[1]:

import mdf_toolbox

Authentication Utilities

The MDF Toolbox contains a few different ways to easily authenticate using Globus Auth, and even automatically make certain clients for you.

Note: This is not an exhaustive list of all parameters and options available. This is a basic tutorial for the most common usages.

Interactive user login with login()

The login() helper uses your own credentials to authenticate. You can specify services by name or scope as services=["name_or_scope"] You will have to follow a link to Globus Auth the first time you use a service (your tokens will be cached after the first login). To reset your tokens, use clear_old_tokens=True.

[2]:

result = mdf_toolbox.login(services=["mdf_connect", "transfer"])

Toolbox will handle connecting to Globus Auth. The return value is a dictionary, with each service you requested as a key.

If there is a client associated with a service, you get that client back. This feature can be turned off with make_clients=False.

[3]:

result["transfer"]

[3]:

<globus_sdk.transfer.client.TransferClient at 0x7f2738649a58>

If there is no client for a service, you get a RefreshTokenAuthorizer instead.

[4]:

result["mdf_connect"]

[4]:

<globus_sdk.authorizers.refresh_token.RefreshTokenAuthorizer at 0x7f2738649a90>

A RefreshTokenAuthorizer allows you to authenticate a request with .set_authorization_header().

[5]:

headers = {}
result["mdf_connect"].set_authorization_header(headers)
# requests.get(url, headers=headers)

Programmatic client login with confidential_login()

If you have a Confidential Client (registered through https://developers.globus.org/), that client can login as itself using confidential_login(). In addition to specifying services=[] as with login(), you must also provide the client_id and client_secret for your Confidential Client.

[6]:

client_id = ""
client_secret = ""

[7]:

result = mdf_toolbox.confidential_login(client_id=client_id,
                                        client_secret=client_secret,
                                        services=["mdf_connect", "transfer"])

The return value is almost the same as login() except the default authorizer is a ClientCredentialsAuthorizer (which can be used in the same way as a RefreshTokenAuthorizer. You can still disable making clients where possible by passing make_clients=False.

[8]:

result["transfer"]

[8]:

<globus_sdk.transfer.client.TransferClient at 0x7f2738684cc0>

[9]:

result["mdf_connect"]

[9]:

<globus_sdk.authorizers.client_credentials.ClientCredentialsAuthorizer at 0x7f27386840f0>

No-auth client creation with anonymous_login()

If you don’t want to log in with any credentials, you can use anonymous_login() to automatically create clients. The only accepted parameter is services.

Note: Only clients can be returned this way. You cannot make an anonymous RefreshTokenAuthorizer. Additionally, many clients have auth-only features that will not work when not authenticated, such as initiating a transfer with a TransferClient.

[10]:

result = mdf_toolbox.anonymous_login("transfer")

[11]:

result["transfer"]

[11]:

<globus_sdk.transfer.client.TransferClient at 0x7f2738669a90>

[ ]: