Subpackages

Submodules

arcgis.auth.api module

classarcgis.auth.api.EsriSession(auth:AuthBase|None=None,verify_cert:bool=True,cert:tuple[str,str]|None=None,headers:Dict[str,Any]=None,referer:str|None='http',trust_env:bool|None=None,assert_hostname:bool=True,**kwargs)

Bases:object

TheEsriSession class is designed to simplify access to the Esri WebGISenvironments without the additional components of thearcgis orarcpymodules. It is designed to allow users to connect and manage all HTTP callsthemselves with no hand holding.

Security is handled through therequests authentication model. Leveragingauthentication handlers and primarily connecting to 10.8.1+ enterprise components.

The supported Authentication Schemes are:

1. Username/Password

2. Oauth 2

3. IWA/NTLM

4. Basic

5. Digest

6. PKI

7. API Keys

8. User Provided Tokens

9. Kerberos

Anyone can extend the authentication handlers by creating a class and inheritingfromrequests.auth.AuthBase.

TheEsriSession authentication supports authentication chaining. Meaningusers can stack authentication methods.

auth1 + auth2 + auth3

It is recommended that you do not stack unneeded authenticators because theycan caused unintended failures.

Parameter	Description
auth	Optional AuthBase. This is a security handler that performs some sortof security check.
cert	Optional Tuple. The client side certificate as a tuple or string. Itshould be noted thatEsriSession does not support encrypted privatekeys.
verify_cert	Optional Bool. WhenFalse all SSL certificate errors are ignored.The default isTrue.
allow_redirects	Optional Bool. WhenFalse if the URL redirects a user, an errorwill be raised. The default isTrue
headers	Optional Dict. An additional set of key/value(s) to append to anyrequest’s header.
referer	Optional Str. Thereferer header value. The default ishttp. Thisis mainly used withtoken security.

Optional Arguments

Parameter	Description
trust_env	Optional Bool. The default isTrue. IfFalse proxies will causean error to be raised if set by.netrc files.
stream	Optional Bool. To enable handling streaming responses, set stream toTrue and iterate over the response withiter_lines. The default isFalse.
check_hostname	Optional Bool. When connecting to a side via IP Address with an SSLcertificate, the hostname will not match. This allows a user tospecify the hostname in the headers parameters and ignore hostnameerrors.
retries	Optional Int. The max number of tries to retry a service for 50x errors.
backoff_factor	Optional float. The amount of time in seconds to wait between retries.
status_to_retry	Optional Tuple. The status codes to run retries on. The default is(413, 429, 503, 500, 502, 504).
method_whitelist	Optional List. Whenretries is specified, the user can specify what methods are retried.The default is‘POST’, ‘DELETE’, ‘GET’, ‘HEAD’, ‘OPTIONS’, ‘PUT’, ‘TRACE’
proxies	Optional Dict. A key/value mapping where the keys are the transfer protocol and the value is the <url>:<port>. example `pythonproxies={"http":127.0.0.1:8080,"https":127.0.0.1:8081}session=EsriSession(proxies=proxies)`

propertyadapters:Dict[str,str]

Returns an dictionary of mounted adapters.

Returns:

dict

propertyauth:AuthBase

Get/Set the Authentication Handler for the Session

propertyca_bundles:list[str]|str

returns the path to the extra CA bundles

propertycert:Tuple[str]

Get/Set the users certificate as a (private, public) keys.

Returns:

Tuple[str]

close()

Closes all adapters and as such the session

delete(url,**kwargs)→Response

Sends a DELETE request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

get(url,**kwargs)→Response

Sends a GET request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

head(url,**kwargs)→Response

Sends a HEAD request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

propertyheaders:Dict[str,Any]

Gets/Sets the headers from the current session object

mount(prefix:str,adapter:HTTPAdapter)

Registers a connection adapter to a prefix.

Adapters are sorted in descending order by prefix length.

options(url,**kwargs)→Response

Sends a OPTIONS request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

patch(url,data=None,**kwargs)→Response

Sends a PATCH request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• data – (optional) Dictionary, list of tuples, bytes, or file-likeobject to send in the body of theRequest.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

post(url,data=None,json=None,**kwargs)→Response

Sends a POST request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• data – (optional) Dictionary, list of tuples, bytes, or file-likeobject to send in the body of theRequest.

• json – (optional) json to send in the body of theRequest.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

propertyproxies:Dict[str,str]

Dictionary mapping protocol or protocol and host to the URL of the proxy.(e.g. {‘http’: ‘foo.bar:3128’, ‘http://host.name’: ‘foo.bar:4012’}) tobe used on eachRequest.

Returns:

dict

put(url,data=None,**kwargs)→Response

Sends a PUT request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• data – (optional) Dictionary, list of tuples, bytes, or file-likeobject to send in the body of theRequest.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

propertyreferer:str

Gets/Sets the referer

propertystream:bool

Gets/Sets the stream property for the current session object

propertytrust_env:bool|None

Trust environment settings for proxy configuration, default authentication and similar.

update_headers(values:Dict[str,Any])→bool

Performs an update call on the headers

propertyverify:bool|str

Get/Set property that allows for the verification of SSL certificates

Returns:

bool

Module contents

classarcgis.auth.ArcGISProAuth(legacy:bool=False)

Bases:AuthBase,SupportMultiAuth

Performs the ArcGIS Pro Authentication for a given request.

handle_40x(r,**kwargs)

Handles Case where token is invalid

propertytoken

obtains the login token

classarcgis.auth.BaseEsriAuth

Bases:AuthBase

A base class that developers can inherit from to create customauthentication handlers.

For more information, please see:https://docs.python-requests.org/en/master/user/authentication/#new-forms-of-authentication

response_hook(response:Response,**kwargs)→Response

response hook logic

Returns:

Response

propertytoken:str

returns a ArcGIS Token as a string

Returns:

string

classarcgis.auth.EsriAPIKeyAuth(api_key:str,referer:str=None,verify_cert:bool=True,auth:AuthBase=None)

Bases:AuthBase,SupportMultiAuth

authentication for API Keys

add_api_token(r,**kwargs)

generates a server token using Portal token

api_key=None

auth=None

propertytoken:str

Gets/Sets the API token

Returns:

String

classarcgis.auth.EsriBasicAuth(session,username:str,password:str,**kwargs)

Bases:HTTPBasicAuth,SupportMultiAuth

Describes a basic requests authentication.

auth=None

generate_portal_server_token(r,**kwargs)

generates a server token using Portal token

propertytoken:str

Gets the token. This is alwaysNone forEsriBasicAuth

Returns:

String

classarcgis.auth.EsriBuiltInAuth(url:str,username:str,password:str,expiration:int=None,legacy:bool=False,verify_cert:bool=True,referer:str=None,session:'EsriSession'|None=None,**kwargs)

Bases:AuthBase,SupportMultiAuth

Performs the BUILT-IN Login Authorization for ArcGIS Online and Enterprise

create_authorization_response(redirect_uri:str|None=None)→str

creates the authorization URL

handle_401(r,**kwargs)

handles the issues in the response where token might be rejected

suspend()→bool

Invalidates the login and checks any licenses back in

Returns:

Bool. If True, the licenses is checked back in successfully,False, the process failed.

propertytoken

obtains the login token

classarcgis.auth.EsriGenTokenAuth(token_url:str,referer:str,username:str=None,password:str=None,portal_auth:EsriGenTokenAuth=None,time_out:int=1440,verify_cert:bool=True,legacy:bool=False,**kwargs)

Bases:AuthBase,SupportMultiAuth

This form of Authentication leverages thegenerateToken endpoint fromthe ArcGIS Product. This is supported for ArcGIS Online, ArcGIS Enterpriseand ArcGIS Server.

This form of authentication is considered legacy and should only be usedwith unfederated server products.

propertyexpiration:datetime

Gets the time the token will expire on

handle_401(r,**kwargs)

handle_redirect(r,**kwargs)

init_per_thread_state()

propertyreferer:str

propertytime_out:int

returns the time out time in minutes

token(server_url=None)→str

classarcgis.auth.EsriHttpNtlmAuth(session,username,password,send_cbt=True,**kwargs)

Bases:AuthBase

HTTP NTLM Authentication Handler for Requests.

Supports pass-the-hash.

This is derived from work of Jordan Borean and requests-ntlm/requests-ntlm2

generate_token(r,scheme,args)

generates the server token

response_hook(r,**kwargs)

The actual hook handler.

retry_using_http_NTLM_auth(auth_header_field,auth_header,response,auth_type,args)

Performs the NTLM handshake

exceptionarcgis.auth.EsriHttpResponseError(message:str)

Bases:Exception

Exception raised for http errors.

Attributes:

message – explanation of the error

classarcgis.auth.EsriKerberosAuth(*,username:str|None=None,password:str|None=None,**kwargs)

Bases:AuthBase,SupportMultiAuth

generate_portal_server_token(r,**kwargs)

generates a server token using Portal token

propertytoken:str

Gets the token. This is alwaysNone forKerberosAuth

Returns:

String

classarcgis.auth.EsriNotebookAuth(token:str,referer:str=None,auth:AuthBase=None,**kwargs)

Bases:AuthBase,SupportMultiAuth

authentication for notebook servers Keys

add_token(r,**kwargs)

generates a server token using Portal token

auth=None

propertytoken:str

Gets/Sets the API token

Returns:

String

classarcgis.auth.EsriOAuth2Auth(base_url:str,client_id:str,client_secret:str|None=None,username:str|None=None,password:str|None=None,referer:str='http',expiration:int=1440,proxies:dict|None=None,session:'EsriSession'|None=None,**kwargs)

Bases:AuthBase,SupportMultiAuth

Performs the OAuth Workflow for logging in to Enterprise

handle_40x(r,**kwargs)

Handles Case where token is invalid

propertytoken:str

Gets the Oauth token

Returns:

String

classarcgis.auth.EsriPKCEAuth(url:str,username:str,password:str,*,legacy:bool=False,**kwargs)

Bases:BaseEsriAuth

Implements OAuth 2.0 PKCE Workflow

response_hook(r:Response,**kwargs)→Response

response hook logic

Returns:

Response

propertytoken:str

returns a ArcGIS Token as a string

Returns:

string

classarcgis.auth.EsriPKIAuth(session:'EsriSession'|requests.Session,**kwargs)

Bases:AuthBase,SupportMultiAuth

Handles PKI authentication when tokens are needed

generate_portal_server_token(r,**kwargs)

generates a server token using Portal token

propertytoken:str

returns the authentication token

classarcgis.auth.EsriSession(auth:AuthBase|None=None,verify_cert:bool=True,cert:tuple[str,str]|None=None,headers:Dict[str,Any]=None,referer:str|None='http',trust_env:bool|None=None,assert_hostname:bool=True,**kwargs)

Bases:object

TheEsriSession class is designed to simplify access to the Esri WebGISenvironments without the additional components of thearcgis orarcpymodules. It is designed to allow users to connect and manage all HTTP callsthemselves with no hand holding.

Security is handled through therequests authentication model. Leveragingauthentication handlers and primarily connecting to 10.8.1+ enterprise components.

The supported Authentication Schemes are:

1. Username/Password

2. Oauth 2

3. IWA/NTLM

4. Basic

5. Digest

6. PKI

7. API Keys

8. User Provided Tokens

9. Kerberos

Anyone can extend the authentication handlers by creating a class and inheritingfromrequests.auth.AuthBase.

TheEsriSession authentication supports authentication chaining. Meaningusers can stack authentication methods.

auth1 + auth2 + auth3

It is recommended that you do not stack unneeded authenticators because theycan caused unintended failures.

Parameter	Description
auth	Optional AuthBase. This is a security handler that performs some sortof security check.
cert	Optional Tuple. The client side certificate as a tuple or string. Itshould be noted thatEsriSession does not support encrypted privatekeys.
verify_cert	Optional Bool. WhenFalse all SSL certificate errors are ignored.The default isTrue.
allow_redirects	Optional Bool. WhenFalse if the URL redirects a user, an errorwill be raised. The default isTrue
headers	Optional Dict. An additional set of key/value(s) to append to anyrequest’s header.
referer	Optional Str. Thereferer header value. The default ishttp. Thisis mainly used withtoken security.

Optional Arguments

Parameter	Description
trust_env	Optional Bool. The default isTrue. IfFalse proxies will causean error to be raised if set by.netrc files.
stream	Optional Bool. To enable handling streaming responses, set stream toTrue and iterate over the response withiter_lines. The default isFalse.
check_hostname	Optional Bool. When connecting to a side via IP Address with an SSLcertificate, the hostname will not match. This allows a user tospecify the hostname in the headers parameters and ignore hostnameerrors.
retries	Optional Int. The max number of tries to retry a service for 50x errors.
backoff_factor	Optional float. The amount of time in seconds to wait between retries.
status_to_retry	Optional Tuple. The status codes to run retries on. The default is(413, 429, 503, 500, 502, 504).
method_whitelist	Optional List. Whenretries is specified, the user can specify what methods are retried.The default is‘POST’, ‘DELETE’, ‘GET’, ‘HEAD’, ‘OPTIONS’, ‘PUT’, ‘TRACE’
proxies	Optional Dict. A key/value mapping where the keys are the transfer protocol and the value is the <url>:<port>. example `pythonproxies={"http":127.0.0.1:8080,"https":127.0.0.1:8081}session=EsriSession(proxies=proxies)`

propertyadapters:Dict[str,str]

Returns an dictionary of mounted adapters.

Returns:

dict

propertyauth:AuthBase

Get/Set the Authentication Handler for the Session

propertyca_bundles:list[str]|str

returns the path to the extra CA bundles

propertycert:Tuple[str]

Get/Set the users certificate as a (private, public) keys.

Returns:

Tuple[str]

close()

Closes all adapters and as such the session

delete(url,**kwargs)→Response

Sends a DELETE request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

get(url,**kwargs)→Response

Sends a GET request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

head(url,**kwargs)→Response

Sends a HEAD request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

propertyheaders:Dict[str,Any]

Gets/Sets the headers from the current session object

mount(prefix:str,adapter:HTTPAdapter)

Registers a connection adapter to a prefix.

Adapters are sorted in descending order by prefix length.

options(url,**kwargs)→Response

Sends a OPTIONS request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

patch(url,data=None,**kwargs)→Response

Sends a PATCH request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• data – (optional) Dictionary, list of tuples, bytes, or file-likeobject to send in the body of theRequest.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

post(url,data=None,json=None,**kwargs)→Response

Sends a POST request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• data – (optional) Dictionary, list of tuples, bytes, or file-likeobject to send in the body of theRequest.

• json – (optional) json to send in the body of theRequest.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

propertyproxies:Dict[str,str]

Dictionary mapping protocol or protocol and host to the URL of the proxy.(e.g. {‘http’: ‘foo.bar:3128’, ‘http://host.name’: ‘foo.bar:4012’}) tobe used on eachRequest.

Returns:

dict

put(url,data=None,**kwargs)→Response

Sends a PUT request. ReturnsResponse object.

Parameters:

• url – URL for the newRequest object.

• data – (optional) Dictionary, list of tuples, bytes, or file-likeobject to send in the body of theRequest.

• **kwargs – Optional arguments thatrequest takes.

Return type:

requests.Response

propertyreferer:str

Gets/Sets the referer

propertystream:bool

Gets/Sets the stream property for the current session object

propertytrust_env:bool|None

Trust environment settings for proxy configuration, default authentication and similar.

update_headers(values:Dict[str,Any])→bool

Performs an update call on the headers

propertyverify:bool|str

Get/Set property that allows for the verification of SSL certificates

Returns:

bool

classarcgis.auth.EsriUserTokenAuth(token:str,referer:str=None,verify_cert:bool=True,**kwargs)

Bases:AuthBase,SupportMultiAuth

Authentication Using User Created Tokens

auth=None

handle_40x(r,**kwargs)

Handles Case where token is invalid

token=None

classarcgis.auth.EsriWindowsAuth(session:'EsriSession'|requests.Session,username:str=None,password:str=None,referer:str=None,verify_cert:bool=True,**kwargs)

Bases:AuthBase,SupportMultiAuth

generate_portal_server_token(r,**kwargs)

generates a server token using Portal token

propertytoken:str

Gets the token. This is alwaysNone forEsriWindowsAuth

Returns:

String