UnboundLocalError when trying to authenticate against portal with enterprise login

1884
6
09-24-2019 03:38 AM
AnttiKajanus3
New Contributor III

Hi guys,

We are trying to connect to a portal using Python API and we have got some issues with it. The use case here is that we want to authenticate non-interactive fashion to the portal using OAuth on times fashion. Basically we have followed this guide. When we run the code, we see following error:

C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python37_64\lib\site-packages\arcgis\_impl\connection.py 
in oauth_authenticate(self, client_id, expiration)    
462                 'username': self._username,    
463                 'password': self._password,
--> 464             'oauth_state': oauth_info['oauth_state']    
465             }    
466             content = self.post('oauth2/signin', parameters, ssl=True, try_json=False, add_token=False)
UnboundLocalError: local variable 'oauth_info' referenced before assignment

Code used:

from arcgis.gis import GIS
gis = GIS("https://{{portalurlhere}}/home", 
                username='{{usernamehere}}',
                password='{{passwordhere}}', 
                client_id='{{clientidhere}}')
print("Successfully logged in as: " + gis.properties.user.username)‍‍‍‍‍‍‍‍‍

Atma ManiRohit Singh‌ Any idea what we are doing wrong here? Do you think this is an issue in the API? 

0 Kudos
6 Replies
AnttiKajanus3
New Contributor III
0 Kudos
AnttiKajanus3
New Contributor III

Just a bit more background information here. 

- Using ArcGIS Online with Enterprise login set up by the customer, we don't have access to the settings but can ask more details if required. 

- We don't know if the current setup supports non-interactive. How do we find out? We are assuming that even if the provider isn't compatible, it shouldn't be this kind of error.

If the configured identity provider is compatible, you may also be able to provide your username and password, along with the client_id for a non interactive login experience using OAuth 2.0

0 Kudos
RohitSingh2
Esri Contributor

OAuth2/SAML is an interactive workflow and we do not know what identity provider may be configured and how it prompts the user to sign in.

 

We have some special logic to handle non-interactive login given the username and password if the configured identify provider is a particular one and responds to our requests with a known format. This is the identity provider configured on our Python API demo portal (python.playground.esri.com) and a few other Esri portals. The approach we use to login non-interactly on such portals is similar to the one described at https://www.prowestgis.com/there-and-back-again/.

 

However, it’s more likely that we wont encounter such portals in the wild and we fall back to interactive login if that is the case. This is what you are experiencing.

The recommended suggestion for non-interactive login for scripts is to use built-in users instead of SAML.

0 Kudos
AnttiKajanus
New Contributor III

Thanks Rohit Singh‌ for the answer. What comes to the error message, it's definitely not helpful and doesn't provide information to the user what really goes wrong. I would recommend providing a different error message in cases like this. 

 I will try to see if we can use the same approach shown in the link. Thanks a lot for that. 

It sounds like that the if we want to follow the recommended way (use built-in users for scripts) would require us to get one from the customer that is specifically created for the automated scripts. Is there things to know or can you point to the documentation related to the ArcGIS Online configuration that uses both built in and based authentication models?

0 Kudos
AnttiKajanus3
New Contributor III

Hi guys,
I tried to use interactive process as well with the python and I get the same error also in this workflow.

from arcgis.gis import GIS 
gis = GIS("https://{{portalurlhere}}/home", username='{{usernamehere}}', client_id='{{clientidhere}}') 
print("Successfully logged in as: " + gis.properties.user.username)

Error: UnboundLocalError: local variable 'oauth_info' referenced before assignment

Do you think that there is something wrong with how the authentication is set up? Is there limitations on the environments where the python is run such as console / jupyter? 

0 Kudos
TarunJaiswal
Esri Contributor

Hi!

Looking at the code sample in the below documentation.

Working with different authentication schemes | ArcGIS for Developers 

Are you able to go through the interactive process when using the below code?

from arcgis.gis import GIS 
gis = GIS("https://{{portalurlhere}}/home", client_id='{{clientidhere}}') 
print("Successfully logged in as: " + gis.properties.user.username)