Connecting with GIS object on ArcGIS Enterprise for Kubernetes when OpenID Connect is configured

[eirikaa]

I'm not able to create a GIS instance on ArcGIS Enterprise on Kubernetes 11.1 when OpenID Connect is configured.

It seems like it is a misconfigured json string js_object in _token.py.

js_obect:

'{"oauth_state":"XXX","client_id":"pythonapi","appTitle":"python api","locale":"en-US","orgName":"XXX","oidcFederationInfo":[{"oidcName":"XXX","oidcAuthorizeUrl":"https://XXX/enterprise/sharing/rest/oauth2/oidc/XXX/authorize"}'

it can be fixed by adding "]" in the json string.

# _connection.py
for script in soup.xpath("//script/text()"):
            script_code = str(script).strip()
            matches = pattern.search(script_code)
            if not matches is None:
                js_object = matches.groups()[0]
                try:
                    oauth_info = json.loads(js_object)
                except:
                    oauth_info = json.loads(js_object + "}")
                break

FIX

# _connection.py
for script in soup.xpath("//script/text()"):
            script_code = str(script).strip()
            matches = pattern.search(script_code)
            if not matches is None:
                js_object = matches.groups()[0]
                try:
                    oauth_info = json.loads(js_object)
                except:
                    oauth_info = json.loads(js_object + "]}")
                break

Should possibly be done in a bit more elegant manner.

To Reproduce Steps to reproduce the behavior:

from arcgis.gis import GIS
portal = GIS(url, username, password)

error:

Traceback (most recent call last):
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 802, in token
    self._init_response_type_token()
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 551, in _init_response_type_token
    raise Exception("Unable to generate oauth token")
Exception: Unable to generate oauth token

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 644, in _init_token_auth_handshake
    oauth_info = json.loads(js_object)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\decoder.py", line 353, in raw_decode
    obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 1 column 618 (char 617)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 837, in get
    resp = self._session.get(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\api.py", line 437, in get
    return self._session.get(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\sessions.py", line 602, in get
    return self.request("GET", url, **kwargs)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\sessions.py", line 575, in request
    prep = self.prepare_request(req)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\sessions.py", line 486, in prepare_request
    p.prepare(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\models.py", line 372, in prepare
    self.prepare_auth(auth, url)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\models.py", line 603, in prepare_auth
    r = auth(self)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 818, in __call__
    r.headers["X-Esri-Authorization"] = f"Bearer {self.token}"
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 808, in token
    self._init_token_auth_handshake()
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 646, in _init_token_auth_handshake
    oauth_info = json.loads(js_object + "}")
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\decoder.py", line 353, in raw_decode
    obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 1 column 618 (char 617)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 1983, in _check_product
    res = self.get(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 872, in get
    raise Exception("A general error occurred: %s" % e)
Exception: A general error occurred: Expecting ',' delimiter: line 1 column 618 (char 617)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 802, in token
    self._init_response_type_token()
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 551, in _init_response_type_token
    raise Exception("Unable to generate oauth token")
Exception: Unable to generate oauth token

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 644, in _init_token_auth_handshake
    oauth_info = json.loads(js_object)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\decoder.py", line 353, in raw_decode
    obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 1 column 618 (char 617)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 837, in get
    resp = self._session.get(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\api.py", line 437, in get
    return self._session.get(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\sessions.py", line 602, in get
    return self.request("GET", url, **kwargs)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\sessions.py", line 575, in request
    prep = self.prepare_request(req)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\sessions.py", line 486, in prepare_request
    p.prepare(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\models.py", line 372, in prepare
    self.prepare_auth(auth, url)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\requests\models.py", line 603, in prepare_auth
    r = auth(self)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 818, in __call__
    r.headers["X-Esri-Authorization"] = f"Bearer {self.token}"
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 808, in token
    self._init_token_auth_handshake()
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\auth\_auth\_token.py", line 646, in _init_token_auth_handshake
    oauth_info = json.loads(js_object + "}")
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\json\decoder.py", line 353, in raw_decode
    obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 1 column 618 (char 617)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "c:\Users\eirikaa\.vscode\extensions\ms-python.python-2023.20.0\pythonFiles\lib\python\debugpy\__main__.py", line 39, in <module>
    cli.main()
  File "c:\Users\eirikaa\.vscode\extensions\ms-python.python-2023.20.0\pythonFiles\lib\python\debugpy/..\debugpy\server\cli.py", line 430, in main
    run()
  File "c:\Users\eirikaa\.vscode\extensions\ms-python.python-2023.20.0\pythonFiles\lib\python\debugpy/..\debugpy\server\cli.py", line 284, in run_file     
    runpy.run_path(target, run_name="__main__")
  File "c:\Users\eirikaa\.vscode\extensions\ms-python.python-2023.20.0\pythonFiles\lib\python\debugpy\_vendored\pydevd\_pydevd_bundle\pydevd_runpy.py", line 321, in run_path
    return _run_module_code(code, init_globals, run_name,
  File "c:\Users\eirikaa\.vscode\extensions\ms-python.python-2023.20.0\pythonFiles\lib\python\debugpy\_vendored\pydevd\_pydevd_bundle\pydevd_runpy.py", line 135, in _run_module_code
    _run_code(code, mod_globals, init_globals,
  File "c:\Users\eirikaa\.vscode\extensions\ms-python.python-2023.20.0\pythonFiles\lib\python\debugpy\_vendored\pydevd\_pydevd_bundle\pydevd_runpy.py", line 124, in _run_code
    exec(code, run_globals)
  File "C:\temp\test.py", line 4, in <module>
    test = GIS(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\__init__.py", line 586, in __init__
    raise e
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\__init__.py", line 525, in __init__
    self._portal = _portalpy.Portal(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\_impl\_portalpy.py", line 208, in __init__
    self.con = Connection(
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 363, in __init__
    self._product = self._check_product()
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 1989, in _check_product
    res = self.get(baseurl + "info", params={"f": "json"})
  File "C:\Users\eirikaa\Miniconda3\envs\arcgis2\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 872, in get
    raise Exception("A general error occurred: %s" % e)
Exception: A general error occurred: Expecting ',' delimiter: line 1 column 618 (char 617)```

**Platform:**
 - OS: Windows 11
 - Python API Version: 2.2.0 and 2.1.0.3

[achapkowski]

What is your IDP?

[eirikaa]

Azure AD

[eirikaa]

Any updates on this issue?

[akk602]

Having the same issue running 11.2 Have OpenID Connect configure and ArcGIS Login configured, getting the same error when trying to login with username/password local ArcGIS user.

[akk602]

https://community.esri.com/t5/arcgis-enterprise-portal-questions/does-disabling-arcgis-login-prevent-python-from/td-p/1317743

Adding "use_gen_token=True" parameter fixed this issue for me. Still think its a bug as this seems to be a workaround.