Authentication problems after introducing the new authentication method

Giampiero · December 13, 2023, 8:46am

Hi, first of all, I’m writing with my colleague’s account because with my account (pietro@super#####i.com - forum user:pietro) I don’t have the possibility to open a topic.
I apologize in advance for this but unfortunately the API authentication problem I have is quite urgent.

The problem.

After the introduction of the new authentication system I can no longer log in to use the API.

In the dashboard I created a new client id and a new client secret as indicated (solution 1)

I use the code indicated in the documentation (it has always worked) which is this:

CLIENT_ID = ‘89e856dd-47b5-472c-####-############’
CLIENT_SECRET = ‘################################’

#Create a session
client = BackendApplicationClient(client_id=CLIENT_ID)
oauth = OAuth2Session(client=client)

#Get token for the session
token = oauth.fetch_token(token_url=‘https://services.sentinel-hub.com/oauth/token’,client_secret=CLIENT_SECRET, include_client_id = True)

#All requests using this session will have an access token automatically added
resp = oauth.get(“https://services.sentinel-hub.com/oauth/tokeninfo”)

print(f"resp.status_code:{resp.status_code}“)
print(f"resp.content:{resp.content}”)

The token is returned to me correctly but the statement

resp = oauth.get(“https://services.sentinelhub.com/oauth/tokeninfo”)

it gives me back the error

resp.status_code:404
resp.content:b’{“error”:“RESTEASY003210: Could not find resource for full path: https://services.sentinel-hub.com/auth/realms/main/protocol/openid-connect/tokeninfo”}’

CLIENT_ID and CLIENT_SECRET are correct, I checked dozens of times (and the token is returned to me so they should be valid).

I also tried to use (after creating the oauth object and inserting the sentinelhub_compliance_hook function):

oauth.register_compliance_hook(“access_token_response”, sentinelhub_compliance_hook)

but I get the same error.
I tried to follow the answers to similar problems but I can’t solve them.

Please help me, I no longer have the ability to use the API.

Thanks so much

Env:

oauthlib 3.2.2
sentinelhub 3.10.0
Python 3.10.4
Windows 10/11

tcerovski · December 13, 2023, 12:37pm

Dear Giampiero,

https://services.sentinel-hub.com/oauth/tokeninfo is no longer supported as client credentials token is no longer associated to the user, because it is intended for machine use.

If you can share why you require the tokeninfo endpoint we can guide you towards an alternative.

Best,
Teo

Giampiero · December 13, 2023, 5:40pm

I use the tokeninfo endpoint only because it is written like that in the Sentinel-Hub documentation, if I’m not mistaken.

In any case, here’s what I use it for.

token = oauth.fetch_token(token_url=‘https://services.sentinel-hub.com/oauth/token’,
client_secret=CLIENT_SECRET, include_client_id=True)
response = oauth.get(“https://services.sentinel-hub.com/oauth/tokeninfo”)
logCompleto(f"—esito richiesta token - response.status_code:{response.status_code} — "
f"response.reason:{response.reason}“,True)
new_actual_time_limit = time.time() + (5 * 60)
logCompleto(f”—scadenza nuovo token: {token[‘expires_at’]} - "
f"limite per utilizzarlo in sicurezza: {new_actual_time_limit}“, True)
if (response.status_code==200) and (token[‘expires_at’]>new_actual_time_limit):
logCompleto(f”—nuovo token di sicurezza valido ed utilizzabile", True)
return response.status_code, response, token, oauth
else:
logCompleto(f"----------------------------------------------------“, True)
logCompleto(f”—ATTENZIONE RICHIESTA TOKEN NON ANDATA A BUON FINE ------“, True)
logCompleto(f”—ATTENZIONE RICHIESTA TOKEN NON ANDATA A BUON FINE ------“, True)
logCompleto(f”----------------------------------------------------", True)

tcerovski · December 14, 2023, 11:43am

Request to /tokeninfo is not required for the auth flow and you could omit it, as you don’t use the response from the endpoint.

Best,
Teo

Giampiero · December 14, 2023, 1:39pm

Ok, thank you very much.
From the email announcing the migration to the new authentication system it was not clear that this endpoint would be deleted, but we will adapt the software at all points where we used it. I think perhaps the documentation should also be updated (Authentication section as illustrated above).

One last question please.
Why can’t my colleague’s user (pietro@super#####i.com - forum user:pietro) open a topic in this forum (see image)? He has an active Sentinel-Hub subscription.

Thanks again so much for the support