Authentication Plugins#
Multiple authentication plugins can be defined per provider under auth, search_auth, or download_auth
provider configuration entries. They are shared across all providers, and can be identified
using matching settings matching_url and
matching_conf as configuration parameters.
Credentials are automatically shared between plugins having the same matching settings.
Authentication plugins without matching settings configured will not be shared and will automatically match their
provider.
Authentication plugins must inherit the following class and implement authenticate():
- class eodag.plugins.authentication.base.Authentication(provider, config)[source]#
Plugins authentication Base plugin
- Parameters:
provider (
str) – provider nameconfig (
PluginConfig) –Authentication plugin configuration:
matching_url(str): URL pattern to match with search plugin endpoint or download linkmatching_conf(dict[str, Any]): Part of the search or download plugin configuration that needs authentication and helps identifying it
This table lists all the authentication plugins currently available:
|
GenericAuth authentication plugin (authentication using |
|
TokenAuth authentication plugin - fetches a token which is added to search/download requests. |
|
HTTPHeaderAuth Authentication plugin. |
|
AWS authentication plugin |
|
OAuth authentication plugin |
OIDC refresh token base class, to be used through specific OIDC flows plugins; Common mechanism to handle refresh token from all OIDC auth plugins; |
|
Implement the authorization code flow of the OpenIDConnect authorization specification. |
|
|
Authentication plugin using Keycloak and OpenId Connect. |
Token exchange implementation using |
|
|
An Authentication plugin using HTTP query string parameters. |
|
SASAuth authentication plugin |