OAuth credential fail by `Bad request`

[anikfal]

I have successfully created the sh_client_id and sh_client_secret parameters. However, while trying the code below, it raises Bad request error:

import os
import datetime
import numpy as np
import matplotlib.pyplot as plt
import pandas as pd
import requests
import getpass

from sentinelhub import (
    SHConfig,
    DataCollection,
    SentinelHubCatalog,
    SentinelHubRequest,
    BBox,
    bbox_to_dimensions,
    CRS,
    MimeType,
    Geometry,
)

from utils import plot_image

config = SHConfig("my-profile")
aoi_coords_wgs84 = [4.2, 50.8, 4.21, 50.81]
resolution = 10
aoi_bbox = BBox(bbox=aoi_coords_wgs84, crs=CRS.WGS84)
aoi_size = bbox_to_dimensions(aoi_bbox, resolution=resolution)

print(f"Image shape at {resolution} m resolution: {aoi_size} pixels")
catalog = SentinelHubCatalog(config=config)

aoi_bbox = BBox(bbox=aoi_coords_wgs84, crs=CRS.WGS84)
time_interval = "2022-07-01", "2022-07-20"

search_iterator = catalog.search(
    DataCollection.SENTINEL2_L2A,
    bbox=aoi_bbox,
    time=time_interval,
    fields={"include": ["id", "properties.datetime"], "exclude": []},
)

results = list(search_iterator)
print("Total number of results:", len(results))

Last three lines of the error:

. . . File "/home/anikfal/miniconda3/envs/mysat/lib/python3.10/site-packages/oauthlib/oauth2/rfc6749/errors.py", line 400, in raise_from_error raise CustomOAuth2Error(error=error, **kwargs) oauthlib.oauth2.rfc6749.errors.CustomOAuth2Error: ({'status': 400, 'reason': 'Bad Request', 'message': 'Illegal client_id', 'code': 'OAUTH_ERROR'})

I am sure about the validity of the credentials, since I can get a token by the same credentials, by the command below:

curl --request POST --url https://identity.dataspace.copernicus.eu/auth/realms/CDSE/protocol/openid-connect/token --header 'content-type: application/x-www-form-urlencoded' --data 'grant_type=client_credentials&client_id=my_client_id' --data-urlencode 'client_secret=my_client_secret'

[zigaLuksic]

Hi @anikfal, can you tell me which version of sentinelhub-py you are using? In version 3.9.2 we added a patch for the recent changes in credential handling.

[anikfal]

Hi @zigaLuksic. It seems the version is okay:

import sentinelhub
sentinelhub.__version__
'3.9.3'

[anikfal]

I can use 2 separate sentinel hub dashboards:

1. https://apps.sentinel-hub.com/dashboard/#/account/settings
2. https://shapps.dataspace.copernicus.eu/dashboard/#/account/settings

I created the credentials by the second dashboard (shapps.dataspace.copernicus.eu) . The first one seems not to be free.

[willrayeo]

Hi @anikfal can you confirm that when you create your profile specific to Copernicus Data Space Ecosystem you are inputting all of the below parameters?

config = SHConfig()
config.sh_client_id = getpass.getpass("Enter your SentinelHub client id")
config.sh_client_secret = getpass.getpass("Enter your SentinelHub client secret")
config.sh_token_url = "https://identity.dataspace.copernicus.eu/auth/realms/CDSE/protocol/openid-connect/token"
config.sh_base_url = "https://sh.dataspace.copernicus.eu"
config.save("cdse")

It's important to set the token url and base url parameters as the default parameters for sentinelhub-py won't work with Copernicus Data Space Ecosystem.

For some up to date examples on using sentinelhub-py with Copernicus Data Space Ecosystem I would recommend going through this notebook.

[anikfal]

Hi @willrayeo. Problem solved. Thanks for mentioning those critical points.

I had not set config.sh_token_url and config.sh_base_url in my config.toml (no need to config.save("cdse") for my case). So they had some other addresses (https://services.sentinel-hub.com/oauth/token and https://services.sentinel-hub.com).

I wonder if it was necessary to establish two separate services (services.sentinel-hub.com and sh.dataspace.copernicus.eu)? It was a bit confusing for me as the user.