Skip to content

Auth

check_token_authentication(*, uri, device_code)

Checks the authentication status of a token based on a device code and returns access token upon successful authentication.

Parameters

  • uri (str): The token uri to send the request to.
  • device_code (str): The device code to check authentication for.

Returns

  • str | None: The access token if authorized, otherwise None.

Raises

  • requests.HTTPError: If the status code of the response is not 200.

Example Usage:

token = check_token_authentication(
    uri="https://example.com/api/", device_code="1234567890"
)
if token is not None:
    print("Access token:", token)
else:
    print("Authentication expired.")
Source code in dvc_studio_client/auth.py 
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
def check_token_authentication(*, uri: str, device_code: str) -> Optional[str]:
    """
    Checks the authentication status of a token based on a device code and
    returns access token upon successful authentication.

    Parameters
    ----------
    - uri (str): The token uri to send the request to.
    - device_code (str): The device code to check authentication for.

    Returns
    -------
    - str | None: The access token if authorized, otherwise None.

    Raises
    ------
    - requests.HTTPError: If the status code of the response is not 200.

    Example Usage:
    ```
    token = check_token_authentication(
        uri="https://example.com/api/", device_code="1234567890"
    )
    if token is not None:
        print("Access token:", token)
    else:
        print("Authentication expired.")
    ```
    """
    import time

    logger.debug("Polling to find if the user code is authorized")

    data = {"code": device_code}
    session = requests.Session()
    session.mount(uri, HTTPAdapter(max_retries=3))

    logger.debug("Checking with %s to %s", device_code, uri)

    counter = 1
    while True:
        logger.debug("Polling attempt #%s", counter)
        r = session.post(uri, json=data, timeout=5, allow_redirects=False)
        counter += 1
        if r.status_code == 400:
            d = r.json()
            detail = d.get("detail")
            if detail == "authorization_pending":
                # Wait 5 seconds before retrying.
                time.sleep(5)
                continue
            if detail == "authorization_expired":
                raise AuthorizationExpiredError(  # noqa: TRY003
                    "failed to authenticate: This 'device_code' has expired.",
                )

        r.raise_for_status()

        return r.json()["access_token"]

get_access_token(*, hostname, token_name=None, scopes='', client_name='client', open_browser=True, post_login_message=None, use_device_code=False)

Initiate Authentication

This method initiates the authentication process for a client application. It generates a user code and a verification URI that the user needs to access in order to authorize the application.

Parameters

token_name (str): The name of the client application.
hostname (str): The base URL of the application.
scopes (str, optional): A comma-separated string of scopes that
    the application requires. Default is empty.
open_browser (bool): Whether or not to open the browser to authenticate
client_name (str, optional): Client name

Returns

tuple: A tuple containing the token name and the access token.
The token name is a string representing the token's name,
while the access token is a string representing the authorized access token.
Source code in dvc_studio_client/auth.py 
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
def get_access_token(  # noqa: PLR0913
    *,
    hostname: str,
    token_name: Optional[str] = None,
    scopes: str = "",
    client_name: str = "client",
    open_browser: bool = True,
    post_login_message: Optional[str] = None,
    use_device_code: bool = False,
):
    """Initiate Authentication

    This method initiates the authentication process for a client application.
    It generates a user code and a verification URI that the user needs to
    access in order to authorize the application.

    Parameters
    ----------
        token_name (str): The name of the client application.
        hostname (str): The base URL of the application.
        scopes (str, optional): A comma-separated string of scopes that
            the application requires. Default is empty.
        open_browser (bool): Whether or not to open the browser to authenticate
        client_name (str, optional): Client name

    Returns
    -------
        tuple: A tuple containing the token name and the access token.
        The token name is a string representing the token's name,
        while the access token is a string representing the authorized access token.
    """
    import webbrowser

    post_login_message = post_login_message or (
        "Once you've logged in, return here "
        "and you'll be ready to start the experiments."
    )

    response = start_device_login(
        client_name=client_name,
        base_url=hostname,
        token_name=token_name,
        scopes=scopes.split(",") if scopes else [],
    )
    verification_uri = response["verification_uri"]
    user_code = response["user_code"]
    device_code = response["device_code"]
    token_uri = response["token_uri"]
    token_name = response["token_name"]
    url = f"{verification_uri}?code={user_code}"

    if use_device_code:
        open_browser = False  # backward compatibility

    if open_browser:
        print("Opening link for login at", url)  # noqa: T201
        print(f"\n{post_login_message}")  # noqa: T201
        opened = webbrowser.open(url)
        if not opened:
            print(  # noqa: T201
                "\nFailed to open a web browser. "
                "Open the above url to continue in your web browser.",
                file=sys.stderr,
            )
    else:
        print("Open this url to continue in your web browser:", url)  # noqa: T201
        print(f"\n{post_login_message}")  # noqa: T201

    access_token = check_token_authentication(uri=token_uri, device_code=device_code)
    return token_name, access_token

start_device_login(*, client_name, base_url=None, token_name=None, scopes=None)

This method starts the device login process for Studio.

Parameters

  • client_name (required): The name of the client application.

Optional Parameters: - base_url: The base URL of the Studio API. If not provided, the default value is "https://studio.iterative.ai". - token_name: The name of the token. If not provided, it defaults to None. - scopes: A list of scopes to request. If not provided, it defaults to None.

Returns

  • DeviceLoginResponse: A response object containing the device login information.

Raises

  • ValueError: If any of the provided scopes are not valid.
  • RequestException: If the request fails with any 400 response or any other reason.
Source code in dvc_studio_client/auth.py 
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
def start_device_login(
    *,
    client_name: str,
    base_url: Optional[str] = None,
    token_name: Optional[str] = None,
    scopes: Optional[list[str]] = None,
) -> DeviceLoginResponse:
    """This method starts the device login process for Studio.

    Parameters
    ----------
    - client_name (required): The name of the client application.

    Optional Parameters:
    - base_url: The base URL of the Studio API.
        If not provided, the default value is "https://studio.iterative.ai".
    - token_name: The name of the token. If not provided, it defaults to None.
    - scopes: A list of scopes to request. If not provided, it defaults to None.

    Returns
    -------
    - DeviceLoginResponse: A response object containing the device login information.

    Raises
    ------
    - ValueError: If any of the provided scopes are not valid.
    - RequestException: If the request fails with any 400 response or any other reason.

    """
    logger.debug(
        "Starting device login for Studio%s",
        f" ({base_url})" if base_url else "",
    )
    if scopes:
        invalid_scopes: list[str]
        if invalid_scopes := list(
            filter(lambda s: s.upper() not in AVAILABLE_SCOPES, scopes),
        ):
            raise InvalidScopesError(  # noqa: TRY003
                f"Following scopes are not valid: {', '.join(invalid_scopes)}",
            )

    body: dict[str, Union[str, list[str]]] = {"client_name": client_name}

    if token_name:
        body["token_name"] = token_name

    if scopes:
        body["scopes"] = scopes

    logger.debug(f"JSON body `{body=}`")

    response = requests.post(
        url=urljoin(base_url or "https://studio.iterative.ai", "api/device-login"),
        json=body,
        headers={
            "Content-type": "application/json",
        },
        timeout=5,
    )

    response.raise_for_status()
    d = response.json()

    logger.debug("received response: %s (status=%r)", d, response.status_code)
    return d