Open Samweli opened 2 years ago
I've having auth error with using the default Microsoft service either when trying to download an asset (adding the asset also cause an error but unsure if they have the same root cause). Is it due to lack of auth for this service or for another reason?
Error in downloading file, Download failed: Error transferring https://sentinel2l2a01.blob.core.windows.net/sentinel2-l2/20/T/LT/2022/08/16/S2A_MSIL2A_20220816T151701_N0400_R025_T20TLT_20220817T074117.SAFE/GRANULE/L2A_T20TLT_A037345_20220816T151703/IMG_DATA/R10m/T20TLT_20220816T151701_B08_10m.tif?st=2022-08-16T17%3A14%3A22Z&se=2022-08-17T17%3A59%3A22Z&sp=rl&sv=2021-06-08&sr=c&skoid=c85c15d6-d1ae-42d4-af60-e2ca0f81359b&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2022-08-17T14%3A23%3A48Z&ske=2022-08-24T14%3A23%3A48Z&sks=b&skv=2021-06-08&sig=8a8HDj5G2y%2BTQLatzIf3Acz4HkwKc30UwIzJDqLi5qg%3D?st=2022-08-16T17%3A14%3A22Z&se=2022-08-17T17%3A59%3A22Z&sp=rl&sv=2021-06-08&sr=c&skoid=c85c15d6-d1ae-42d4-af60-e2ca0f81359b&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2022-08-17T14%3A23%3A48Z&ske=2022-08-24T14%3A23%3A48Z&sks=b&skv=2021-06-08&sig=8a8HDj5G2y%2BTQLatzIf3Acz4HkwKc30UwIzJDqLi5qg%3D - server replied: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Used in QGIS 3.27 in windows 10.
I've having auth error with using the default Microsoft service either when trying to download an asset (adding the asset also cause an error but unsure if they have the same root cause). Is it due to lack of auth for this service or for another reason?
Error in downloading file, Download failed: Error transferring https://sentinel2l2a01.blob.core.windows.net/sentinel2-l2/20/T/LT/2022/08/16/S2A_MSIL2A_20220816T151701_N0400_R025_T20TLT_20220817T074117.SAFE/GRANULE/L2A_T20TLT_A037345_20220816T151703/IMG_DATA/R10m/T20TLT_20220816T151701_B08_10m.tif?st=2022-08-16T17%3A14%3A22Z&se=2022-08-17T17%3A59%3A22Z&sp=rl&sv=2021-06-08&sr=c&skoid=c85c15d6-d1ae-42d4-af60-e2ca0f81359b&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2022-08-17T14%3A23%3A48Z&ske=2022-08-24T14%3A23%3A48Z&sks=b&skv=2021-06-08&sig=8a8HDj5G2y%2BTQLatzIf3Acz4HkwKc30UwIzJDqLi5qg%3D?st=2022-08-16T17%3A14%3A22Z&se=2022-08-17T17%3A59%3A22Z&sp=rl&sv=2021-06-08&sr=c&skoid=c85c15d6-d1ae-42d4-af60-e2ca0f81359b&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2022-08-17T14%3A23%3A48Z&ske=2022-08-24T14%3A23%3A48Z&sks=b&skv=2021-06-08&sig=8a8HDj5G2y%2BTQLatzIf3Acz4HkwKc30UwIzJDqLi5qg%3D - server replied: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Used in QGIS 3.27 in windows 10.
@roya0045 no this is not related to the lack of authenication support. Can you share the steps and name of the item you wanted to download. thanks
I did some testing with 2 installs, one was with the official 3.24.2 version of QGIS and the other was with 3.27.0 build of master with some of my additions as the mingw64 artefact.
For both I did the following:
The results:
As a sidenote, the command to view the download folder throws an error. Using subprocess.check_call with explorer always seems to return 1, even if the file explorer is opened properly. This throws an error in QGIS. Might be worth silencing the error or just using subprocess.call directly and taking the 1.
hi @Samweli ,
Do you know if QGIS authentication system supports GDAL's /vsicurl
handler now?
It looks like QGIS auths are restricted to specific remote resources (below is from the QGIS doc... but not sure if it's up-to-date)
If not, we should still be able to use the framework to get token and put the authorization bearer somewhere GDAL can find it ...
Hi, @Samweli! Do we need to pass the authentication parameters here? https://github.com/stac-utils/qgis-stac-plugin/blob/main/src/qgis_stac/api/network.py#L100
update for clarity
I believe we need to pass the authentication credentials into pystac_client.Client.open
. I have a STAC where I can use the headers
arg in pystac_client.Client.open
to authenticate my connection
e.g.
pystac_client.Client.open(
<CATALOG_URL>,
headers={"x-functions-key": <TOKEN>}
)
From what I can tell, the plugin is not passing any credentials to pystac_client
.
@hrodmn I believe that's the STAC endpoint.
You have to pass the parameters from here:
Unfortunately for now I am still not able to use OAuth2
I opened a fork and made a change that enables API header authentication via the QGIS authentication manager: https://github.com/stac-utils/qgis-stac-plugin/commit/fd446f68bba400fddd04390e0bd60fc5ab201dab
Right now it would only work for an API Header type of authentication so it's not a complete solution.
Okay, thanks for clarifications!
Do you know if QGIS authentication system supports GDAL's
/vsicurl
handler now?
Hi @remicres it currently doesn't supports the handler there is no entry for it in the list of the supported auth methods.
Hi, @Samweli! Do we need to pass the authentication parameters here? https://github.com/stac-utils/qgis-stac-plugin/blob/main/src/qgis_stac/api/network.py#L100
Hi @hrodmn, as you mentioned at the moment the plugin doesn't support passing authentication parameters to the pystac_client
library, the intention is to use the QGIS authentication system to achieve authentication in the plugin.
Hi @remicres it currently doesn't supports the handler there is no entry for it in the list of the supported auth methods.
Hi @Samweli thanks for the info.
I guess accessing secured assets files is another thing. I am starting to think that this could be done nicely with a secured (i.e. with auth. required) dynamic STAC endpoint returning signed assets URIs.
The QGIS application provides an authentication framework for different data providers. We need to integrate the plugin so that it works with all types of authentication that are supported by QGIS authentication system. The UI for this is already in place and it was intended to work from the last release plugin version.
See https://github.com/stac-utils/qgis-stac-plugin/issues/124 and https://github.com/stac-utils/qgis-stac-plugin/issues/206