search

Open-EO / openeo-python-client

Python client API for OpenEO
https://open-eo.github.io/openeo-python-client/
Apache License 2.0
156 stars 42 forks source link

how to connect with Google Earth Engine #616

Closed jome1 closed 2 months ago

jome1 commented 2 months ago

Dear Community,

I want to connect to the Google Earth Engine via the python openeo API. The documentation is not detailed enough for this.

The Google Earth Engine implementation for openEO only supports Basic authentication. So you would use the following code for the connection:

import openeo

connection = openeo.connect("https://earthengine.openeo.org")
connection.authenticate_basic("username", "password")

Which username and password do I have to use? The documentation refers to this link. There is a link to register for GEE. But then I only create a new cloud project with my google account. Using my google mail address and my password in the code above for the connection does not work.

soxofaan commented 2 months ago

@m-mohr I think this question better belongs under the https://github.com/Open-EO/openeo-earthengine-driver project, but I can not transfer it there

jome1 commented 2 months ago

Thanks for the info! I posted it there too. You can close this issue if you want.

m-mohr commented 2 months ago

Answered it here: https://github.com/Open-EO/openeo-earthengine-driver/issues/91#issuecomment-2343697775

Unfortunately, the Python client doesn't really support the OIDC flows yet (I think?) that Google exposes (implicit or other flows without PKCE).

soxofaan commented 2 months ago

indeed the "implicit" flow is not supported by python client

at https://accounts.google.com/.well-known/openid-configuration I see that "device_code" flow is supported, so that could work with the Python client. However, it requires a client id to work with, which is cumbersome for regular users to obtain (as noted in https://github.com/Open-EO/openeo-earthengine-driver/issues/91#issuecomment-2343697775)

m-mohr commented 2 months ago

Yes, it's device_code without PKCE, so it's indeed annoying because you need a secret if I remember correctly and that makes it pretty user-unfriendly because we can't use auto-discovery via the openEO API. Google's OIDC implementation just sucks.

soxofaan commented 2 months ago

Yes, it's device_code without PKCE,

I have no room for a deep dive, but I noticed this in their openid-configuration doc

"code_challenge_methods_supported": ["plain", "S256" ],

which suggest there must be some form of PKCE support I think