Login Flow Managers

This page provides references for the LoginFlowManager abstract class and some concrete implementations.

A login flow manager is a class responsible for driving a user through a login flow, with the ultimate goal of obtaining tokens. The tokens are required to make requests against any Globus services.

Interface

class globus_sdk.login_flows.LoginFlowManager(login_client, *, request_refresh_tokens=False, native_prefill_named_grant=None)[source]

The abstract base class defining the interface for managing login flows.

Implementing classes must supply a run_login_flow method. Utility functions starting an authorization-code grant flow and getting an authorization-code URL are provided on the class.

Variables:
  • login_client (AuthLoginClient) – A native or confidential login client to be used by the login flow manager.

  • request_refresh_tokens (bool) – A signal of whether refresh tokens are expected to be requested, in addition to access tokens.

  • native_prefill_named_grant (str) – A string to prefill in a Native App login flow. This value is only to be used if the login_client is a native client.

abstract run_login_flow(auth_parameters)[source]

Run a login flow to get tokens for a user.

Parameters:

auth_parameters (GlobusAuthorizationParameters) – GlobusAuthorizationParameters passed through to the authentication flow to control how the user will authenticate.

Return type:

OAuthTokenResponse

Command Line

As the name might suggest, a CommandLineLoginFlowManager drives user logins through the command line (stdin/stdout). When run, the manager will print a URL to the console then prompt a user to navigate to that URL and enter the resulting auth code back into the terminal.

Example Code:

>>> from globus_sdk import NativeAppAuthClient
>>> from globus_sdk.scopes import TransferScopes
>>> from globus_sdk.login_flows import CommandLineLoginFlowManager

>>> login_client = NativeAppAuthClient(client_id=client_id)
>>> manager = CommandLineLoginFlowManager(login_client)
>>>
>>> token_response = manager.run_login_flow(
...     GlobusAuthorizationParameters(required_scopes=[TransferScopes.all])
... )
Please authenticate with Globus here:
-------------------------------------
https://auth.globus.org/v2/oauth2/authorize?cli...truncated...
-------------------------------------

Enter the resulting Authorization Code here:
class globus_sdk.login_flows.CommandLineLoginFlowManager(login_client, *, redirect_uri=None, request_refresh_tokens=False, native_prefill_named_grant=None)[source]

Bases: LoginFlowManager

A login flow manager which drives authorization-code token grants through the command line.

Parameters:
  • login_client (AuthLoginClient) –

    The client that will be making Globus Auth API calls required for a login flow.

    Note

    If this client is a globus_sdk.ConfidentialAppAuthClient, an explicit redirect_uri param is required.

  • redirect_uri (str) – The redirect URI to use for the login flow. When the login_client is a native client, this defaults to a Globus-hosted URL.

  • request_refresh_tokens (bool) – A signal of whether refresh tokens are expected to be requested, in addition to access tokens.

  • native_prefill_named_grant (str) – A string to prefill in a Native App login flow. This value is only used if the login_client is a native client.

classmethod for_globus_app(app_name, login_client, config)[source]

Create a CommandLineLoginFlowManager for use in a GlobusApp.

Parameters:
  • app_name (str) – The name of the app. Will be prefilled in native auth flows.

  • login_client (AuthLoginClient) – A client used to make Globus Auth API calls.

  • config (GlobusAppConfig) – A GlobusApp-bounded object used to configure login flow manager.

Raises:

GlobusSDKUsageError – if login_redirect_uri is not set on the config but a ConfidentialAppAuthClient is supplied.

Return type:

CommandLineLoginFlowManager

run_login_flow(auth_parameters)[source]

Run an interactive login flow on the command line to get tokens for the user.

Parameters:

auth_parameters (GlobusAuthorizationParameters) – GlobusAuthorizationParameters passed through to the authentication flow to control how the user will authenticate.

Return type:

OAuthTokenResponse

print_authorize_url(authorize_url)[source]

Prompt the user to authenticate using the provided authorize_url.

Parameters:

authorize_url (str) – The URL at which the user will login and consent to application accesses.

prompt_for_code()[source]

Prompt the user to enter an authorization code.

Returns:

The authorization code entered by the user.

Return type:

str

Local Server

A LocalServerLoginFlowManager drives more automated, but less portable, login flows compared with its command line counterpart. When run, rather than printing the authorization URL, the manager will open it in the user’s default browser. Alongside this, the manager will start a local web server to receive the auth code upon completion of the login flow.

This provides a more user-friendly login experience as there is no manually copy/pasting of links and codes. It also requires however that the python process be running in an environment with access to a supported browser. As such, this flow is not suitable for headless environments (e.g., while ssh-ed into a cluster node).

Note

This login manager is only supported for native clients.

Example Usage:

>>> from globus_sdk import NativeAppAuthClient
>>> from globus_sdk.scopes import TransferScopes
>>> from globus_sdk.login_flows import LocalServerLoginFlowManager

>>> login_client = NativeAppAuthClient(client_id=client_id)
>>> manager = LocalServerLoginFlowManager(login_client)
>>>
>>> token_response = manager.run_login_flow(
...     GlobusAuthorizationParameters(required_scopes=[TransferScopes.all])
... )
class globus_sdk.login_flows.LocalServerLoginFlowManager(login_client, *, request_refresh_tokens=False, native_prefill_named_grant=None, server_address=('localhost', 0), html_template=<string.Template object>)[source]

Bases: LoginFlowManager

A login flow manager which uses a locally hosted server to drive authentication-code token grants. The local server is used as the authorization redirect URI, automatically receiving the auth code from Globus Auth after authentication/consent.

Parameters:
  • login_client (AuthLoginClient) – The client that will be making Globus Auth API calls required for a login flow.

  • request_refresh_tokens (bool) – A signal of whether refresh tokens are expected to be requested, in addition to access tokens.

  • native_prefill_named_grant (str) – A string to prefill in a Native App login flow. This value is only used if the login_client is a native client.

  • html_template (Template) – Optional HTML Template to be populated with the values login_result and post_login_message and displayed to the user. A simple default is supplied if not provided which informs the user that the login was successful and that they may close the browser window.

  • server_address (tuple[str, int]) – Optional tuple of the form (host, port) to specify an address to run the local server at. Defaults to (“127.0.0.1”, 0).

classmethod for_globus_app(app_name, login_client, config)[source]

Create a LocalServerLoginFlowManager for use in a GlobusApp.

Parameters:
  • app_name (str) – The name of the app. Will be prefilled in native auth flows.

  • login_client (AuthLoginClient) – A client used to make Globus Auth API calls.

  • config (GlobusAppConfig) – A GlobusApp-bounded object used to configure login flow manager.

Raises:

GlobusSDKUsageError – if app config is incompatible with the manager.

Return type:

LocalServerLoginFlowManager

run_login_flow(auth_parameters)[source]

Run an interactive login flow using a locally hosted server to get tokens for the user.

Parameters:

auth_parameters (GlobusAuthorizationParameters) – GlobusAuthorizationParameters passed through to the authentication flow to control how the user will authenticate.

Raises:
Return type:

OAuthTokenResponse

background_local_server()[source]

Starts a RedirectHTTPServer in a thread as a context manager.

Return type:

Iterator[RedirectHTTPServer]

exception globus_sdk.login_flows.LocalServerLoginError[source]

An error raised during a LocalServerLoginFlowManager’s run.

exception globus_sdk.login_flows.LocalServerEnvironmentalLoginError[source]

Error raised when a local server login flow fails to start due to incompatible environment conditions (e.g., a remote session or text-only browser).