search

mapillary / mapillary-python-sdk

A Python 3 library built on the Mapillary API v4 to facilitate retrieving and working with Mapillary data.
MIT License
37 stars 14 forks source link

Authentication mismatch for tiles endpoints between the API v4 and the SDK #124

Closed OmarMuhammedAli closed 2 years ago

OmarMuhammedAli commented 2 years ago

Describe the bug The vector tiles endpoints authentication flow has changed since the Client interface was implemented. The tiles endpoints no longer accept the access_token to be set in the request headers, they now need to be sent as a query parameter in the calling URL as such: https://tiles.mapillary.com/maps/vtp/mly1_public/2/{z}/{x}/{y}?access_token=MLY|XXX

To Reproduce You can interact with any interface function that communicates with a tiles endpoint

>>> import mapillary as mly
>>> mly.interface.set_access_token('MLY|XXX')
{'token': 'SUCCESS'}
>>> mly.interface.traffic_signs_in_bbox({'east': -109.2459225654602, 'south': 45.18050167118351, 'west': -109.24773573875427, 'north': 45.182150271272505}, filter_values=['complementary--keep-left--g1'])

Expected behavior

Requesting GET to https://tiles.mapillary.com/maps/vtp/mly_map_feature_traffic_sign/2/14/3220/5881/
Response 403 Forbidden received in 290ms
Server responded with a 403 error!
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "D:\Mapillary\mapillary-python-sdk\src\mapillary\utils\auth.py", line 59, in wrapper
    return f(*args, **kwargs)
  File "D:\Mapillary\mapillary-python-sdk\src\mapillary\interface.py", line 537, in traffic_signs_in_bbox
    return feature.get_map_features_in_bbox_controller(
  File "D:\Mapillary\mapillary-python-sdk\src\mapillary\controller\feature.py", line 120, in get_map_features_in_bbox_controller
    res = client.get(url)
  File "D:\Mapillary\mapillary-python-sdk\src\mapillary\models\client.py", line 197, in get
    return self._initiate_request(url=url, method="GET", params=params)
  File "D:\Mapillary\mapillary-python-sdk\src\mapillary\models\client.py", line 176, in _initiate_request
    res.raise_for_status()
  File "C:\Users\Omar\.virtualenvs\mapillary-python-sdk-EIuGwdL6\lib\site-packages\requests\models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://tiles.mapillary.com/maps/vtp/mly_map_feature_traffic_sign/2/14/3220/5881/

Screenshots image

Rubix982 commented 2 years ago

We should also send a report to the API team. Sending tokens via URL is still not as secure as sending via headers.

CC: @cbeddow

OmarMuhammedAli commented 2 years ago

Yes, I totally agree @Rubix982

cbeddow commented 2 years ago

Reported this to the team, let's see

Rubix982 commented 2 years ago

Duplicate of #131 - closing here so the discussion can be shifted over there as well.