arcgis.auth package¶
Subpackages¶
Submodules¶
arcgis.auth.api module¶
-
class
arcgis.auth.api.
EsriSession
(auth=None, cert=None, verify_cert=True, allow_redirects=True, headers=None, referer='http', **kwargs)¶ Bases:
object
The EsriSession class is designed to simplify access to the Esri WebGIS environments without the additional components of the arcgis or arcpy modules. It is designed to allow users to connect and manage all HTTP calls themselves with no hand holding.
Security is handled through the requests authentication model. Leveraging authentication handlers and primarily connecting to 10.8.1+ enterprise components.
The supported Authentication Schemes are:
Username/Password
Oauth 2
IWA/NTLM
Basic
Digest
PKI
API Keys
User Provided Tokens
Kerberos
Anyone can extend the authentication handlers by creating a class and inheriting from requests.auth.AuthBase.
The EsriSession authentication supports authentication chaining. Meaning users can stack authentication methods.
auth1 + auth2 + auth3
It is recommended that you do not stack unneeded authenicators because they can caused unintended failures.
Parameter
Description
auth
Optional AuthBase. This is a security handler that performs some sort of security check.
cert
Optional Tuple. The client side certificate as a tuple or string. It should be noted that EsriSession does not support encrypted private keys.
verify_cert
Optional Bool. When False all SSL certificate errors are ignored. The default is True.
allow_redirects
Optional Bool. When False if the URL redirects a user, an error will be raised. The default is True
headers
Optional Dict. An additional set of key/value(s) to append to any request’s header.
referer
Optional Str. The referer header value. The default is http. This is mainly used with token security.
Optional Arguments
Parameter
Description
trust_env
Optional Bool. The default is True. If False proxies will cause an error to be raised if set by .netrc files.
stream
Optional Bool. To enable handling streaming responses, set stream to True and iterate over the response with iter_lines. The default is False.
check_hostname
Optional Bool. When connecting to a side via IP Address with an SSL certificate, the hostname will not match. This allows a user to specify the hostname in the headers parameters and ignore hostname errors.
retries
Optional Int. The max number of tries to retry a service for 50x errors.
backoff_factor
Optional float. The amount of time in seconds to wait between retries.
status_to_retry
Optional Tuple. The status codes to run retries on. The default is (413, 429, 503, 500, 502, 504).
method_whitelist
Optional List. When retries is specified, the user can specifiy what methods are retried. The default is ‘POST’, ‘DELETE’, ‘GET’, ‘HEAD’, ‘OPTIONS’, ‘PUT’, ‘TRACE’
proxies
Optional Dict. A key/value mapping where the keys are the transfer protocol and the value is the <url>:<port>.
example
`python proxies = {"http" : 127.0.0.1:8080, "https" : 127.0.0.1:8081} session = EsriSession(proxies=proxies) `
-
property
adapters
¶ Returns an dictionary of mounted adapters.
- Returns
dict
-
allow_redirects
= None¶
-
property
auth
¶ Get/Set the Authentication Handler for the Session
-
property
cert
¶ Get/Set the users certificate as a (private, public) keys.
- Returns
Tuple[str]
-
close
()¶ Closes all adapters and as such the session
-
delete
(url, **kwargs)¶ Sends a DELETE request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
get
(url, **kwargs)¶ Sends a GET request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
head
(url, **kwargs)¶ Sends a HEAD request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
property
headers
¶ Gets/Sets the headers from the current session object
-
mount
(prefix, adapter)¶ Registers a connection adapter to a prefix.
Adapters are sorted in descending order by prefix length.
-
options
(url, **kwargs)¶ Sends a OPTIONS request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
patch
(url, data=None, **kwargs)¶ Sends a PATCH request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.data – (optional) Dictionary, list of tuples, bytes, or file-like object to send in the body of the
Request
.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
post
(url, data=None, json=None, **kwargs)¶ Sends a POST request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.data – (optional) Dictionary, list of tuples, bytes, or file-like object to send in the body of the
Request
.json – (optional) json to send in the body of the
Request
.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
property
proxies
¶ Dictionary mapping protocol or protocol and host to the URL of the proxy. (e.g. {‘http’: ‘foo.bar:3128’, ‘http://host.name’: ‘foo.bar:4012’}) to be used on each
Request
.- Returns
dict
-
put
(url, data=None, **kwargs)¶ Sends a PUT request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.data – (optional) Dictionary, list of tuples, bytes, or file-like object to send in the body of the
Request
.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
property
referer
¶ Gets/Sets the referer
-
property
stream
¶ Gets/Sets the stream property for the current session object
-
update_headers
(values)¶ Performs an update call on the headers
-
property
verify_cert
¶ Get/Set property that allows for the verification of SSL certificates
- Returns
bool
Module contents¶
-
class
arcgis.auth.
ArcGISProAuth
(legacy=False)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
Performs the ArcGIS Pro Authentication for a given request.
-
handle_40x
(r, **kwargs)¶ Handles Case where token is invalid
-
property
token
¶ obtains the login token
-
-
class
arcgis.auth.
BaseEsriAuth
¶ Bases:
requests.auth.AuthBase
A base class that developers can inherit from to create custom authentication handlers.
For more information, please see: https://docs.python-requests.org/en/master/user/authentication/#new-forms-of-authentication
-
response_hook
(response, **kwargs)¶ response hook logic
- Returns
Response
-
property
token
¶ returns a ArcGIS Token as a string
- Returns
string
-
-
class
arcgis.auth.
EsriAPIKeyAuth
(api_key, referer=None, verify_cert=True, auth=None)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
authentication for API Keys
-
add_api_token
(r, **kwargs)¶ generates a server token using Portal token
-
api_key
= None¶
-
auth
= None¶
-
property
token
¶ Gets/Sets the API token
- Returns
String
-
-
class
arcgis.auth.
EsriBasicAuth
(username, password, referer='http', verify_cert=True, **kwargs)¶ Bases:
requests.auth.HTTPBasicAuth
,arcgis.auth._auth._schain.SupportMultiAuth
Describes a basic requests authentication.
-
auth
= None¶
-
generate_portal_server_token
(r, **kwargs)¶ generates a server token using Portal token
-
property
token
¶ Gets the token. This is always None for EsriBasicAuth
- Returns
String
-
-
class
arcgis.auth.
EsriBuiltInAuth
(url, username, password, expiration=None, legacy=False, verify_cert=True, referer=None, **kwargs)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
Performs the BUILT-IN Login Authorization for ArcGIS Online and Enterprise
-
handle_401
(r, **kwargs)¶ handles the issues in the response where token might be rejected
-
suspend
()¶ Invalidates the login and checks any licenses back in
- Returns
Bool. If True, the licenses is checked back in successfully, False, the process failed.
-
property
token
¶ obtains the login token
-
-
class
arcgis.auth.
EsriGenTokenAuth
(token_url, referer, username=None, password=None, portal_auth=None, time_out=1440, verify_cert=True, legacy=False, **kwargs)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
This form of Authentication leverages the generateToken endpoint from the ArcGIS Product. This is supported for ArcGIS Online, ArcGIS Enterprise and ArcGIS Server.
This form of authentication is considered legacy and should only be used with unfederated server products.
-
property
expiration
¶ Gets the time the token will expire on
-
handle_401
(r, **kwargs)¶
-
handle_redirect
(r, **kwargs)¶
-
init_per_thread_state
()¶
-
property
referer
¶
-
property
time_out
¶ returns the time out time in minutes
-
token
(server_url=None)¶
-
property
-
class
arcgis.auth.
EsriHttpNtlmAuth
(username, password, session=None, send_cbt=True, **kwargs)¶ Bases:
requests.auth.AuthBase
HTTP NTLM Authentication Handler for Requests.
Supports pass-the-hash.
This is derived from work of Jordan Borean and requests-ntlm/requests-ntlm2
-
generate_token
(r, scheme, args)¶ generates the server token
-
response_hook
(r, **kwargs)¶ The actual hook handler.
-
retry_using_http_NTLM_auth
(auth_header_field, auth_header, response, auth_type, args)¶ Performs the NTLM handshake
-
-
exception
arcgis.auth.
EsriHttpResponseError
(message)¶ Bases:
Exception
Exception raised for http errors.
- Attributes:
message – explanation of the error
-
class
arcgis.auth.
EsriKerberosAuth
(referer=None, verify_cert=True, *, username=None, password=None, **kwargs)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
-
generate_portal_server_token
(r, **kwargs)¶ generates a server token using Portal token
-
property
token
¶ Gets the token. This is always None for KerberosAuth
- Returns
String
-
-
class
arcgis.auth.
EsriNotebookAuth
(token, referer=None, auth=None, **kwargs)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
authentication for notebook servers Keys
-
add_token
(r, **kwargs)¶ generates a server token using Portal token
-
auth
= None¶
-
property
token
¶ Gets/Sets the API token
- Returns
String
-
-
class
arcgis.auth.
EsriOAuth2Auth
(base_url, client_id, client_secret=None, username=None, password=None, referer='http', expiration=1440, proxies=None, session=None, **kwargs)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
Performs the OAuth Workflow for logging in to Enterprise
-
handle_40x
(r, **kwargs)¶ Handles Case where token is invalid
-
property
token
¶ Gets the Oauth token
- Returns
String
-
-
class
arcgis.auth.
EsriPKCEAuth
(url, username, password, *, legacy=False, **kwargs)¶ Bases:
arcgis.auth._auth._base.BaseEsriAuth
Implements OAuth 2.0 PKCE Workflow
-
response_hook
(r, **kwargs)¶ response hook logic
- Returns
Response
-
property
token
¶ returns a ArcGIS Token as a string
- Returns
string
-
-
class
arcgis.auth.
EsriPKIAuth
(cert, referer=None, verify_cert=True, **kwargs)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
Handles PKI authentication when tokens are needed
-
generate_portal_server_token
(r, **kwargs)¶ generates a server token using Portal token
-
property
token
¶ returns the authentication token
-
-
class
arcgis.auth.
EsriSession
(auth=None, cert=None, verify_cert=True, allow_redirects=True, headers=None, referer='http', **kwargs)¶ Bases:
object
The EsriSession class is designed to simplify access to the Esri WebGIS environments without the additional components of the arcgis or arcpy modules. It is designed to allow users to connect and manage all HTTP calls themselves with no hand holding.
Security is handled through the requests authentication model. Leveraging authentication handlers and primarily connecting to 10.8.1+ enterprise components.
The supported Authentication Schemes are:
Username/Password
Oauth 2
IWA/NTLM
Basic
Digest
PKI
API Keys
User Provided Tokens
Kerberos
Anyone can extend the authentication handlers by creating a class and inheriting from requests.auth.AuthBase.
The EsriSession authentication supports authentication chaining. Meaning users can stack authentication methods.
auth1 + auth2 + auth3
It is recommended that you do not stack unneeded authenicators because they can caused unintended failures.
Parameter
Description
auth
Optional AuthBase. This is a security handler that performs some sort of security check.
cert
Optional Tuple. The client side certificate as a tuple or string. It should be noted that EsriSession does not support encrypted private keys.
verify_cert
Optional Bool. When False all SSL certificate errors are ignored. The default is True.
allow_redirects
Optional Bool. When False if the URL redirects a user, an error will be raised. The default is True
headers
Optional Dict. An additional set of key/value(s) to append to any request’s header.
referer
Optional Str. The referer header value. The default is http. This is mainly used with token security.
Optional Arguments
Parameter
Description
trust_env
Optional Bool. The default is True. If False proxies will cause an error to be raised if set by .netrc files.
stream
Optional Bool. To enable handling streaming responses, set stream to True and iterate over the response with iter_lines. The default is False.
check_hostname
Optional Bool. When connecting to a side via IP Address with an SSL certificate, the hostname will not match. This allows a user to specify the hostname in the headers parameters and ignore hostname errors.
retries
Optional Int. The max number of tries to retry a service for 50x errors.
backoff_factor
Optional float. The amount of time in seconds to wait between retries.
status_to_retry
Optional Tuple. The status codes to run retries on. The default is (413, 429, 503, 500, 502, 504).
method_whitelist
Optional List. When retries is specified, the user can specifiy what methods are retried. The default is ‘POST’, ‘DELETE’, ‘GET’, ‘HEAD’, ‘OPTIONS’, ‘PUT’, ‘TRACE’
proxies
Optional Dict. A key/value mapping where the keys are the transfer protocol and the value is the <url>:<port>.
example
`python proxies = {"http" : 127.0.0.1:8080, "https" : 127.0.0.1:8081} session = EsriSession(proxies=proxies) `
-
property
adapters
¶ Returns an dictionary of mounted adapters.
- Returns
dict
-
allow_redirects
= None¶
-
property
auth
¶ Get/Set the Authentication Handler for the Session
-
property
cert
¶ Get/Set the users certificate as a (private, public) keys.
- Returns
Tuple[str]
-
close
()¶ Closes all adapters and as such the session
-
delete
(url, **kwargs)¶ Sends a DELETE request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
get
(url, **kwargs)¶ Sends a GET request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
head
(url, **kwargs)¶ Sends a HEAD request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
property
headers
¶ Gets/Sets the headers from the current session object
-
mount
(prefix, adapter)¶ Registers a connection adapter to a prefix.
Adapters are sorted in descending order by prefix length.
-
options
(url, **kwargs)¶ Sends a OPTIONS request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
patch
(url, data=None, **kwargs)¶ Sends a PATCH request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.data – (optional) Dictionary, list of tuples, bytes, or file-like object to send in the body of the
Request
.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
post
(url, data=None, json=None, **kwargs)¶ Sends a POST request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.data – (optional) Dictionary, list of tuples, bytes, or file-like object to send in the body of the
Request
.json – (optional) json to send in the body of the
Request
.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
property
proxies
¶ Dictionary mapping protocol or protocol and host to the URL of the proxy. (e.g. {‘http’: ‘foo.bar:3128’, ‘http://host.name’: ‘foo.bar:4012’}) to be used on each
Request
.- Returns
dict
-
put
(url, data=None, **kwargs)¶ Sends a PUT request. Returns
Response
object.- Parameters
url – URL for the new
Request
object.data – (optional) Dictionary, list of tuples, bytes, or file-like object to send in the body of the
Request
.**kwargs – Optional arguments that
request
takes.
- Return type
requests.Response
-
property
referer
¶ Gets/Sets the referer
-
property
stream
¶ Gets/Sets the stream property for the current session object
-
update_headers
(values)¶ Performs an update call on the headers
-
property
verify_cert
¶ Get/Set property that allows for the verification of SSL certificates
- Returns
bool
-
class
arcgis.auth.
EsriUserTokenAuth
(token, referer=None, verify_cert=True, **kwargs)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
Authentication Using User Created Tokens
-
auth
= None¶
-
handle_40x
(r, **kwargs)¶ Handles Case where token is invalid
-
token
= None¶
-
-
class
arcgis.auth.
EsriWindowsAuth
(username=None, password=None, referer=None, verify_cert=True, **kwargs)¶ Bases:
requests.auth.AuthBase
,arcgis.auth._auth._schain.SupportMultiAuth
-
generate_portal_server_token
(r, **kwargs)¶ generates a server token using Portal token
-
property
token
¶ Gets the token. This is always None for EsriWindowsAuth
- Returns
String
-