Users and Authentication¶
To access proprietary, or un-released, SDSS data, on the Science Archive Server (SAS) or on any available SDSS API service, you must be a valid member of the SDSS collaboration. If you are unsure if you’re a member of the SDSS collaboration, check the list of SDSS-V, or SDSS-IV affiliate institutions. If you know you’re a member, you can try accessing the SDSS Collaboration site and logging in to your account.
Netrc Authentication¶
SDSS uses .netrc
authentication to access data content on many domains. To set this up, create and
edit a file in your home directory ocalled .netrc
and copy these lines inside:
machine api.sdss.org
login <username>
password <password>
machine data.sdss.org
login <username>
password <password>
Replace <username>
and <password>
with your login credentials. The default SDSS username and
password is also acceptable for anonymous access. Finally, run chmod 600 ~/.netrc
to make
the file only accessible to your user.
Token Authentication¶
Most APIs use netrc
authentication, but some APIs require token authentication, such as
JWT or Oauth tokens. You check which authentication type an API uses with the auth_type
attribute on a given ApiProfile
. It can either be set to “token” or “netrc”.
>>> from sdss_brain.api.manager import apim
>>> # check the auth_type for the MaNGA Marvin API
>>> profile = apim.apis['marvin']
>>> prof.auth_type
'token'
To check if a valid token is already set, access the token
attribute or use the
check_for_token
method.
>>> # check for a valid token
>>> prof.check_for_token()
None
check_for_token
looks for a valid API token in your list of environment variables or as a parameter set on your custom
sdss_brain.yml
configuration file. To retrieve a valid token, use the get_token
method. Tokens are mapped to specific users, either the “sdss” user or your SDSS username. The get_token
method
looks for user credentials in your .netrc
file, so make sure you pass the username that is listed under the
api.sdss.org
machine in your .netrc
.
>>> # get a valid token for the generic SDSS user
>>> token = prof.get_token('sdss')
This returns a new token valid only for the specific API. To permanently set this token, you will need to set it as an
[NAME]_API_TOKEN environment variable or as a [name]_api_token parameter in your sdss_brain.yml
custom configuration
file. [NAME] references the name of the specific API. For example, with the “marvin” API, you would set either
a MARVIN_API_TOKEN environment variable or marvin_api_token configuration parameter.
# in your .bashrc
MARVIN_API_TOKEN=[token]
# in your sdss_brain.yml configuration
marvin_api_token: [token]
The SDSSClient
will also check for valid tokens when sending requests on APIs that use token
authentication. The SDSSClient
will check for a valid token for its currently set User
on
its currently set ApiProfile
. If you haven’t already set a token, you can do so with the
client’s get_token
method.
Users¶
Remote data access requires a valid SDSS user, represented by the User
class. A user can be validated
either with .netrc
or SDSS credentials, as indicated with the netrc
and cred
indicators in the repr
.
Alternatively, you can check with the user.is_netrc_valid
and user.is_sdss_valid
properties.
The “sdss” user¶
By default sdss_brain
sets the default user in the global config to the generic “sdss” user. The “sdss” user is the default
used for all remote data access and API requests using SDSSClient
.
>>> # create an sdss user
>>> user = User('sdss")
>>> user
<User("sdss", netrc=True, htpass=False, cred=False)>
Depending on how you set up your .netrc
authentication, the sdss user may be already netrc validated. Otherwise your
collaboration user will be. To change the default user used by sdss_brain
, use the set_user
method on the config. Alternatively, you can also set the default_user
parameter in your sdss_brain.yml
configuration
file.
>>> # set the global user
>>> from sdss_brain.config import config
>>> config.set_user('jad29')
The “collaboration” user¶
If the “sdss” user is not sufficient, you can always use your SDSS collaboration username.
>>> # create a new user with your username
>>> user = User('jad29')
>>> user
<User("jad29", netrc=False, htpass=False, cred=False)>
The user may not be validated. Validate the user with your SDSS Credentials using validate_user
.
>>> # validate the user with your SDSS password
>>> user.validate_user('xxxxxx')
>>> user
<User("jad29", netrc=False, htpass=False, cred=True)>
>>> # check for valid credentials
>>> user.is_sdss_cred_valid
True
Once validated, you can also check member status in SDSS.
>>> # check status in SDSS
>>> user.in_sdss
{'sdss4': True, 'sdss5': True}
>>> # access member information
>>> user.member
{'sdss4': {'email': 'jad@university.edu',
'fullname': 'John Doe',
'has_sdss_access': True,
'username': 'jad29'},
'sdss5': {'email': 'jad@university.edu',
'fullname': 'John Doe',
'has_sdss_access': True,
'username': 'jdoe1234'}
}