eodag 2.12.1__py3-none-any.whl → 3.0.0b1__py3-none-any.whl

eodag/plugins/authentication/openid_connect.py

@@ -17,10 +17,12 @@
 # limitations under the License.
 from __future__ import annotations
 
+import logging
 import re
 import string
+from datetime import datetime
 from random import SystemRandom
-from typing import TYPE_CHECKING, Any, Dict, Optional
+from typing import TYPE_CHECKING, Any, Dict, Optional, TypedDict
 
 import requests
 from lxml import etree
@@ -28,7 +30,12 @@ from requests.auth import AuthBase
 
 from eodag.plugins.authentication import Authentication
 from eodag.utils import HTTP_REQ_TIMEOUT, USER_AGENT, parse_qs, repeatfunc, urlparse
-from eodag.utils.exceptions import AuthenticationError, MisconfiguredError, TimeOutError
+from eodag.utils.exceptions import (
+    AuthenticationError,
+    MisconfiguredError,
+    RequestError,
+    TimeOutError,
+)
 
 if TYPE_CHECKING:
     from requests import PreparedRequest, Response
@@ -36,7 +43,132 @@ if TYPE_CHECKING:
     from eodag.config import PluginConfig
 
 
-class OIDCAuthorizationCodeFlowAuth(Authentication):
+logger = logging.getLogger("eodag.auth.openid_connect")
+
+
+class OIDCRefreshTokenBase(Authentication):
+    """OIDC refresh token base class, to be used through specific OIDC flows plugins.
+
+    Common mechanism to handle refresh token from all OIDC auth plugins.
+    """
+
+    class TokenInfo(TypedDict, total=False):
+        """Token infos"""
+
+        refresh_token: str
+        refresh_time: datetime
+        token_time: datetime
+        access_token: str
+        access_token_expiration: float
+        refresh_token_expiration: float
+
+    def __init__(self, provider: str, config: PluginConfig) -> None:
+        super(OIDCRefreshTokenBase, self).__init__(provider, config)
+        self.session = requests.Session()
+        # already retrieved token info store
+        self.token_info: OIDCRefreshTokenBase.TokenInfo = {}
+
+    def _get_access_token(self) -> str:
+        current_time = datetime.now()
+        if (
+            # No info: first time
+            not self.token_info
+            # Refresh token available but expired
+            or (
+                "refresh_token" in self.token_info
+                and self.token_info["refresh_token_expiration"] > 0
+                and (current_time - self.token_info["token_time"]).seconds
+                >= self.token_info["refresh_token_expiration"]
+            )
+            # Refresh token *not* available and access token expired
+            or (
+                "refresh_token" not in self.token_info
+                and (current_time - self.token_info["token_time"]).seconds
+                >= self.token_info["access_token_expiration"]
+            )
+        ):
+            # Request *new* token on first attempt or if token expired
+            res = self._request_new_token()
+            self.token_info["token_time"] = current_time
+            self.token_info["access_token_expiration"] = float(res["expires_in"])
+            if "refresh_token" in res:
+                self.token_info["refresh_time"] = current_time
+                self.token_info["refresh_token_expiration"] = float(
+                    res["refresh_expires_in"]
+                )
+                self.token_info["refresh_token"] = str(res["refresh_token"])
+            return str(res["access_token"])
+
+        elif (
+            # Refresh token available and access token expired
+            "refresh_token" in self.token_info
+            and (current_time - self.token_info["refresh_time"]).seconds
+            >= self.token_info["access_token_expiration"]
+        ):
+            # Use refresh token
+            res = self._get_token_with_refresh_token()
+            self.token_info["refresh_token"] = res["refresh_token"]
+            self.token_info["refresh_time"] = current_time
+            return res["access_token"]
+
+        logger.debug("Using already retrieved access token")
+        return self.token_info["access_token"]
+
+    def _request_new_token(self) -> Dict[str, str]:
+        """Fetch the access token with a new authentcation"""
+        raise NotImplementedError(
+            "Incomplete OIDC refresh token retrieval mechanism implementation"
+        )
+
+    def _request_new_token_error(self, e: requests.RequestException) -> Dict[str, str]:
+        """Handle RequestException raised by `self._request_new_token()`"""
+        if self.token_info.get("access_token"):
+            # try using already retrieved token if authenticate() fails (OTP use-case)
+            if "access_token_expiration" in self.token_info:
+                return {
+                    "access_token": self.token_info["access_token"],
+                    "expires_in": str(self.token_info["access_token_expiration"]),
+                }
+            else:
+                return {
+                    "access_token": self.token_info["access_token"],
+                    "expires_in": "0",
+                }
+        response_text = getattr(e.response, "text", "").strip()
+        # check if error is identified as auth_error in provider conf
+        auth_errors = getattr(self.config, "auth_error_code", [None])
+        if not isinstance(auth_errors, list):
+            auth_errors = [auth_errors]
+        if (
+            e.response
+            and hasattr(e.response, "status_code")
+            and e.response.status_code in auth_errors
+        ):
+            raise AuthenticationError(
+                "HTTP Error %s returned, %s\nPlease check your credentials for %s"
+                % (e.response.status_code, response_text, self.provider)
+            )
+        # other error
+        else:
+            import traceback as tb
+
+            logger.error(
+                f"Provider {self.provider} returned {getattr(e.response, 'status_code', '')}: {response_text}"
+            )
+            raise AuthenticationError(
+                "Something went wrong while trying to get access token:\n{}".format(
+                    tb.format_exc()
+                )
+            )
+
+    def _get_token_with_refresh_token(self) -> Dict[str, str]:
+        """Fetch the access token with the refresh token"""
+        raise NotImplementedError(
+            "Incomplete OIDC refresh token retrieval mechanism implementation"
+        )
+
+
+class OIDCAuthorizationCodeFlowAuth(OIDCRefreshTokenBase):
     """Implement the authorization code flow of the OpenIDConnect authorization specification.
 
     The `OpenID Connect <http://openid.net/specs/openid-connect-core-1_0.html>`_ specification
@@ -109,6 +241,10 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
         # same rules as with user_consent_form_data
         additional_login_form_data:
 
+        # (optional) Key/value pairs of patterns/messages. If exchange_url contains the given pattern, the associated
+        message will be sent in an AuthenticationError
+        exchange_url_error_pattern:
+
         # (optional) The OIDC provider's client secret of the eodag provider
         client_secret:
 
@@ -123,6 +259,8 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
         # used in the query request
         token_qs_key:
 
+        # (optional) The key pointing to the refresh_token in the json response to the POST request to the token server
+        refresh_token_key:
     """
 
     SCOPE = "openid"
@@ -131,6 +269,10 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
 
     def __init__(self, provider: str, config: PluginConfig) -> None:
         super(OIDCAuthorizationCodeFlowAuth, self).__init__(provider, config)
+
+    def validate_config_credentials(self) -> None:
+        """Validate configured credentials"""
+        super(OIDCAuthorizationCodeFlowAuth, self).validate_config_credentials()
         if getattr(self.config, "token_provision", None) not in ("qs", "header"):
             raise MisconfiguredError(
                 'Provider config parameter "token_provision" must be one of "qs" or "header"'
@@ -142,33 +284,74 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
                 'Provider config parameter "token_provision" with value "qs" must have '
                 '"token_qs_key" config parameter as well'
             )
-        self.session = requests.Session()
 
-    def authenticate(self) -> AuthBase:
+    def authenticate(self) -> CodeAuthorizedAuth:
         """Authenticate"""
+        self.token_info["access_token"] = self._get_access_token()
+
+        return CodeAuthorizedAuth(
+            self.token_info["access_token"],
+            self.config.token_provision,
+            key=getattr(self.config, "token_qs_key", None),
+        )
+
+    def _request_new_token(self) -> Dict[str, str]:
+        """Fetch the access token with a new authentcation"""
+        logger.debug("Fetching access token from %s", self.config.token_uri)
         state = self.compute_state()
         authentication_response = self.authenticate_user(state)
         exchange_url = authentication_response.url
+        for err_pattern, err_message in getattr(
+            self.config, "exchange_url_error_pattern", {}
+        ).items():
+            if err_pattern in exchange_url:
+                raise AuthenticationError(err_message)
+        if not exchange_url.startswith(self.config.redirect_uri):
+            raise AuthenticationError(
+                f"Could not authenticate user with provider {self.provider}.",
+                "Please verify your credentials",
+            )
         if self.config.user_consent_needed:
             user_consent_response = self.grant_user_consent(authentication_response)
             exchange_url = user_consent_response.url
         try:
-            token = self.exchange_code_for_token(exchange_url, state)
+            token_response = self.exchange_code_for_token(exchange_url, state)
+            token_response.raise_for_status()
         except requests.exceptions.Timeout as exc:
             raise TimeOutError(exc, timeout=HTTP_REQ_TIMEOUT) from exc
-        except Exception:
-            import traceback as tb
-
-            raise AuthenticationError(
-                "Something went wrong while trying to get authorization token:\n{}".format(
-                    tb.format_exc()
-                )
-            )
-        return CodeAuthorizedAuth(
-            token,
-            self.config.token_provision,
-            key=getattr(self.config, "token_qs_key", None),
+        except requests.RequestException as e:
+            return self._request_new_token_error(e)
+        return token_response.json()
+
+    def _get_token_with_refresh_token(self) -> Dict[str, str]:
+        """Fetch the access token with the refresh token"""
+        logger.debug(
+            "Fetching access token with refresh token from %s", self.config.token_uri
         )
+        token_data: Dict[str, Any] = {
+            "refresh_token": self.token_info["refresh_token"],
+            "grant_type": "refresh_token",
+        }
+        token_data = self._prepare_token_post_data(token_data)
+        post_request_kwargs: Any = {
+            self.config.token_exchange_post_data_method: token_data
+        }
+        try:
+            token_response = self.session.post(
+                self.config.token_uri,
+                timeout=HTTP_REQ_TIMEOUT,
+                **post_request_kwargs,
+            )
+            token_response.raise_for_status()
+        except requests.exceptions.Timeout as exc:
+            raise TimeOutError(exc, timeout=HTTP_REQ_TIMEOUT) from exc
+        except requests.RequestException as exc:
+            logger.error(
+                "Could not fetch access token with refresh token, executing new token request, error: %s",
+                getattr(exc.response, "text", ""),
+            )
+            return self._request_new_token()
+        return token_response.json()
 
     def authenticate_user(self, state: str) -> Response:
         """Authenticate user"""
@@ -188,7 +371,9 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
         )
 
         login_document = etree.HTML(authorization_response.text)
-        login_form = login_document.xpath(self.config.login_form_xpath)[0]
+        login_forms = login_document.xpath(self.config.login_form_xpath)
+        login_form = login_forms[0]
+
         # Get the form data to pass to the login form from config or from the login form
         login_data = {
             key: self._constant_or_xpath_extracted(value, login_form)
@@ -198,14 +383,23 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
         }
         # Add the credentials
         login_data.update(self.config.credentials)
-        auth_uri = getattr(self.config, "authentication_uri", None)
+
         # Retrieve the authentication_uri from the login form if so configured
         if self.config.authentication_uri_source == "login-form":
             # Given that the login_form_xpath resolves to an HTML element, if suffices to add '/@action' to get
             # the value of its action attribute to this xpath
             auth_uri = login_form.xpath(
                 self.config.login_form_xpath.rstrip("/") + "/@action"
-            )[0]
+            )
+            if not auth_uri or not auth_uri[0]:
+                raise RequestError(
+                    f"Could not get auth_uri from {self.config.login_form_xpath}"
+                )
+            auth_uri = auth_uri[0]
+        else:
+            auth_uri = getattr(self.config, "authentication_uri", None)
+            if not auth_uri:
+                raise MisconfiguredError("authentication_uri is missing")
         return self.session.post(
             auth_uri, data=login_data, headers=USER_AGENT, timeout=HTTP_REQ_TIMEOUT
         )
@@ -228,40 +422,49 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
             timeout=HTTP_REQ_TIMEOUT,
         )
 
-    def exchange_code_for_token(self, authorized_url: str, state: str) -> str:
-        """Get exchange code for token"""
-        qs = parse_qs(urlparse(authorized_url).query)
-        if qs["state"][0] != state:
-            raise AuthenticationError(
-                "The state received in the authorized url does not match initially computed state"
-            )
-        code = qs["code"][0]
-        token_exchange_data: Dict[str, Any] = {
-            "redirect_uri": self.config.redirect_uri,
-            "client_id": self.config.client_id,
-            "code": code,
-            "state": state,
-        }
+    def _prepare_token_post_data(self, token_data: Dict[str, Any]) -> Dict[str, Any]:
+        """Prepare the common data to post to the token URI"""
+        token_data.update(
+            {
+                "redirect_uri": self.config.redirect_uri,
+                "client_id": self.config.client_id,
+            }
+        )
         # If necessary, change the keys of the form data that will be passed to the token exchange POST request
         custom_token_exchange_params = getattr(self.config, "token_exchange_params", {})
         if custom_token_exchange_params:
-            token_exchange_data[
-                custom_token_exchange_params["redirect_uri"]
-            ] = token_exchange_data.pop("redirect_uri")
-            token_exchange_data[
-                custom_token_exchange_params["client_id"]
-            ] = token_exchange_data.pop("client_id")
+            token_data[custom_token_exchange_params["redirect_uri"]] = token_data.pop(
+                "redirect_uri"
+            )
+            token_data[custom_token_exchange_params["client_id"]] = token_data.pop(
+                "client_id"
+            )
         # If the client_secret is known, the token exchange request must be authenticated with a BASIC Auth, using the
         # client_id and client_secret as username and password respectively
         if getattr(self.config, "client_secret", None):
-            token_exchange_data.update(
+            token_data.update(
                 {
                     "auth": (self.config.client_id, self.config.client_secret),
-                    "grant_type": "authorization_code",
                     "client_secret": self.config.client_secret,
                 }
             )
-        post_request_kwargs = {
+        return token_data
+
+    def exchange_code_for_token(self, authorized_url: str, state: str) -> Response:
+        """Get exchange code for token"""
+        qs = parse_qs(urlparse(authorized_url).query)
+        if qs["state"][0] != state:
+            raise AuthenticationError(
+                "The state received in the authorized url does not match initially computed state"
+            )
+        code = qs["code"][0]
+        token_exchange_data: Dict[str, Any] = {
+            "code": code,
+            "state": state,
+            "grant_type": "authorization_code",
+        }
+        token_exchange_data = self._prepare_token_post_data(token_exchange_data)
+        post_request_kwargs: Any = {
             self.config.token_exchange_post_data_method: token_exchange_data
         }
         r = self.session.post(
@@ -270,7 +473,7 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
             timeout=HTTP_REQ_TIMEOUT,
             **post_request_kwargs,
         )
-        return r.json()[self.config.token_key]
+        return r
 
     def _constant_or_xpath_extracted(
         self, value: str, form_element: Any
@@ -279,7 +482,7 @@ class OIDCAuthorizationCodeFlowAuth(Authentication):
         if not match:
             return value
         value_from_xpath = form_element.xpath(
-            self.CONFIG_XPATH_REGEX.match(value).groupdict("xpath_value")
+            self.CONFIG_XPATH_REGEX.match(value).groupdict("xpath_value")["xpath_value"]
         )
         if len(value_from_xpath) == 1:
             return value_from_xpath[0]
@@ -318,4 +521,11 @@ class CodeAuthorizedAuth(AuthBase):
 
         elif self.where == "header":
             request.headers["Authorization"] = "Bearer {}".format(self.token)
+        logger.debug(
+            re.sub(
+                r"'Bearer [^']+'",
+                r"'Bearer ***'",
+                f"PreparedRequest: {request.__dict__}",
+            )
+        )
         return request

eodag/plugins/authentication/qsauth.py

@@ -67,6 +67,8 @@ class HttpQueryStringAuth(Authentication):
         auth = QueryStringAuth(**self.config.credentials)
 
         auth_uri = getattr(self.config, "auth_uri", None)
+        ssl_verify = getattr(self.config, "ssl_verify", True)
+
         if auth_uri:
             try:
                 response = requests.get(
@@ -74,6 +76,7 @@ class HttpQueryStringAuth(Authentication):
                     timeout=HTTP_REQ_TIMEOUT,
                     headers=USER_AGENT,
                     auth=auth,
+                    verify=ssl_verify,
                 )
                 response.raise_for_status()
             except requests.exceptions.Timeout as exc:

eodag/plugins/authentication/sas_auth.py

@@ -43,11 +43,13 @@ class RequestsSASAuth(AuthBase):
         auth_uri: str,
         signed_url_key: str,
         headers: Optional[Dict[str, str]] = None,
+        ssl_verify: bool = True,
     ) -> None:
         self.auth_uri = auth_uri
         self.signed_url_key = signed_url_key
         self.headers = headers
         self.signed_urls: Dict[str, str] = {}
+        self.ssl_verify = ssl_verify
 
     def __call__(self, request: PreparedRequest) -> PreparedRequest:
         """Perform the actual authentication"""
@@ -63,7 +65,10 @@ class RequestsSASAuth(AuthBase):
             logger.debug(f"Signed URL request: {req_signed_url}")
             try:
                 response = requests.get(
-                    req_signed_url, headers=self.headers, timeout=HTTP_REQ_TIMEOUT
+                    req_signed_url,
+                    headers=self.headers,
+                    timeout=HTTP_REQ_TIMEOUT,
+                    verify=self.ssl_verify,
                 )
                 response.raise_for_status()
                 signed_url = response.json().get(self.signed_url_key)
@@ -95,6 +100,7 @@ class SASAuth(Authentication):
 
         # update headers with subscription key if exists
         apikey = getattr(self.config, "credentials", {}).get("apikey", None)
+        ssl_verify = getattr(self.config, "ssl_verify", True)
         if apikey:
             headers_update = format_dict_items(self.config.headers, apikey=apikey)
             headers.update(headers_update)
@@ -103,4 +109,5 @@ class SASAuth(Authentication):
             auth_uri=self.config.auth_uri,
             signed_url_key=self.config.signed_url_key,
             headers=headers,
+            ssl_verify=ssl_verify,
         )

eodag/plugins/authentication/token.py

@@ -46,6 +46,7 @@ class TokenAuth(Authentication):
     def __init__(self, provider: str, config: PluginConfig) -> None:
         super(TokenAuth, self).__init__(provider, config)
         self.token = ""
+        self.refresh_token = ""
 
     def validate_config_credentials(self) -> None:
         """Validate configured credentials"""
@@ -55,9 +56,9 @@ class TokenAuth(Authentication):
             self.config.auth_uri = self.config.auth_uri.format(
                 **self.config.credentials
             )
-            # format headers if needed
+            # format headers if needed (and accepts {token} to be formatted later)
             self.config.headers = {
-                header: value.format(**self.config.credentials)
+                header: value.format(**{"token": "{token}", **self.config.credentials})
                 for header, value in getattr(self.config, "headers", {}).items()
             }
         except KeyError as e:
@@ -69,65 +70,108 @@ class TokenAuth(Authentication):
         """Authenticate"""
         self.validate_config_credentials()
 
-        # append headers to req if some are specified in config
-        req_kwargs: Dict[str, Any] = (
-            {"headers": dict(self.config.headers, **USER_AGENT)}
-            if hasattr(self.config, "headers")
-            else {"headers": USER_AGENT}
-        )
         s = requests.Session()
-        retries = Retry(
-            total=3, backoff_factor=2, status_forcelist=[401, 429, 500, 502, 503, 504]
-        )
-        s.mount(self.config.auth_uri, HTTPAdapter(max_retries=retries))
         try:
             # First get the token
-            if getattr(self.config, "request_method", "POST") == "POST":
-                response = s.post(
-                    self.config.auth_uri,
-                    data=self.config.credentials,
-                    timeout=HTTP_REQ_TIMEOUT,
-                    **req_kwargs,
-                )
-            else:
-                cred = self.config.credentials
-                response = s.get(
-                    self.config.auth_uri,
-                    auth=(cred["username"], cred["password"]),
-                    timeout=HTTP_REQ_TIMEOUT,
-                    **req_kwargs,
-                )
+            response = self._token_request(session=s)
             response.raise_for_status()
         except requests.exceptions.Timeout as exc:
             raise TimeOutError(exc, timeout=HTTP_REQ_TIMEOUT) from exc
         except RequestException as e:
             response_text = getattr(e.response, "text", "").strip()
-            raise AuthenticationError(
-                f"Could no get authentication token: {str(e)}, {response_text}"
-            )
+            # check if error is identified as auth_error in provider conf
+            auth_errors = getattr(self.config, "auth_error_code", [None])
+            if not isinstance(auth_errors, list):
+                auth_errors = [auth_errors]
+            if (
+                e.response is not None
+                and getattr(e.response, "status_code", None)
+                and e.response.status_code in auth_errors
+            ):
+                raise AuthenticationError(
+                    f"HTTP Error {e.response.status_code} returned, {response_text}\n"
+                    f"Please check your credentials for {self.provider}"
+                )
+            # other error
+            else:
+                raise AuthenticationError(
+                    f"Could no get authentication token: {str(e)}, {response_text}"
+                )
         else:
             if getattr(self.config, "token_type", "text") == "json":
                 token = response.json()[self.config.token_key]
             else:
                 token = response.text
-            headers = self._get_headers(token)
             self.token = token
+            if getattr(self.config, "refresh_token_key", None):
+                self.refresh_token = response.json()[self.config.refresh_token_key]
+            if not hasattr(self.config, "headers"):
+                raise MisconfiguredError(f"Missing headers configuration for {self}")
             # Return auth class set with obtained token
-            return RequestsTokenAuth(token, "header", headers=headers)
-
-    def _get_headers(self, token: str) -> Dict[str, str]:
-        headers = self.config.headers
-        if "Authorization" in headers and "$" in headers["Authorization"]:
-            headers["Authorization"] = headers["Authorization"].replace("$token", token)
-        if (
-            self.token
-            and token != self.token
-            and self.token in headers["Authorization"]
-        ):
-            headers["Authorization"] = headers["Authorization"].replace(
-                self.token, token
+            return RequestsTokenAuth(
+                token, "header", headers=getattr(self.config, "headers", {})
             )
-        return headers
+
+    def _token_request(
+        self,
+        session: requests.Session,
+    ) -> requests.Response:
+        retries = Retry(
+            total=3,
+            backoff_factor=2,
+            status_forcelist=[401, 429, 500, 502, 503, 504],
+        )
+
+        # append headers to req if some are specified in config
+        req_kwargs: Dict[str, Any] = {
+            "headers": dict(self.config.headers, **USER_AGENT)
+        }
+
+        if self.refresh_token:
+            logger.debug("fetching access token with refresh token")
+            session.mount(self.config.refresh_uri, HTTPAdapter(max_retries=retries))
+            try:
+                response = session.post(
+                    self.config.refresh_uri,
+                    data={"refresh_token": self.refresh_token},
+                    timeout=HTTP_REQ_TIMEOUT,
+                    **req_kwargs,
+                )
+                response.raise_for_status()
+                return response
+            except requests.exceptions.HTTPError as e:
+                logger.debug(getattr(e.response, "text", "").strip())
+
+        logger.debug("fetching access token from %s", self.config.auth_uri)
+        # append headers to req if some are specified in config
+        session.mount(self.config.auth_uri, HTTPAdapter(max_retries=retries))
+        method = getattr(self.config, "request_method", "POST")
+
+        # send credentials also as data in POST requests
+        if method == "POST":
+            # append req_data to credentials if specified in config
+            req_kwargs["data"] = dict(
+                getattr(self.config, "req_data", {}), **self.config.credentials
+            )
+
+        # credentials as auth tuple if possible
+        req_kwargs["auth"] = (
+            (
+                self.config.credentials["username"],
+                self.config.credentials["password"],
+            )
+            if all(
+                k in self.config.credentials.keys() for k in ["username", "password"]
+            )
+            else None
+        )
+
+        return session.request(
+            method=method,
+            url=self.config.auth_uri,
+            timeout=HTTP_REQ_TIMEOUT,
+            **req_kwargs,
+        )
 
 
 class RequestsTokenAuth(AuthBase):
@@ -165,5 +209,7 @@ class RequestsTokenAuth(AuthBase):
                 )
             )
         elif self.where == "header":
-            request.headers["Authorization"] = "Bearer {}".format(self.token)
+            request.headers["Authorization"] = request.headers.get(
+                "Authorization", "Bearer {token}"
+            ).format(token=self.token)
         return request