GlobusAuthorizer is hard to grasp without a few examples to reference.
The basic usage should be to create these at client instantiation time.
Access Token Authorization on AuthClient and TransferClient#
Perhaps you’re in a part of your application that only sees Access Tokens. Access Tokens are used to directly authenticate calls against Globus APIs, and are limited-lifetime credentials. You have distinct Access Tokens for each Globus service which you want to access.
With the tokens in hand, it’s just a simple matter of wrapping the tokens in
from globus_sdk import AuthClient, TransferClient, AccessTokenAuthorizer AUTH_ACCESS_TOKEN = "..." TRANSFER_ACCESS_TOKEN = "..." # note that we don't provide the client ID in this case # if you're using an Access Token you can't do the OAuth2 flows auth_client = AuthClient(authorizer=AccessTokenAuthorizer(AUTH_ACCESS_TOKEN)) transfer_client = TransferClient( authorizer=AccessTokenAuthorizer(TRANSFER_ACCESS_TOKEN) )
Refresh Token Authorization on AuthClient and TransferClient#
Refresh Tokens are long-lived credentials used to get new Access Tokens whenever they expire. However, it would be very awkward to create a new client instance every time your credentials expire!
Instead, use a
RefreshTokenAuthorizer to automatically re-up your credentials
whenever they near expiration.
Re-upping credentials is an operation that requires having client credentials for Globus Auth, so creating the authorizer is more complex this time.
from globus_sdk import ( AuthClient, TransferClient, ConfidentialAppAuthClient, RefreshTokenAuthorizer, ) # for doing the refresh CLIENT_ID = "..." CLIENT_SECRET = "..." # the actual tokens AUTH_REFRESH_TOKEN = "..." TRANSFER_REFRESH_TOKEN = "..." # making the authorizer requires that we have an AuthClient which can talk # OAuth2 to Globus Auth internal_auth_client = ConfidentialAppAuthClient(CLIENT_ID, CLIENT_SECRET) # now let's bake a couple of authorizers auth_authorizer = RefreshTokenAuthorizer(AUTH_REFRESH_TOKEN, internal_auth_client) transfer_authorizer = RefreshTokenAuthorizer( TRANSFER_REFRESH_TOKEN, internal_auth_client ) # auth_client here is totally different from "internal_auth_client" above # the former is being used to request new tokens periodically, while this # one represents a user authenticated with those tokens auth_client = AuthClient(authorizer=auth_authorizer) # transfer_client doesn't have to contend with this duality -- it's always # representing a user transfer_client = TransferClient(authorizer=transfer_authorizer)
Basic Auth on an AuthClient#
If you’re using an
AuthClient to do OAuth2
flows, you likely want to authenticate it using your client credentials – the
client ID and client secret.
The preferred method is to use the
AuthClient subclass which automatically
specifies its authorizer.
Internally, this will use a
BasicAuthorizer to do Basic Authentication.
By way of example:
from globus_sdk import ConfidentialAppAuthClient CLIENT_ID = "..." CLIENT_SECRET = "..." client = ConfidentialAppAuthClient(CLIENT_ID, CLIENT_SECRET)
and you’re off to the races!
Under the hood, this is implicitly running
but don’t do this yourself –
ConfidentialAppAuthClient has different
methods from the base