I'd like to use the ArcGIS API in a Jupyter notebook, and have followed the instructions here ( https://developers.arcgis.com/python/guide/working-with-different-authentication-schemes/ ) under the section "Interactive Login Experience".
When I typically log into ArcGIS online, using my web browser, I see the mixed mode setup for Portal (like described in the solution to the question here: ( https://community.esri.com/t5/arcgis-api-for-python-questions/enterprise-python-authentication/m-p/1... )), and the URL that I am typically redirected to for login begins with "https://my-company.maps.arcgis.com/sharing/oauth2/authorize?..." .
However, when I implement the instructions for the "Interactive Login Experience" in my Jupyter notebook, I'm executing the line
gis=GIS("https://my-company.maps.arcgis.com",client_id="...")
(where, of course, "my-company" is fake and the ellipsis assigned to "client_id" is actually my Client ID)
I'm brought to a URL beginning with "https://my-company.maps.arcgis.com/sharing/rest/oauth2/authorize?..." (bold emphasis is mine---to show how this URL differs from that of my usual login page). I get an "Error 400 "Invalid redirect_uri".
What do I need to do differently?
Thank you for any insight...
Solved! Go to Solution.
I believe the expected URL is in fact in that format. Perhaps you can manually set the redirect uri and see if that does anything?
Okay... I followed the instructions here ( https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/add-redirec... ) and added "https://my-company.maps.arcgis.com" to the Redirect uri list, and for good measure, after seeing page 38 of this explanation of authentication ( https://proceedings.esri.com/library/userconf/devsummit-mea13/papers/dsmea_18.pdf ), I also added my client secret to the call in my Jupyter notebook:
gis=GIS("https://my-company.maps.arcgis.com",client_id="...",client_secret="...")
Something here worked, and I no longer get errors (actually, I don't seem to need to receive and paste a code back to my Jupyter notebook, as I'd expected to have to do).
I'm getting the warning in my Jupyter notebook "InsecureRequestWarning: Unverified HTTPS request is being made to host 'the-uri-i-specified". Adding certificate verification is strongly advised." I'm going to read up on this warning and see if I can clear it, then I'll be totally golden.
Thank you, @EarlMedina , for the help!
I believe the expected URL is in fact in that format. Perhaps you can manually set the redirect uri and see if that does anything?
Thank you for checking the format---I'm not sure what the redirect uri should be set to? Currently, that portion of the URL is: "redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&state=CFm8xSt6n5f8aS1ZmXYF5F9ieF03ZA&allow_verification=false" . Thank you in advance for any leads you could provide on this!
Okay... I followed the instructions here ( https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/add-redirec... ) and added "https://my-company.maps.arcgis.com" to the Redirect uri list, and for good measure, after seeing page 38 of this explanation of authentication ( https://proceedings.esri.com/library/userconf/devsummit-mea13/papers/dsmea_18.pdf ), I also added my client secret to the call in my Jupyter notebook:
gis=GIS("https://my-company.maps.arcgis.com",client_id="...",client_secret="...")
Something here worked, and I no longer get errors (actually, I don't seem to need to receive and paste a code back to my Jupyter notebook, as I'd expected to have to do).
I'm getting the warning in my Jupyter notebook "InsecureRequestWarning: Unverified HTTPS request is being made to host 'the-uri-i-specified". Adding certificate verification is strongly advised." I'm going to read up on this warning and see if I can clear it, then I'll be totally golden.
Thank you, @EarlMedina , for the help!
Okay, chiming in again:
The "InsecureRequestWarning" is one that shouldn't really be ignored, but if you want to suppress it, you can include the following lines of code before the gis=GIS(...) call:
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
According to https://developers.arcgis.com/documentation/mapping-apis-and-services/security/app-credential-authen... the expected way is to first get a token, then use it. Then there are no complaints.
So the code could look like (note that it's a app credential):
# import the GIS class in gis module
from arcgis.gis import GIS
from arcgis.features import FeatureLayer
import requests # pip install requests
# Get client credentials using the Developer portal and set the client_xx
# variables below.
# https://developers.arcgis.com/applications/
def get_token():
params = {
'client_id': 'xxx',
'client_secret': 'xxx',
'grant_type': "client_credentials"
}
request = requests.get('https://www.arcgis.com/sharing/rest/oauth2/token',
params=params)
response = request.json()
token = response["access_token"]
return token
token = get_token()
print("ArcGIS Online")
gis = GIS(token = token)
print("Logged in to " + gis.properties.portalName)
This worked great for me for the most part. The only addition I needed was to add my AGOL org's URL to the 'gis' variable, otherwise, searches were performed on ALL of AGOL:
gis = GIS('https://[MY_ORG_NAME].maps.arcgis.com', token = token) #line 24 in previous comment
The problem I run into with this is, my tool using this sign-in method appears to only have access to items that have been shared to Everyone. Is there a way to give permission to an application using this authentication method to essentially have Admin access to items?
As of May 13, 2024 (local Redlands, CA time), the "Interactive Login Experience" section of the Working with different authentication schemes documentation for the ArcGIS API for Python says that we should not need to get a token before instantiating the GIS object.