Gen3 Auth Helper

class gen3.auth.Gen3Auth(endpoint=None, refresh_file=None, refresh_token=None, idp=None)[source]

Bases: requests.auth.AuthBase

Gen3 auth helper class for use with requests auth.

Implements requests.auth.AuthBase in order to support JWT authentication. Generates access tokens from the provided refresh token file or string. Automatically refreshes access tokens when they expire.

  • refresh_file (str, opt) – The file containing the downloaded JSON web token. Optional if working in a Gen3 Workspace. Defaults to (env[“GEN3_API_KEY”] || “credentials”) if refresh_token and idp not set. Includes ~/.gen3/ in search path if value does not include /. Interprets “idp://wts/<idp>” as an idp. Interprets “accesstoken:///<token>” as an access token

  • refresh_token (str, opt) – The JSON web token. Optional if working in a Gen3 Workspace.

  • idp (str, opt) – If working in a Gen3 Workspace, the IDP to use can be specified - “local” indicates the local environment fence idp


This generates the Gen3Auth class pointed at the sandbox commons while using the credentials.json downloaded from the commons profile page and installed in ~/.gen3/credentials.json

>>> auth = Gen3Auth()

or use ~/.gen3/crdc.json:

>>> auth = Gen3Auth(refresh_file="crdc")

or use some arbitrary file:

>>> auth = Gen3Auth(refresh_file="./key.json")

or set the GEN3_API_KEY environment variable rather than pass the refresh_file argument to the Gen3Auth constructor.

If working in a Gen3 Workspace, initialize as follows:

>>> auth = Gen3Auth()
curl(path, request=None, data=None)[source]

Curl the given endpoint - ex: gen3 curl /user/user. Return requests.Response

  • path (str) – path under the commons to curl (/user/user, /index/index, /authz/mapping, …)

  • request (str in GET|POST|PUT|DELETE) – default to GET if data is not set, else default to POST

  • data (str) – json string or “@filename” of a json file


Get the access token - auto refresh if within 5 minutes of expiration


Get a new access token