Closed LucHermitte closed 2 months ago
Very cool addition! I hadn't the use of encrypted .netrc files, looks widely useful. Give me a bit to test it out, but I think this looks nice
I'm wondering whether sentineleof
could also support authentication with an access_token
already obtained. This way we could easily support batch operations where the call to sentineleof is just a part of a bigger processing. The problem is that the 2FA token is refreshed every 30s or so. If we launch a bigger process that downloads EOF files on the fly, we cannot wait between the moment the 2FA token is obtained and when it's used to request the access_token
.
We could have a --cdse-access-token
parameter that would by-pass calls to get_access_token
.
I think it'd be better to do some refactoring like decoupling download_all()
from login/password/netrcfile/2FA_token: instead it could receive the access_token
instead.
Also it seems search operations don't need us to be authenticated.
Oh weird, somehow I didn't see the comment, maybe github didn't update it while I was approving
I'm wondering whether
sentineleof
could also support authentication with anaccess_token
already obtained. This way we could easily support batch operations where the call to sentineleof is just a part of a bigger processing. The problem is that the 2FA token is refreshed every 30s or so. If we launch a bigger process that downloads EOF files on the fly, we cannot wait between the moment the 2FA token is obtained and when it's used to request theaccess_token
.We could have a
--cdse-access-token
parameter that would by-pass calls toget_access_token
.
I think that sounds like a great idea.
I think it'd be better to do some refactoring like decoupling
download_all()
from login/password/netrcfile/2FA_token: instead it could receive theaccess_token
instead.
Agreed that the design is poor right now. A change like that would improve things, as it shouldn't be hard to pass a token. The origin of the repo as "phd code that I just wanted nice for me" is creeping in
Also it seems search operations don't need us to be authenticated.
An even better reason to decouple the access token request
OK. I'll look into it. I don't know how long the access_token stays valid. I'll have to check that first.
This PR enables two things
Two-Factor authentication on CDSE
Current implementation was not compatible with accounts where 2FA is enabled. The related API is described on https://documentation.dataspace.copernicus.eu/APIs/Token.html
As I wasn't sure how to know whether the account requires 2FA, I didn't try to ask interactively for the 2FA token at the last moment.
Support
.netrc
stored in any locationI don't store my
.netrc
directly under$HOME
, but elsewhere. I've introduced the same option as the one supported by curl:--netrc-file
I'd have loved to support encrypted.netrc
-- which I use with git thanks togit-netrc-credential
. Alas I'm afraid this will introduce an unwelcome dependency.Note that this will also permit to support encrypted
.netrc
files out-of-the box thanks to:Finally
I haven't updated version number.