PAT settings

kerzel · 23 March 2023 07:00

Dear all,
I’m trying to change the max. time a PAT is valid.
Following the documentation: Personal Access Tokens - openBIS Documentation Rel. 20.10 - Confluence
do I understand correctly, that the file referred to by:
“To configure it please use AS service.properties:”
is openbis/servers/openBIS-server/jetty/etc/service.properties

Since the configuration files also contain many options that are commented out (but this allows us to find them easily) - but this is not one of them, I just wanted to double-check if the lines should be added here:

# personal access tokens feature
personal-access-tokens-enabled = true
 
# change the default location of the JSON file that stores personal access tokens (default: personal-access-tokens.json file in the main openBIS folder)
personal-access-tokens-file-path = MY_FOLDER/personal-access-tokens.json
 
# set maximum allowed validity period (in seconds) - personal access token with a longer validity period cannot be created (default: 30 days)
personal-access-tokens-max-validity-period = 2592000
 
# set validity warning period (in seconds) - owners of personal access tokens that are going to expire within this warning period are going to receive email notifications (default: 5 days)
personal-access-tokens-validity-warning-period = 259200

many thanks
Ulrich

cbarillari · 29 March 2023 07:27

Dear Ulrich,

this is the correct file.

kerzel · 13 April 2023 15:26

Dear Caterina,

many thanks - using the PAT seems to work, however, I do get an error message if I follow the steps on the pyBIS documentation?

pat_name = os.environ['OPENBISPAT']
pat = oBis.get_or_create_personal_access_token(sessionName=pat_name)
oBis.set_token(pat, save_token=True)

results in

/home/kerzel/.cache/pypoetry/virtualenvs/openbis-qARisZC2-py3.10/lib/python3.10/site-packages/pybis/things.py:240: FutureWarning: iteritems is deprecated and will be removed in a future version. Use .items instead.
  ].iteritems():
Output exceeds the size limit. Open the full output data in a text editor---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
Cell In[8], line 6
      4 pat_name = os.environ['OPENBISPAT']
      5 pat = oBis.get_or_create_personal_access_token(sessionName=pat_name)
----> 6 oBis.set_token(pat, save_token=True)

File ~/.cache/pypoetry/virtualenvs/openbis-qARisZC2-py3.10/lib/python3.10/site-packages/pybis/pybis.py:4389, in Openbis.set_token(self, token, save_token)
   4387 if not token:
   4388     return
-> 4389 if not self.is_token_valid(token):
   4390     raise ValueError("Session is no longer valid. Please log in again.")
   4391 else:

File ~/.cache/pypoetry/virtualenvs/openbis-qARisZC2-py3.10/lib/python3.10/site-packages/pybis/pybis.py:4365, in Openbis.is_token_valid(self, token)
   4359     return False
   4361 request = {
   4362     "method": "isSessionActive",
   4363     "params": [token],
   4364 }
-> 4365 resp = self._post_request(self.as_v3, request)
   4366 return resp

File ~/.cache/pypoetry/virtualenvs/openbis-qARisZC2-py3.10/lib/python3.10/site-packages/pybis/pybis.py:1234, in Openbis._post_request(self, resource, request)
   1230 def _post_request(self, resource, request):
...
    178     """
--> 179     raise TypeError(f'Object of type {o.__class__.__name__} '
    180                     f'is not JSON serializable')

TypeError: Object of type PersonalAccessToken is not JSON serializable

Many thanks
Ulrich

cbarillari · 17 April 2023 16:47

Dear Ulrich,

The documentation is not correct. The correct way to do this currently is:

pat = o.get_or_create_personal_access_token(sessionName=“Project A”)
o.set_token(pat.permId, save_token=True)

In the next pyBIS version both ways to set the tokens will be accepted.

kerzel · 12 May 2023 15:26

Dear @cbarillari,

many thanks and apologies for the slow reply.

Hm, I guess maybe I misunderstand something about the PAT… I had, perhaps naively, assumed that I can refer to the PAT via the associated session name (as a short name)

however, when I do:

oBis = Openbis(server_url, verify_certificates=True)
pat = oBis.get_or_create_personal_access_token(sessionName=session_name)

I get the error message:

---------------------------------------------------------------------------
AttributeError                            Traceback (most recent call last)
Cell In[7], line 5
      1 ##
      2 ## create connection to openBIS server
      3 ##
      4 oBis = Openbis(server_url, verify_certificates=True)
----> 5 pat = oBis.get_or_create_personal_access_token(sessionName=session_name)

File ~/.cache/pypoetry/virtualenvs/openbis-qARisZC2-py3.10/lib/python3.10/site-packages/pybis/pybis.py:1983, in Openbis.get_or_create_personal_access_token(self, sessionName, validFrom, validTo, force)
   1981 session_token = self.token
   1982 if not is_session_token(session_token):
-> 1983     session_token = self.session_token
   1984 if not session_token:
   1985     session_token = get_token_for_hostname(
   1986         self.hostname, session_token_needed=True
   1987     )

AttributeError: 'Openbis' object has no attribute 'session_token'

which, perhaps, isn’t too surprising as I haven’t logged in with a session token or the long PAT value with $pat-…
However, I thought (maybe naively) that I could use the short session_name instead?

All the best
Ulrich

juanf · 22 May 2023 17:30

Dear Ulrich,

After creating the Openbis object you need to set the session_token.

For this you have several options:

Login using API.
Get the PAT after login and then set it.
Set session_token property with a valid session token or PAT.

There is no magic around it.

Best,
Juan

kerzel · 23 May 2023 05:10

Dear Juan,

many thanks - I think that was due to my (mis-)understanding of the relationship between session_token at PAT, in particular that one cannot create a PAT from a PAT.

Best wishes
Ulrich