I am a GIS professional within my organization. I'm trying to write a python script that can access our ArcGIS Online organization to help me automate management the layers and other items I'm responsible for. Some of these layers are not shared publicly and are restricted by groups within the org. I login into our organization with an account federated with our Active Directory. I want the script I'm writing to run at night and obtain info from all my items, so it can't prompt me for a password at runtime.
I'm following the instructions in the API help (link here) for how to connect, but I'm running into issues. Specifically I'm using the sample code from the section after the paragraph:
I have Pro 2.4 installed, and I'm using a python environment that has the ArcGIS API for python upgraded to 1.6.2.
Here is my code:
gis = arcgis.GIS("https://myagolorg.maps.arcgis.com", username="MyActiveDirectoryUsername", password="MyActiveDirectoryPassword", client_id='MyAGOLAppClientID')
print("Successfully logged in as: " + gis.properties.user.username)
When I run this in a Jupyter Notebook, I get a 'module not found error'.
: No module named 'bs4'
I googled bs4 and figured out it's a module named BeautifulSoup4. I went back into Pro and added that package to my environment
After this install is done I rerun by script, but now I get a variable reference error:
: local variable 'oauth_info' referenced before assignment
Has anyone been able to successfully login to their AGOL org from python API using a federated account and no credentials prompt? If there is another method let me know. I know that a built-in account would be easier but that's not my preference. I know that an app login my work for connecting, but it won't provide access to items that aren't shared publicly.
Rohit’s answer is very comprehensive and the solution to use named user from the agol store is appropriate but just in case you wanted to run the script as the actual end use, one way is to bypass the problem you are facing by:
1. Use a web workflow first through the JS API to authenticate the end user with OAuth Federated identity and grab the user token
2. Pass that token down (through a secured web service) to your python script and create the GIS object using token auth
Obviously the token has an expiry time.
Also, the web service above should be secure and posted on https.
I’ve used this before successfully.