Open dprophet opened 4 years ago
Hi @dprophet
When looking at the code, I think the token will be set by default, so there is no need to pass the token to the viz as long as you have MAPBOX_ACCESS_TOKEN
in your env https://github.com/mapbox/mapboxgl-jupyter/blob/master/mapboxgl/viz.py#L177
The problem with MAPBOX_ACCESS_TOKEN is that token can be viewed via os.environ. In a hosted Jupyter environment, like a Docker container, the access token must not be exposed to the user.
I'm not sure if this works for your use case, but it sounds like you could avoid supplying the MAPBOX_ACCESS_TOKEN via your hosted notebook at all and require the user to sign up for a free token from Mapbox that they would then supply to the viz constructor directly? Otherwise, I think this requires use of the Mapboxgl JavaScript library tokens api (https://docs.mapbox.com/api/accounts/#tokens). Maybe @ryanbaumann has more insight on this?
MAPBOX_ACCESS_TOKEN is bad. All I need to do is print the environment variables and its exposed. Commercial usage of MAPBOX_ACCESS_TOKEN can be quite expensive.
@dprophet we should update the examples to not use an environment variable - you can simply pass your mapbox access token as a variable to the map viz initialization i.e.
viz = CircleViz('points.geojson',
access_token="pk...."
)
In all of the example notebooks you get the mapbox token from the environment like so
"token = os.getenv('MAPBOX_ACCESS_TOKEN')"
If we used a hosted Jupyter notebook environment we certainly dont want to pass our Mapbox token around to users. How do make the token part of the install/Jupyter platform not part of the notebook runtime?