Community
Select to view content in your preferred language

Is it possible to use the ArcGIS Online Python API if my organziation is using a federated login?

11003
14
07-14-2017 10:08 AM
mfcallahan
by
Frequent Contributor
‎07-14-2017 10:08 AM

My company has a federated single sign on with ArcGIS Online, and I'm unable to authenticate with AGOL and the Python API. 

gis = GIS(agolUrl, userName, password)

This line will throw an exception, "Unable to generate token.  Invalid username or password."  The values for "userName" and "password" are my normal AGOL logins - these will work when logging into the AGOL homepage in my browser.  I'm able to log in using my personal account (this one), and query content with the GIS() module.  How do I authenticate via the Python API using my account that is a federated login from my company?

Tags (3)
0 Kudos
14 Replies
CheckCheckov
by
New Contributor
‎12-07-2021 01:21 PM

Hey, interested in this very much, do you have code/process available for how you used Beautiful Soup to overcome this and generate a token. Did you then pass that token to the GIS() class?

0 Kudos
WengNg2
by
Occasional Contributor
‎12-14-2021 10:09 PM

Checkout this article : https://www.prowestgis.com/there-and-back-again/.

Yes, you pass the token generated to the GIS() class. However, there is small disadvantage that I found later on, the token expires after 30 minutes. Any API calls that last longer than 30 minutes will result in an error after the token expires. I haven't found a way around this issue yet but funnily enough, the API call will continue to execute and finish regardless of when your token expires. 

 

 

mfcallahan
by
Frequent Contributor
‎01-20-2022 09:28 AM

Wow, thank you for the reply 4 years later! Since then I've had a few different jobs, but I'm actually back at the same company, and have been tasked to again investigate this same thing! My manager inquired about how it would work with Active Directory, and I remembered that I had asked this question once upon a time.  Low and behold, there was an answer! I'm going to give this a try and will report back with my experience! Thanks again!

0 Kudos
KarenM
by
New Contributor
‎02-01-2022 08:06 PM

Thanks for sharing this approach! I'm faced with solving this as well. I've followed the article at the link you posted. I got it all working up until the section below, at which time I get an error that 'code' is not defined. I've been trying to follow the description of how this works to figure out what is missing, but some of it is beyond me. I wonder if you (or anyone) can tell me where the 'code' variable is defined?

# Exchange the code for an access token
post_data = {
    'client_id': 'PUBLIC_CLIENT_ID',
    'code': code,
    'redirect_uri': 'urn:ietf:wg:oauth:2.0:oob',
    'grant_type': 'authorization_code'
}
 
url = 'https://' + ORGANIZATION_NAME + '.maps.arcgis.com/sharing/rest/oauth2/token'
 
response = requests.post(url, data = post_data)
token_response = json.loads(response.text)
access_token = token_response['access_token']

 

0 Kudos
WengNg2
by
Occasional Contributor
‎02-03-2022 09:40 PM

The code variable refers to the authorization code returned when send a POST request to the IDP.

 It is returned by this line 

response = requests.post(oAuthInfo['federationInfo']['idpAuthorizeUrl'], data = post_data, allow_redirects = True, auth=credentials)

 You will have to use BeautifulSoup again to parse the response and get the code from the response variable by doing something like this : 

code = soup.find(id='code')['value']

I think the article is missing this step but it is implied somewhere.