Metadata-Version: 2.4
Name: destinepyauth
Version: 0.2.3
Summary: Harmonized Python script for DestinE authentication.
Author-email: David Purnell <davejpurnell@gmail.com>
License: Apache 2.0
Keywords: DestinE,authentication
Classifier: Development Status :: 4 - Beta
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: conflator
Requires-Dist: lxml
Requires-Dist: pydantic
Requires-Dist: requests
Requires-Dist: authlib
Provides-Extra: dev
Requires-Dist: ruff; extra == "dev"
Requires-Dist: pre-commit; extra == "dev"
Requires-Dist: pytest; extra == "dev"
Dynamic: license-file

# destinepyauth

A Python library for authenticating against DESP (Destination Earth Service Platform) services.

## Installation

```bash
pip install destinepyauth
```

## Usage

The main entry point is the `get_token()` function:

```python
from destinepyauth import get_token

# Authenticate (prompts for credentials if not in environment)
result = get_token("highway")

# Access the token
token = result.access_token
```

### Using with requests

```python
from destinepyauth import get_token
import requests

result = get_token("eden")
headers = {"Authorization": f"Bearer {result.access_token}"}
response = requests.get("https://api.example.com/data", headers=headers)
```

### Using with zarr/xarray (netrc support)

For services like CacheB that work with zarr, you can write credentials to `~/.netrc`:

```python
from destinepyauth import get_token
import xarray as xr

# Authenticate and write to ~/.netrc
get_token("cacheb", write_netrc=True)

# Now zarr/xarray will use credentials automatically
ds = xr.open_dataset(
    "reference://",
    engine="zarr",
    backend_kwargs={
        "consolidated": False,
        "storage_options": {
            "fo": "https://cacheb.dcms.destine.eu/path/to/data.json",
            "remote_protocol": "https",
            "remote_options": {"client_kwargs": {"trust_env": True}},
        },
    },
)
```

## Available Services

- `cacheb` - CacheB data service
- `dea` - DEA service
- `eden` - Eden broker
- `highway` - Highway service (includes token exchange)
- `insula` - Insula service
- `streamer` - Streaming service

## Credential Handling

When you call `get_token()`, the library will prompt for your credentials with **masked input**
for both username and password - nothing you type will be visible on screen:

```python
from destinepyauth import get_token
result = get_token("highway")
# Username:   (hidden input)
# Password:   (hidden input)
```

This ensures credentials cannot be accidentally exposed in terminal logs, screen recordings,
or shell history.
