topic Re: Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri" in ArcGIS API for Python Questions

Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

ErinKiley — Thu, 02 Nov 2023 21:16:49 GMT

I'd like to use the ArcGIS API in a Jupyter notebook, and have followed the instructions here ( https://developers.arcgis.com/python/guide/working-with-different-authentication-schemes/ ) under the section "Interactive Login Experience".

When I typically log into ArcGIS online, using my web browser, I see the mixed mode setup for Portal (like described in the solution to the question here: ( https://community.esri.com/t5/arcgis-api-for-python-questions/enterprise-python-authentication/m-p/1022873 )), and the URL that I am typically redirected to for login begins with "https://my-company.maps.arcgis.com/sharing/oauth2/authorize?..." .

However, when I implement the instructions for the "Interactive Login Experience" in my Jupyter notebook, I'm executing the line

gis=GIS("https://my-company.maps.arcgis.com",client_id="...")

(where, of course, "my-company" is fake and the ellipsis assigned to "client_id" is actually my Client ID)

I'm brought to a URL beginning with "https://my-company.maps.arcgis.com/sharing/rest/oauth2/authorize?..." (bold emphasis is mine---to show how this URL differs from that of my usual login page). I get an "Error 400 "Invalid redirect_uri".

What do I need to do differently?

Thank you for any insight...

Re: Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

EarlMedina — Thu, 02 Nov 2023 22:21:19 GMT

I believe the expected URL is in fact in that format. Perhaps you can manually set the redirect uri and see if that does anything?

Re: Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

ErinKiley — Fri, 03 Nov 2023 00:59:51 GMT

Thank you for checking the format---I'm not sure what the redirect uri should be set to? Currently, that portion of the URL is: "redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&state=CFm8xSt6n5f8aS1ZmXYF5F9ieF03ZA&allow_verification=false" . Thank you in advance for any leads you could provide on this!

Re: Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

ErinKiley — Fri, 03 Nov 2023 01:31:57 GMT

Okay... I followed the instructions here ( https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/add-redirect-uri/ ) and added "https://my-company.maps.arcgis.com" to the Redirect uri list, and for good measure, after seeing page 38 of this explanation of authentication ( https://proceedings.esri.com/library/userconf/devsummit-mea13/papers/dsmea_18.pdf ), I also added my client secret to the call in my Jupyter notebook:

gis=GIS("https://my-company.maps.arcgis.com",client_id="...",client_secret="...")

Something here worked, and I no longer get errors (actually, I don't seem to need to receive and paste a code back to my Jupyter notebook, as I'd expected to have to do).

I'm getting the warning in my Jupyter notebook "InsecureRequestWarning: Unverified HTTPS request is being made to host 'the-uri-i-specified". Adding certificate verification is strongly advised." I'm going to read up on this warning and see if I can clear it, then I'll be totally golden.

Thank you, @EarlMedina , for the help!

Re: Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

ErinKiley — Fri, 03 Nov 2023 17:57:20 GMT

Okay, chiming in again:

The "InsecureRequestWarning" is one that shouldn't really be ignored, but if you want to suppress it, you can include the following lines of code before the gis=GIS(...) call:

import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

Re: Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

stepavac — Fri, 26 Apr 2024 21:03:15 GMT

According to https://developers.arcgis.com/documentation/mapping-apis-and-services/security/app-credential-authentication/ the expected way is to first get a token, then use it. Then there are no complaints.

So the code could look like (note that it's a app credential):

# import the GIS class in gis module from arcgis.gis import GIS from arcgis.features import FeatureLayer import requests # pip install requests # Get client credentials using the Developer portal and set the client_xx # variables below. # https://developers.arcgis.com/applications/ def get_token(): params = { 'client_id': 'xxx', 'client_secret': 'xxx', 'grant_type': "client_credentials" } request = requests.get('https://www.arcgis.com/sharing/rest/oauth2/token', params=params) response = request.json() token = response["access_token"] return token token = get_token() print("ArcGIS Online") gis = GIS(token = token) print("Logged in to " + gis.properties.portalName)

Re: Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

ThomasM — Thu, 09 May 2024 16:39:19 GMT

This worked great for me for the most part. The only addition I needed was to add my AGOL org's URL to the 'gis' variable, otherwise, searches were performed on ALL of AGOL:

gis = GIS('https://[MY_ORG_NAME].maps.arcgis.com', token = token) #line 24 in previous comment

The problem I run into with this is, my tool using this sign-in method appears to only have access to items that have been shared to Everyone. Is there a way to give permission to an application using this authentication method to essentially have Admin access to items?

Re: Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

ZianChoy — Mon, 13 May 2024 22:42:04 GMT

As of May 13, 2024 (local Redlands, CA time), the "Interactive Login Experience" section of the Working with different authentication schemes documentation for the ArcGIS API for Python says that we should not need to get a token before instantiating the GIS object.