## <span style="color:purple">ArcGIS API for Python</span>

<img src="img/lock.png" style="width: 50%"></img>

## Demo: Authentication Options

The ArcGIS API for Python has a number of ways to authenticate with your web GIS. This demo provides a way to store commonly used Portals and Organizations to quickly authenticate and start working.

# Anonymous Users

Let's connect in the simplest way possible - instantiating a GIS object to the default GIS, ArcGIS Online.

In [None]:
import arcgis
gis = arcgis.gis.GIS()

In [None]:
gis.content.search("1=1")

# Built-in Users

In [None]:
gis = arcgis.gis.GIS(username="Anieto_esrifederal")

## Setting up a dictionary of GIS URLs
Now, let's take a look at a few other options to connect to other GIS organizations and Portals...

In [None]:
# Let's import a few new modules to help us handle passwords securely
from IPython.display import display
import getpass
import os

I'm going to use a Python dictionary to store the urls and other information for each Web GIS

In [None]:
portals_dict = {
    "esrifederal_gis": r"https://esrifederal.maps.arcgis.com",
    "natgov_gis": r"http://esri-natgov105.eastus.cloudapp.azure.com/arcgis",
    "dot_gis": r"http://dot.esri.com/portal",
    "dev_gis": r"http://ngse-dev.eastus.cloudapp.azure.com/portal",
    "bill_gis": r"https://idt.esri.com/portal/home/index.html",
}

## Authenticating with any Portal

This cell establishes the Web GIS that I want to connect to. I don't need to remember a full URL, just a generic name.

In [None]:
gis_url = portals_dict["bill_gis"]

The API allows you to safely pass your authentication details

In [None]:
gis_username = "anieto"

In [None]:
gis = arcgis.gis.GIS(gis_url, gis_username, verify_cert=False)

In [None]:
gis.users.search()

# Enterprise Identity Store

In [None]:
print("\n\nPortal-tier Authentication with LDAP - enterprise user")
gisldap = arcgis.gis.GIS("https://portalname.domain.com/webadapter_name", "AVWORLD\\Publisher", "password")
print("Logged in as: " + gisldap.properties.user.username)

# Authenticating to an Organization with Single Sign On

If we want to authenticate with an ArcGIS Online organization and an Okta username, use the following snippet:

In [None]:
gis_url = portals_dict["esrifederal_gis"]

This cell does something slightly more interesting. 

In our esrifederal organization, we authenticate using Okta. To allow the API to authenticate I've created an app on that organization and received an App ID. I can then pass this to the GIS method's client_id parameter and authenticate.

Retrieve App ID from: http://esrifederal.maps.arcgis.com/home/item.html?id=70852f2640e14a5f8050be8ac538e291#settings

In [None]:
gis = arcgis.gis.GIS("https://idt.esri.com/portal", client_id="KZTe9Eyy96GYQAQL")

In [None]:
gis

In [None]:
import getpass

In [None]:
if gis_url == portals_dict["esrifederal_gis"]:
    gis_app_id = getpass.getpass(prompt="App ID: ")
    print("Attempting to log in to '{0}'...".format(gis_url))
    gis = arcgis.gis.GIS(gis_url, client_id=gis_app_id)
    print("Successfully logged in as: " + gis.properties.user.username)
else:
    gis_username = getpass.getpass(prompt="Username: ")
    print("Attempting to log in to '{0}'...".format(gis_url))
    gis = arcgis.gis.GIS(gis_url, gis_username, gis_pw, verify_cert=False)
    print("Successfully logged in as: " + gis.properties.user.username)

In [None]:
gis.content.search("1=1")

# Connecting through ArcGIS Pro

In [None]:
print("\n\nActive Portal in ArcGIS Pro")  
gis = arcgis.gis.GIS("pro")

# Storing your credentialls locally

If you are signing in frequently to a particular GIS and would like to store the credentials locally on your computer, then you could do so using the profile parameter of your GIS.

Persistent profiles for the GIS can be created by giving the GIS authorization credentials and specifying a profile name. The profile stores all of the authorization credentials (except the password) in the user’s home directory in an unencrypted config file named .arcgisprofile. The profile securely stores the password in an O.S. specific password manager through the keyring python module. (Note: Linux systems may need additional software installed and configured for proper security) Once a profile has been saved, passing the profile parameter by itself uses the authorization credentials saved in the configuration file/password manager by that profile name. Multiple profiles can be created and used in parallel.

In [None]:
#Define 2 different profiles for two different urls
playground_gis = GIS(url="https://python.playground.esri.com/portal", username='arcgis_python', password='amazing_arcgis_123',
                     profile='python_playground_prof')
agol_gis = GIS(url="https://arcgis.com/", username='arcgis_python', password="P@ssword123",
    profile="AGOL_prof")
print("profile defined for {}".format(playground_gis))
print("profile defined for {}".format(agol_gis))

In [None]:
def print_profile_info(gis):
    print("Successfully logged into '{}' via the '{}' user".format(
           gis.properties.portalHostname,
           gis.properties.user.username)) 

playground_gis = GIS(profile='python_playground_prof')
print_profile_info(playground_gis)

agol_gis = GIS(profile="AGOL_prof")
print_profile_info(agol_gis)