Authentication using the freva-client library#
The freva-client python library offers a very simple interface to interact with the authentication system.
Client software freva evaluation system framework (freva):
Freva, the free evaluation system framework, is a data search and analysis platform developed by the atmospheric science community for the atmospheric science community. With help of Freva researchers can:
quickly and intuitively search for data stored at typical data centers that host many datasets.
create a common interface for user defined data analysis tools.
apply data analysis tools in a reproducible manner.
The code described here is currently in testing phase. The client and server library described in the documentation only support searching for data. If you need to apply data analysis plugins, please visit the
- freva_client.authenticate(*, token_file: str | Path | None = None, host: str | None = None, force: bool = False) Token#
Authenticate to the host.
This method generates a new access token that should be used for restricted methods.
- Parameters:
refresh_token (str, optional) – Instead of setting a password, you can set a refresh token to refresh the access token. This is recommended for non-interactive environments.
host (str, optional) – The hostname of the REST server.
force (bool, default: False) – Force token recreation, even if current token is still valid.
- Returns:
Token
- Return type:
The authentication token.
Examples
Interactive authentication:
from freva_client import authenticate token = authenticate() print(token)
Batch mode authentication with a refresh token:
from freva_client import authenticate token = authenticate(token_file="~/.freva-login-token.json")
Using the command line interface#
Token creation and refreshing can also be achieved with help of the auth
sub command of the command line interface
freva-client auth --help
Results
Usage: freva-client auth [OPTIONS]
Create OAuth2 access and refresh token.
╭─ Options ────────────────────────────────────────────────────────────────────╮
│ --host TEXT Set the hostname of the databrowser, if not │
│ set (default) the hostname is read from a │
│ config file │
│ --token-file TEXT Instead of authenticating via code based │
│ authentication flow you can set the path to │
│ the json file that contains a `refresh token` │
│ containing a refresh_token key. │
│ --force -f Force token recreation, even if current token │
│ is still valid. │
│ -v INTEGER Increase verbosity [default: 0] │
│ --version -V Show version an exit │
│ --help Show this message and exit. │
╰──────────────────────────────────────────────────────────────────────────────╯
You can create a token using your user name and password. For security reasons you can not pass your password as an argument to the command line interface. This means that you can only create a new token with help of a valid refresh token in a non-interactive session. Such as a batch job.
Therefore you want to store your token data securely in a file, and use the refresh token to create new tokens:
freva-client auth > ~/.mytoken.json
chmod 600 ~/.mytoken.json
Later you can use the jq json command line parser to read the refresh token from and use it to create new access tokens.
freva-client auth --token-file ~/.mytoken.json > ~/.mytoken.json
Warning
Avoid storing access tokens insecurely. Access tokens are sensitive and should be treated like passwords. Do not store them in publicly readable plaintext or in code repositories. Instead:
Use environment variables or secure storage (e.g.
.netrc, OS keychains).Rotate and expire tokens regularly if implementing long-running SPs.