://openeo.example.com")

Basic HTTP Auth
===============

Let's start with the easiest authentication method,
based on the Basic HTTP authentication scheme.
It is however *not recommended* for various reasons,
such as its limited *security* measures.
For example, if you are connecting to a back-end with a ``http://`` URL
instead of a ``https://`` one, you should certainly not use basic HTTP auth.

With these security related caveats out of the way, you authenticate
using your username and password like this::

connection.authenticate_basic("john", "j0hn123")

Subsequent usage of the connection object ``connection`` will
use authenticated calls.
For example, show information about the authenticated user::

>>> connection.describe_account()
{'user_id': 'john'}



OpenID Connect Based Authentication
===================================
Expand Down Expand Up @@ -90,15 +67,15 @@ in the context of working with openEO:
* :ref:`authenticate_oidc_refresh_token`


OpenID Connect is clearly more complex than Basic HTTP Auth.

In the sections below we will discuss the practical details of each flow.

General options
---------------

* A back-end might support **multiple OpenID Connect providers**.
The openEO Python Client Library will pick the first one by default,
but another another provider can specified explicity with the ``provider_id`` argument, e.g.:
but another another provider can specified explicitly with the ``provider_id`` argument, e.g.:

.. code-block:: python

Expand Down Expand Up @@ -329,7 +306,6 @@ For example:




.. _auth_configuration_files:

Auth config files and ``openeo-auth`` helper tool
Expand Down Expand Up @@ -403,27 +379,6 @@ the current configuration and stored refresh tokens, e.g.::
The sensitive information (like passwords) are redacted by default.



Basic HTTP Auth config
-----------------------

With the ``add-basic`` subcommand you can add Basic HTTP Auth credentials
for a given back-end to the config.
It will interactively ask for username and password and
try if these credentials work::

$ openeo-auth add-basic https://openeo.example.com/
Enter username and press enter: john
Enter password and press enter:
Trying to authenticate with 'https://openeo.example.com'
Successfully authenticated 'john'
Saved credentials to '/home/john/.config/openeo-python-client/auth-config.json'

Now you can authenticate in your application without having to
specify username and password explicitly::

connection.authenticate_basic()

OpenID Connect configs
-----------------------

Expand Down Expand Up @@ -472,6 +427,54 @@ For example::




Basic HTTP Auth
===============

The easiest authentication method is
based on the Basic HTTP authentication scheme.
It is however *not recommended* for various reasons,
such as its limited *security* measures.
For example, if you are connecting to a back-end with a ``http://`` URL
instead of a ``https://`` one, you should certainly not use basic HTTP auth.

With these security related caveats out of the way, you authenticate
using your username and password like this::

connection.authenticate_basic("john", "j0hn123")

Subsequent usage of the connection object ``connection`` will
use authenticated calls.
For example, show information about the authenticated user::

>>> connection.describe_account()
{'user_id': 'john'}




Basic HTTP Auth config
-----------------------

With the ``add-basic`` subcommand you can add Basic HTTP Auth credentials
for a given back-end to the config.
It will interactively ask for username and password and
try if these credentials work::

$ openeo-auth add-basic https://openeo.example.com/
Enter username and press enter: john
Enter password and press enter:
Trying to authenticate with 'https://openeo.example.com'
Successfully authenticated 'john'
Saved credentials to '/home/john/.config/openeo-python-client/auth-config.json'

Now you can authenticate in your application without having to
specify username and password explicitly::

connection.authenticate_basic()



.. _default_url_and_auto_auth:

Default openEO back-end URL and auto-authentication
Expand Down