.. _examples_native_app_login: Native App Login ---------------- This is an example of the use of the Globus SDK to carry out an OAuth2 Native App Authentication flow. The goal here is to have a user authenticate in Globus Auth, and for the SDK to procure tokens which may be used to authenticate SDK calls against various services for that user. Get a Client ~~~~~~~~~~~~ In order to complete an OAuth2 flow to get tokens, you must have a client definition registered with Globus Auth. To do so, follow the relevant documentation for the `Globus Auth Service `_ or go directly to `developers.globus.org `_ to do the registration. Make sure, when registering your application, that you enter ``https://auth.globus.org/v2/web/auth-code`` into the "Redirect URIs" field. This is necessary to leverage the default behavior of the SDK, and is typically sufficient for this type of application. Do the Flow ~~~~~~~~~~~ If you want to copy-paste an example, you'll need at least a ``client_id`` for your ``AuthClient`` object. You should also specifically use the :class:`NativeAppAuthClient ` type of ``AuthClient``, as it has been customized to handle this flow. The shortest version of the flow looks like this: .. code-block:: python import globus_sdk # you must have a client ID CLIENT_ID = "..." client = globus_sdk.NativeAppAuthClient(CLIENT_ID) client.oauth2_start_flow() authorize_url = client.oauth2_get_authorize_url() print("Please go to this URL and login: {0}".format(authorize_url)) auth_code = input("Please enter the code you get after login here: ").strip() token_response = client.oauth2_exchange_code_for_tokens(auth_code) # the useful values that you want at the end of this globus_auth_data = token_response.by_resource_server["auth.globus.org"] globus_transfer_data = token_response.by_resource_server["transfer.api.globus.org"] globus_auth_token = globus_auth_data["access_token"] globus_transfer_token = globus_transfer_data["access_token"] Do It With Refresh Tokens ~~~~~~~~~~~~~~~~~~~~~~~~~ The flow above will give you access tokens (short-lived credentials), good for one-off operations. However, if you want a persistent credential to access the logged-in user's Globus resources, you need to request a long-lived credential called a Refresh Token. ``refresh_tokens`` is a boolean option to the ``oauth2_start_flow`` method. When False, the flow will terminate with a collection of Access Tokens, which are simple limited lifetime credentials for accessing services. When True, the flow will terminate not only with the Access Tokens, but additionally with a set of Refresh Tokens which can be used **indefinitely** to request new Access Tokens. The default is False. Simply add this option to the example above: .. code-block:: python client.oauth2_start_flow(refresh_tokens=True)