Skip to main content

Authenticate with Azure AD

You can authenticate the Python SDK with Azure AD by using a token retrieved when a user authenticates or with a static client secret for long-running jobs like extractors.

Prerequisites

If you don't know which values to use for these variables, contact your CDF administrator or Cognite Support.

Authenticate with user credentials

You can authenticate the Python SDK with Azure AD by using a token retrieved with user credentials. You can find the examples here.

Authenticate with interactive login and token refresh

Use this flow to authenticate with user credentials by redirecting to an authentication page in the browser.

You need to provide an OAuthInteractive credential provider to the CogniteClient. The token is served from an in-memory cache but refreshed if needed (without requiring a user sign in or device code for the refresh).

NOTE

To use this flow with the code sample below, make sure the app is registered in Azure AD as the type Mobile and desktop applications with http://localhost:53000 as the Redirect URI.

You can find the code sample here.

Authenticate with user credentials and device code

If a browser isn't available, for example, if you are logged into a terminal, use this flow to authenticate with user credentials and use a device code to refresh the token.

Here we use the OAuthDeviceCode credential provider.

NOTE

To use this flow, select Allow public client flows under Authentication when registering the app in Azure AD.

You can find the code sample here.

Authenticate with client secret

Use the OAuthClientCredentials credential provider for this flow. Use this flow for long-running jobs like extractors.

You can find the code sample here.

Important

The token_url should follow the pattern https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token for Azure Active Directory, where $tenantId is the ID of the Azure AD tenant where the user is registered.