fix: notebook auth fix

JanssenBrm · JanssenBrm · commit 27b6b4da7a08 · 2025-08-25T18:28:29.000+02:00
diff --git a/guides/upscaling_example.ipynb b/guides/upscaling_example.ipynb
@@ -11,7 +11,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 1,
+   "execution_count": 29,
    "id": "d99f5fbc",
    "metadata": {},
    "outputs": [],
@@ -26,6 +26,7 @@
     "import httpx\n",
     "import io\n",
     "import base64\n",
+    "import time\n",
     "from ipyleaflet import ImageOverlay\n",
     "from PIL import Image\n",
     "from ipyleaflet import Map, GeoJSON, TileLayer\n",
@@ -137,51 +138,53 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 7,
+   "execution_count": 27,
    "id": "b5ee27f5-9e69-4557-ba83-ec7cb74aa874",
    "metadata": {},
-   "outputs": [
-    {
-     "name": "stdout",
-     "output_type": "stream",
-     "text": [
-      "Open this URL in your browser: https://auth.dev.apex.esa.int/realms/apex/protocol/openid-connect/auth?response_type=code&client_id=apex-dispatcher-api-dev&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcallback&scope=openid+profile+email&state=psCPZIUvLiKHtxsppPThySEoatQq2c\n"
-     ]
-    },
-    {
-     "name": "stdin",
-     "output_type": "stream",
-     "text": [
-      "Paste the redirect URL here http://localhost:8000/callback?state=psCPZIUvLiKHtxsppPThySEoatQq2c&session_state=c567bad0-cc01-42d0-8c23-99d5f59aebdd&iss=https%3A%2F%2Fauth.dev.apex.esa.int%2Frealms%2Fapex&code=f38c1e0a-ea0e-41d7-b2f7-2e31bbaa4cb2.c567bad0-cc01-42d0-8c23-99d5f59aebdd.c2e791df-00a5-4981-b8af-b014848a2b73\n"
-     ]
-    }
-   ],
+   "outputs": [],
    "source": [
+    "# Endpoints\n",
     "authorization_endpoint = f\"https://{KEYCLOAK_HOST}/realms/apex/protocol/openid-connect/auth\"\n",
     "token_endpoint = f\"https://{KEYCLOAK_HOST}/realms/apex/protocol/openid-connect/token\"\n",
     "\n",
-    "# Create OAuth2 session with PKCE\n",
-    "session = OAuth2Session(client_id=CLIENT_ID, redirect_uri=\"http://localhost:8000/callback\", scope=\"openid profile email\")\n",
+    "# Global token store\n",
+    "_token_data = None\n",
     "\n",
-    "# Get the authorization URL\n",
-    "uri, state = session.create_authorization_url(authorization_endpoint)\n",
-    "print(\"Open this URL in your browser:\", uri)\n",
+    "def get_access_token():\n",
+    "    \"\"\"\n",
+    "    Returns a valid access token. Refreshes it automatically if expired.\n",
+    "    \"\"\"\n",
+    "    global _token_data\n",
     "\n",
-    "# Extract the token\n",
-    "redirect_url = input(\"Paste the redirect URL here\")\n",
-    "parsed = urlparse(redirect_url)\n",
-    "query_params = parse_qs(parsed.query)\n",
-    "code = query_params.get(\"code\")[0] \n",
+    "    # If we have a token and it hasn't expired yet, return it\n",
+    "    if _token_data and _token_data.get(\"expires_at\", 0) > time.time() + 10:\n",
+    "        return _token_data[\"access_token\"]\n",
     "\n",
-    "# Fetch access token\n",
-    "token = session.fetch_token(\n",
-    "    token_endpoint,\n",
-    "    code=code,\n",
-    "    client_secret=None,  # only if your client is confidential\n",
-    "    include_client_id=True\n",
-    ")\n",
+    "    # If token exists but is expired and has a refresh_token, refresh it\n",
+    "    if _token_data and \"refresh_token\" in _token_data:\n",
+    "        session = OAuth2Session(CLIENT_ID, token=_token_data)\n",
+    "        _token_data = session.refresh_token(token_endpoint)\n",
+    "        return _token_data[\"access_token\"]\n",
+    "\n",
+    "    # Otherwise, start a new OAuth2 flow\n",
+    "    session = OAuth2Session(\n",
+    "        client_id=CLIENT_ID,\n",
+    "        redirect_uri=\"http://localhost:8000/callback\"\n",
+    "    )\n",
+    "    uri, state = session.create_authorization_url(authorization_endpoint)\n",
+    "    print(\"Open this URL in your browser:\", uri)\n",
+    "    redirect_url = input(\"Paste the redirect URL here: \")\n",
+    "    parsed = urlparse(redirect_url)\n",
+    "    code = parse_qs(parsed.query).get(\"code\")[0]\n",
+    "\n",
+    "    _token_data = session.fetch_token(\n",
+    "        token_endpoint,\n",
+    "        code=code,\n",
+    "        client_secret=None,  # only if your client is confidential\n",
+    "        include_client_id=True\n",
+    "    )\n",
     "\n",
-    "access_token = token[\"access_token\"]"
+    "    return _token_data[\"access_token\"]"
    ]
   },
   {
@@ -283,7 +286,7 @@
     "upscaling_task = requests.post(\n",
     "    f\"http://{dispatch_api}/upscale_tasks\", \n",
     "    headers={\n",
-    "        \"Authorization\": f\"Bearer {access_token}\"        \n",
+    "        \"Authorization\": f\"Bearer {get_access_token()}\"        \n",
     "    },\n",
     "    json={\n",
     "        \"title\": \"Wind Turbine Detection\",\n",
@@ -360,14 +363,14 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 14,
+   "execution_count": 30,
    "id": "ac428293-7cd4-49a8-9bfa-4e0dc8f4d2cc",
    "metadata": {},
    "outputs": [
     {
      "data": {
       "application/vnd.jupyter.widget-view+json": {
-       "model_id": "c8d5a6e04c7f463aa4f4eba2992f1108",
+       "model_id": "78b9621c2829433ab6a1c7a766cd6ada",
        "version_major": 2,
        "version_minor": 0
       },
@@ -389,8 +392,8 @@
       "\u001b[0;31mConnectionResetError\u001b[0m: [Errno 54] Connection reset by peer",
       "\nThe above exception was the direct cause of the following exception:\n",
       "\u001b[0;31mConnectionClosedError\u001b[0m                     Traceback (most recent call last)",
-      "Cell \u001b[0;32mIn[14], line 85\u001b[0m\n\u001b[1;32m     82\u001b[0m                     \u001b[38;5;28;01mbreak\u001b[39;00m\n\u001b[1;32m     84\u001b[0m \u001b[38;5;66;03m# Run the websocket listener in the notebook\u001b[39;00m\n\u001b[0;32m---> 85\u001b[0m \u001b[38;5;28;01mawait\u001b[39;00m listen_for_updates()\n",
-      "Cell \u001b[0;32mIn[14], line 53\u001b[0m, in \u001b[0;36mlisten_for_updates\u001b[0;34m()\u001b[0m\n\u001b[1;32m     51\u001b[0m \u001b[38;5;28;01masync\u001b[39;00m \u001b[38;5;28;01mwith\u001b[39;00m websockets\u001b[38;5;241m.\u001b[39mconnect(ws_url) \u001b[38;5;28;01mas\u001b[39;00m websocket:\n\u001b[1;32m     52\u001b[0m     \u001b[38;5;28;01mwhile\u001b[39;00m \u001b[38;5;28;01mTrue\u001b[39;00m:\n\u001b[0;32m---> 53\u001b[0m         message \u001b[38;5;241m=\u001b[39m \u001b[38;5;28;01mawait\u001b[39;00m websocket\u001b[38;5;241m.\u001b[39mrecv()\n\u001b[1;32m     54\u001b[0m         message \u001b[38;5;241m=\u001b[39m json\u001b[38;5;241m.\u001b[39mloads(message)\n\u001b[1;32m     55\u001b[0m         \u001b[38;5;28;01mif\u001b[39;00m message\u001b[38;5;241m.\u001b[39mget(\u001b[38;5;124m\"\u001b[39m\u001b[38;5;124mdata\u001b[39m\u001b[38;5;124m\"\u001b[39m):\n",
+      "Cell \u001b[0;32mIn[30], line 85\u001b[0m\n\u001b[1;32m     82\u001b[0m                     \u001b[38;5;28;01mbreak\u001b[39;00m\n\u001b[1;32m     84\u001b[0m \u001b[38;5;66;03m# Run the websocket listener in the notebook\u001b[39;00m\n\u001b[0;32m---> 85\u001b[0m \u001b[38;5;28;01mawait\u001b[39;00m listen_for_updates()\n",
+      "Cell \u001b[0;32mIn[30], line 53\u001b[0m, in \u001b[0;36mlisten_for_updates\u001b[0;34m()\u001b[0m\n\u001b[1;32m     51\u001b[0m \u001b[38;5;28;01masync\u001b[39;00m \u001b[38;5;28;01mwith\u001b[39;00m websockets\u001b[38;5;241m.\u001b[39mconnect(ws_url) \u001b[38;5;28;01mas\u001b[39;00m websocket:\n\u001b[1;32m     52\u001b[0m     \u001b[38;5;28;01mwhile\u001b[39;00m \u001b[38;5;28;01mTrue\u001b[39;00m:\n\u001b[0;32m---> 53\u001b[0m         message \u001b[38;5;241m=\u001b[39m \u001b[38;5;28;01mawait\u001b[39;00m websocket\u001b[38;5;241m.\u001b[39mrecv()\n\u001b[1;32m     54\u001b[0m         message \u001b[38;5;241m=\u001b[39m json\u001b[38;5;241m.\u001b[39mloads(message)\n\u001b[1;32m     55\u001b[0m         \u001b[38;5;28;01mif\u001b[39;00m message\u001b[38;5;241m.\u001b[39mget(\u001b[38;5;124m\"\u001b[39m\u001b[38;5;124mdata\u001b[39m\u001b[38;5;124m\"\u001b[39m):\n",
       "File \u001b[0;32m~/.pyenv/versions/3.10.12/lib/python3.10/site-packages/websockets/asyncio/connection.py:322\u001b[0m, in \u001b[0;36mConnection.recv\u001b[0;34m(self, decode)\u001b[0m\n\u001b[1;32m    318\u001b[0m     \u001b[38;5;66;03m# fallthrough\u001b[39;00m\n\u001b[1;32m    319\u001b[0m \n\u001b[1;32m    320\u001b[0m \u001b[38;5;66;03m# Wait for the protocol state to be CLOSED before accessing close_exc.\u001b[39;00m\n\u001b[1;32m    321\u001b[0m \u001b[38;5;28;01mawait\u001b[39;00m asyncio\u001b[38;5;241m.\u001b[39mshield(\u001b[38;5;28mself\u001b[39m\u001b[38;5;241m.\u001b[39mconnection_lost_waiter)\n\u001b[0;32m--> 322\u001b[0m \u001b[38;5;28;01mraise\u001b[39;00m \u001b[38;5;28mself\u001b[39m\u001b[38;5;241m.\u001b[39mprotocol\u001b[38;5;241m.\u001b[39mclose_exc \u001b[38;5;28;01mfrom\u001b[39;00m\u001b[38;5;250m \u001b[39m\u001b[38;5;21;01mself\u001b[39;00m\u001b[38;5;21;01m.\u001b[39;00m\u001b[38;5;21;01mrecv_exc\u001b[39;00m\n",
       "\u001b[0;31mConnectionClosedError\u001b[0m: received 1012 (service restart); then sent 1012 (service restart)"
      ]
@@ -434,7 +437,7 @@
     "async def show_results(job_id):\n",
     "    async with httpx.AsyncClient() as client:\n",
     "        result = await client.get(f\"http://{dispatch_api}/unit_jobs/{job_id}/results\", headers={\n",
-    "            \"Authorization\": f\"Bearer {access_token}\"\n",
+    "            \"Authorization\": f\"Bearer {get_access_token()}\"\n",
     "        })\n",
     "        response = result.json()\n",
     "        if output_format.lower() == \"geojson\":\n",
@@ -446,7 +449,7 @@
     "        return response\n",
     "\n",
     "async def listen_for_updates():\n",
-    "    ws_url = f\"ws://{dispatch_api}/ws/upscale_tasks/{upscaling_task_id}?interval=15&token={access_token}\"\n",
+    "    ws_url = f\"ws://{dispatch_api}/ws/upscale_tasks/{upscaling_task_id}?interval=15&token={get_access_token()}\"\n",
     "    async with websockets.connect(ws_url) as websocket:\n",
     "        while True:\n",
     "            message = await websocket.recv()\n",
