# App Credentials

In this tutorial we will generate new app credentials and save them to a local file so that we don't need to re-enter them in future tutorials.

We will first authenticate to the [SpatiaFi Auth API](https://auth.spatiafi.com/) once using user name and password.
Then using the returned access token we can generate new "App Credentials" as a `client_id` and `client_secret`.

Finally we'll save the App Credentials to a file and load them into our environment variables. This will allow other tutorials to
access the saved credentials.

### Requirements

`requests` and `authlib` libraries will be used for code examples in this tutorial, to install:

In [None]:
!pip install requests authlib

In [None]:
import json
import os
import time
from pprint import pprint

import requests
from authlib.integrations.requests_client import OAuth2Session
from authlib.oauth2.rfc7523 import ClientSecretJWT
from platformdirs import user_config_dir

## Basic Auth Token Endpoint

An access token to can be obtianed by making a `GET` request to `https://auth.spatiafi.com/api/v1/auth/jwt/token/basic` with an [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) header.

This is straightforward using [requests](https://requests.readthedocs.io/en/latest/). Of course, remember to use your own username and password.

In [None]:
url = "https://auth.spatiafi.com/api/v1/auth/jwt/token/basic"

username = "null@example.com"
password = "example_password123"

response = requests.get(url, auth=(username, password))

response_data = response.json()
access_token = response_data["access_token"]

pprint(response_data)

## Generate App Credentials

We now have an "access token", but **this token only lasts ~15 minutes**.  We can check the expiry time with:

In [None]:
minutes, seconds = divmod(response_data["expires_at"] - int(time.time()), 60)

print(f"Access token expires in: {minutes} minutes, {seconds} seconds")

To work around this short expiry time, we generate App Credentials (`client_id` and `client_secret`) and use [authlib](https://docs.authlib.org/en/latest/) to **generate our own access tokens**.  This means that you can directly authenticate to the SpatiaFi API without transfering your password or `client_secret`.

### Create `client_id` and `client_secret`

In order to create App Credentials, we will make an empty `POST` request to `/api/v1/clients` endpoint, and include the `access_token` from above in the Header.

`client_secret` is only shown once during client creation and can't be accessed later, so make sure to save it somewhere safe.

In [None]:
headers = {"Authorization": "Bearer " + access_token}

response = requests.post("https://auth.spatiafi.com/api/v1/clients/", headers=headers)
response_data = response.json()
print(f"status: {response.status_code}")
print(response_data)

client_id = response_data["client_id"]
client_secret = response_data["client_secret"]

### Save App Credentials
In order to use these credentials in the future we will save them to our local machine.

We then load the credentials into environment variables.

In [None]:
file_location = os.path.join(
    user_config_dir("spatiafi", ensure_exists=True), "app_credentials"
)

with open(file_location, "w") as f:
    json.dump(response_data, f)
    print("App Credentials saved to:", file_location)

In [None]:
def load_spatiafi_credentials():
    file_location = os.path.join(
        user_config_dir("spatiafi", ensure_exists=True), "app_credentials"
    )
    try:
        with open(file_location) as f:
            data = json.load(f)

        for key, value in data.items():
            os.environ[key.upper()] = str(value)
    except Exception as e:
        print(f"Error occurred: {e}")


load_spatiafi_credentials()

## Use App Credentials to generate a new Access Token

We can now use `authlib` and these credentials to generate access tokens:

In [None]:
def get_session():
    client = OAuth2Session(
        os.environ["CLIENT_ID"],
        os.environ["CLIENT_SECRET"],
        token_endpoint="https://auth.spatiafi.com/api/v1/auth/jwt/token",
        grant_type="client_credentials",
        token_endpoint_auth_method=ClientSecretJWT(
            "https://auth.spatiafi.com/api/v1/auth/jwt/token"
        ),
    )
    client.fetch_token()
    return client


session = get_session()
print("Getting an access_token with client_id and client_secret:\n")
response_data = session.fetch_token()

print(f"New access token expires in: {minutes} minutes, {seconds} seconds")

## Use in Tutorails and App Development

The above functions `load_spatiafi_credentials` and `get_session` can be used in tutorials and your own applications to authenticate to the SpatiaFi API - **you might want to save these functions** 😉