satorbis_kit.auth.auth_service module

class satorbis_kit.auth.auth_service.ServiceAuth(client_id: str, client_secret: str, environment: Environment | str | None = None, scopes: str = 'openid profile email', token_url: str | None = None)[source]

Bases: BaseAuth

Manages the service-account (client-credentials) login flow against an OIDC provider, designed for use inside a Jupyter notebook.

Parameters:

  • client_id – The client ID of the OIDC application.

  • client_secret – The client secret of the OIDC application.

  • environment – Target deployment environment. Accepts an Environment member, a plain string ("prod" or "dev"), or None. When None the value of the SATORBIS_ENV environment variable is used; if that is also absent, prod is the default. Example: ServiceAuth(..., environment="dev").

  • scopes – Space-separated OIDC scopes.

  • token_url – Optional. The token endpoint URL. If not provided, it will be discovered from the OIDC discovery document.

authenticate()[source]

Authenticate using service account (client credentials flow).

Returns:

Token store containing the access token.

Return type:

TokenStore

refresh_token()[source]

Refresh the access token by re-authenticating.

Returns:

Token store containing the new access token.

Return type:

TokenStore