tobiko-cloud-api-client 202508.58.0__py3-none-any.whl → 202508.60.0__py3-none-any.whl

{tobiko_cloud_api_client-202508.58.0.dist-info → tobiko_cloud_api_client-202508.60.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: tobiko-cloud-api-client
-Version: 202508.58.0
+Version: 202508.60.0
 Author: TobikoData Inc.
 Author-email: engineering@tobikodata.com
 Requires-Python: <3.13,>=3.9
@@ -10,4 +10,4 @@ Requires-Dist: pydantic>=2.0.0
 Requires-Dist: rich[jupyter]
 Requires-Dist: ruamel.yaml
 Requires-Dist: tenacity
-Requires-Dist: tobiko-cloud-helpers==202508.58.0
+Requires-Dist: tobiko-cloud-helpers==202508.60.0

{tobiko_cloud_api_client-202508.58.0.dist-info → tobiko_cloud_api_client-202508.60.0.dist-info}/RECORD

@@ -1,14 +1,14 @@
 tobikodata/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tobikodata/http_client/__init__.py,sha256=0vzfsVlDAfzAktEsvzRnsMYy3OpkzAeY6dQoe5tW6oA,457
 tobikodata/http_client/api.py,sha256=J8W2IuKs7i7hbW3gWinWpCFnnPGwOszeUz3J3Bt41_o,8130
-tobikodata/http_client/auth.py,sha256=XP6jYsK58fM-gvCFT66_1z-MFMcKcdZe9mAKRVBArrQ,7112
+tobikodata/http_client/auth.py,sha256=AjT3HDO-Q9DZEzpyc5q3ASY-nOpC2Tc5fbNCFV4oMNk,8027
 tobikodata/http_client/public.py,sha256=rs_E5RurQlKT-DfuqGX7W5rJQA2Q3MkeWS6hSC0bFbI,17554
 tobikodata/http_client/api_models/v1/common.py,sha256=T79ytQywoyLAr157Hbiae3neCV52bm8Ny1i8S8nDzkE,418
 tobikodata/http_client/api_models/v1/dags.py,sha256=np7OeHQ9Vhdo1JqOsD4el3OTUdz-P5L7vYJEGrp3k8U,893
 tobikodata/http_client/api_models/v1/evaluations.py,sha256=Oa_BUxPt61jMpiz0JgUzpTvulU7yK08SC7AQjb3LqzY,1164
 tobikodata/http_client/api_models/v1/runs.py,sha256=F2kGhwRTYxSYS5NSJfDSvyNM0y4NIVHL1ONgM3MnD7w,444
-tobiko_cloud_api_client-202508.58.0.dist-info/METADATA,sha256=H_4x03y4kxWBQU9C5Of1GUAvSEQkx8VqBeHrmSCi18w,371
-tobiko_cloud_api_client-202508.58.0.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-tobiko_cloud_api_client-202508.58.0.dist-info/namespace_packages.txt,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-tobiko_cloud_api_client-202508.58.0.dist-info/top_level.txt,sha256=RtGY-jz-WpCF6_ox51-oVGzCMZ7v9RHTWLreUe86rUY,11
-tobiko_cloud_api_client-202508.58.0.dist-info/RECORD,,
+tobiko_cloud_api_client-202508.60.0.dist-info/METADATA,sha256=4a9gBi8LY1KHTI5bpXIh0_PoHxiGXHAjdPhd0TzPjdw,371
+tobiko_cloud_api_client-202508.60.0.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+tobiko_cloud_api_client-202508.60.0.dist-info/namespace_packages.txt,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+tobiko_cloud_api_client-202508.60.0.dist-info/top_level.txt,sha256=RtGY-jz-WpCF6_ox51-oVGzCMZ7v9RHTWLreUe86rUY,11
+tobiko_cloud_api_client-202508.60.0.dist-info/RECORD,,

tobikodata/http_client/auth.py

@@ -25,14 +25,20 @@ yaml = YAML()
 
 # This is duplicated from tcloud in order to avoid pulling in tcloud deps into
 # http client
+SCOPE = os.environ.get("TCLOUD_SCOPE", "tbk:scope:projects")
+"""The scopes to request from the tobiko auth service"""
+
 TCLOUD_PATH = Path(os.environ.get("TCLOUD_HOME", Path.home() / ".tcloud"))
 """The location of the tcloud config folder"""
 
-CLIENT_ID = "f695a000-bc5b-43c2-bcb7-8e0179ddff0c"
-"""The oauth client ID to use"""
+CLIENT_ID = os.environ.get("TCLOUD_CLIENT_ID", "f695a000-bc5b-43c2-bcb7-8e0179ddff0c")
+"""The OAuth client ID to use"""
+
+CLIENT_SECRET = os.environ.get("TCLOUD_CLIENT_SECRET")
+"""The OAuth client secret to use for the client credentials (service-to-service) flow"""
 
-TOKEN_URL = "https://cloud.tobikodata.com/auth/token"
-"""The oauth token endpoint to use"""
+TOKEN_URL = os.environ.get("TCLOUD_TOKEN_URL", "https://cloud.tobikodata.com/auth/token")
+"""The OAuth token endpoint to use"""
 
 THEME = Theme(
     {
@@ -100,7 +106,7 @@ class SSOAuth:
 
     def __init__(self) -> None:
         self.console = Console(theme=THEME)
-        self.session = OAuth2Session(CLIENT_ID)
+        self.session = OAuth2Session(CLIENT_ID, CLIENT_SECRET, scope=SCOPE)
         self.tokenInfo = SSOAuth._load_auth_yaml()
 
     def id_token(self) -> t.Optional[str]:
@@ -131,9 +137,24 @@ class SSOAuth:
                     # We failed to refresh, logout
                     SSOAuth._delete_auth_yaml()
 
+        # Can we use client credentials?
+        if CLIENT_SECRET:
+            return self.login_with_client_credentials()
+
         return None
 
+    def login_with_client_credentials(self) -> t.Optional[str]:
+        self.session.fetch_token(
+            TOKEN_URL,
+            grant_type="client_credentials",
+        )
+        return self._create_token_info(self.session.token)["id_token"]
+
     def refresh_token(self) -> t.Optional[str]:
+        # Can we use client credentials?
+        if CLIENT_SECRET:
+            return self.login_with_client_credentials()
+
         if not self.tokenInfo:
             self.console.print("Not currently authenticated", style="error")
             return None
@@ -159,10 +180,12 @@ class SSOAuth:
             "token_type": token["token_type"],
             "expires_at": token["expires_at"],
             "access_token": token["access_token"],
-            "refresh_token": token["refresh_token"],
             "id_token": token["id_token"],
         }
 
+        if "refresh_token" in token:
+            self.tokenInfo["refresh_token"] = token["refresh_token"]
+
         SSOAuth._save_auth_yaml(self.tokenInfo)
 
         return self.tokenInfo