Skip to content

fix: earthdata token refresh when not redirected #539

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kylebarron merged 2 commits into from
Aug 22, 2025
Merged

fix: earthdata token refresh when not redirected #539

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
617bbf9
fix: earthdata token refresh
chuckwondo Aug 21, 2025
30d63ca
Merge branch 'main' into fix-nasa-token-refresh
kylebarron Aug 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 14 additions & 5 deletions obstore/python/obstore/auth/earthdata.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,11 +199,16 @@ def _refresh_with_token(self, token: str) -> Mapping[str, str]:

def _refresh_with_basic_auth(
self,
auth: tuple[str, str] | None,
auth: tuple[str, str] | None = None,
) -> Mapping[str, str]:
with self.session.get(self._credentials_url, allow_redirects=False) as r:
r.raise_for_status()
location = r.headers["location"]

if (location := self.session.get_redirect_target(r)) is None:
Copy link
Member

@kylebarron kylebarron Aug 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The := operator here always confuses me because it makes me think that location is scoped just to this if block, while we're using location later 🙃

# We were NOT redirected, indicating that we requested a refresh
# prior to expiry of our previous token, so we simply received
# a new token directly.
return r.json()

# We were redirected, so we must use basic auth credentials with the
# redirect location. If the host of the redirect is the same host we have
Expand Down Expand Up @@ -250,7 +255,7 @@ class NasaEarthdataAsyncCredentialProvider:
Examples:
```py
import obstore
from obstore.auth.earthdata import NasaEarthdataCredentialProvider
from obstore.auth.earthdata import NasaEarthdataAsyncCredentialProvider

# Obtain an S3 credentials URL and an S3 data/download URL, typically
# via metadata returned from a NASA CMR collection or granule query.
Expand Down Expand Up @@ -360,14 +365,18 @@ async def _refresh_with_token(self, token: str) -> Mapping[str, str]:

async def _refresh_with_basic_auth(
self,
auth: aiohttp.BasicAuth | None,
auth: aiohttp.BasicAuth | None = None,
) -> Mapping[str, str]:
async with self.session.get(
self._credentials_url,
allow_redirects=False,
raise_for_status=True,
) as r:
location = r.headers["location"]
if (location := r.headers.get("location")) is None:
# We were NOT redirected, indicating that we requested a refresh
# prior to expiry of our previous token, so we simply received
# a new token directly.
return await r.json(content_type=None)

# We were redirected, so we must use basic auth credentials with the
# redirect location. If the host of the redirect is the same host we have
Expand Down
Loading