Python API Authentication by OAuth2.0 "Interactive Login Experience" results in "Invalid redirect_uri"

1391
7
Jump to solution
11-02-2023 02:16 PM
Labels (2)
ErinKiley
New Contributor II

I'd like to use the ArcGIS API in a Jupyter notebook, and have followed the instructions here ( https://developers.arcgis.com/python/guide/working-with-different-authentication-schemes/ ) under the section "Interactive Login Experience".

When I typically log into ArcGIS online, using my web browser, I see the mixed mode setup for Portal (like described in the solution to the question here: ( https://community.esri.com/t5/arcgis-api-for-python-questions/enterprise-python-authentication/m-p/1... )), and the URL that I am typically redirected to for login begins with "https://my-company.maps.arcgis.com/sharing/oauth2/authorize?..."   .

However, when I implement the instructions for the "Interactive Login Experience" in my Jupyter notebook, I'm executing the line

gis=GIS("https://my-company.maps.arcgis.com",client_id="...")

(where, of course, "my-company" is fake and the ellipsis assigned to "client_id" is actually my Client ID)

I'm brought to a URL beginning with "https://my-company.maps.arcgis.com/sharing/rest/oauth2/authorize?..."  (bold emphasis is mine---to show how this URL differs from that of my usual login page). I get an "Error 400 "Invalid redirect_uri".

What do I need to do differently?

Thank you for any insight...

0 Kudos
2 Solutions

Accepted Solutions
EarlMedina
Esri Regular Contributor

I believe the expected URL is in fact in that format. Perhaps you can manually set the redirect uri and see if that does anything?

View solution in original post

ErinKiley
New Contributor II

Okay... I followed the instructions here ( https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/add-redirec... ) and added "https://my-company.maps.arcgis.com" to the Redirect uri list, and for good measure, after seeing page 38 of this explanation of authentication ( https://proceedings.esri.com/library/userconf/devsummit-mea13/papers/dsmea_18.pdf ), I also added my client secret to the call in my Jupyter notebook:

gis=GIS("https://my-company.maps.arcgis.com",client_id="...",client_secret="...")

Something here worked, and I no longer get errors (actually, I don't seem to need to receive and paste a code back to my Jupyter notebook, as I'd expected to have to do).

I'm getting the warning in my Jupyter notebook "InsecureRequestWarning: Unverified HTTPS request is being made to host 'the-uri-i-specified". Adding certificate verification is strongly advised." I'm going to read up on this warning and see if I can clear it, then I'll be totally golden.

Thank you, @EarlMedina , for the help!

View solution in original post

7 Replies
EarlMedina
Esri Regular Contributor

I believe the expected URL is in fact in that format. Perhaps you can manually set the redirect uri and see if that does anything?

ErinKiley
New Contributor II

Thank you for checking the format---I'm not sure what the redirect uri should be set to? Currently, that portion of the URL is:  "redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&state=CFm8xSt6n5f8aS1ZmXYF5F9ieF03ZA&allow_verification=false" . Thank you in advance for any leads you could provide on this!

0 Kudos
ErinKiley
New Contributor II

Okay... I followed the instructions here ( https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/add-redirec... ) and added "https://my-company.maps.arcgis.com" to the Redirect uri list, and for good measure, after seeing page 38 of this explanation of authentication ( https://proceedings.esri.com/library/userconf/devsummit-mea13/papers/dsmea_18.pdf ), I also added my client secret to the call in my Jupyter notebook:

gis=GIS("https://my-company.maps.arcgis.com",client_id="...",client_secret="...")

Something here worked, and I no longer get errors (actually, I don't seem to need to receive and paste a code back to my Jupyter notebook, as I'd expected to have to do).

I'm getting the warning in my Jupyter notebook "InsecureRequestWarning: Unverified HTTPS request is being made to host 'the-uri-i-specified". Adding certificate verification is strongly advised." I'm going to read up on this warning and see if I can clear it, then I'll be totally golden.

Thank you, @EarlMedina , for the help!

ErinKiley
New Contributor II

Okay, chiming in again:

The "InsecureRequestWarning" is one that shouldn't really be ignored, but if you want to suppress it, you can include the following lines of code before the gis=GIS(...) call:

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

 

stepavac
New Contributor

According to https://developers.arcgis.com/documentation/mapping-apis-and-services/security/app-credential-authen... the expected way is to first get a token, then use it. Then there are no complaints. 

So the code could look like (note that it's a app credential):

# import the GIS class in gis module
from arcgis.gis import GIS
from arcgis.features import FeatureLayer
import requests  # pip install requests

# Get client credentials using the Developer portal and set the client_xx
# variables below. 
# https://developers.arcgis.com/applications/
def get_token():
    params = {
        'client_id': 'xxx',
        'client_secret': 'xxx',
        'grant_type': "client_credentials"
    }
    request = requests.get('https://www.arcgis.com/sharing/rest/oauth2/token',
                          params=params)
    response = request.json()
    token = response["access_token"]
    return token

token = get_token()

print("ArcGIS Online")
gis = GIS(token = token)
print("Logged in to " + gis.properties.portalName)

 

ThomasM
Occasional Contributor

This worked great for me for the most part. The only addition I needed was to add my AGOL org's URL to the 'gis' variable, otherwise, searches were performed on ALL of AGOL:

gis = GIS('https://[MY_ORG_NAME].maps.arcgis.com', token = token) #line 24 in previous comment

 

The problem I run into with this is, my tool using this sign-in method appears to only have access to items that have been shared to Everyone. Is there a way to give permission to an application using this authentication method to essentially have Admin access to items?

GIS Specialist - MO Office of Geospatial Information
0 Kudos
ZianChoy
Occasional Contributor

As of May 13, 2024 (local Redlands, CA time), the "Interactive Login Experience" section of the Working with different authentication schemes documentation for the ArcGIS API for Python says that we should not need to get a token before instantiating the GIS object.

0 Kudos