Add token arg to download() for in-script use

[DominiqueMakowski]

Hi, I'm using the on.download() function interactively from a jupyter notebook (not from the terminal) and I was wondering if it was possible to add an argument to download() to be able to pass a token to access unpublished datasets? Thanks

[hoechenberger]

Hello, I'd rather not do that, as the token would end up in your Python command history and potentially in a shared notebook etc. Remember that this is a credential that's meant to be kept secret.

Can you try storing the token via openneuro.login()? (I've never tried it in a Notebook though!)

An alternative could be adding support for retrieving it from an env var.

cc @wmvanvliet @cbrnr

[cbrnr]

Seems like the available config/login mechanism already supports access tokens, so I'm not sure I understand the problem. Is it specific to notebooks?

[DominiqueMakowski]

Thanks! I guess I was asking if a more straightforward and reproducible (i.e., that doesn't depend on external config files) way of accessing unpublished datasets existed. I looked at login() and I naively thought that I could have a script like:

import openneuro as on

token = "blabla"
on.login(token)
on.download(...)

But login() doesn't take input arguments...

, as the token would end up in your Python command history and potentially in a shared notebook

Security is a fair point, but still, one could provide the option to do this and then perhaps add a warning that this might be unsafe?

[hoechenberger]

No, sorry, I won't do that, it's a huge security risk. I'd consider adding support for an env var though if that would help you.

[DominiqueMakowski]

It's alright, don't worry, thanks!

[hoechenberger]

Thanks for your understanding, @DominiqueMakowski!