Last active
January 23, 2024 18:55
-
-
Save cboettig/5401bd149a2a27bde2042aa4f7cde25b to your computer and use it in GitHub Desktop.
Use earthdata tokens with GDAL to access data via https links
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## examples | |
# requires GDAL >= 3.6 | |
edl_set_token() | |
library(stars) | |
url <- "https://data.lpdaac.earthdatacloud.nasa.gov/lp-prod-protected/HLSL30.020/HLS.L30.T56JKT.2023246T235950.v2.0/HLS.L30.T56JKT.2023246T235950.v2.0.SAA.tif" | |
x <- read_stars(paste0("/vsicurl/",url)) | |
plot(x) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Helper functions for dealing with nasa earthdata login | |
# Requires GDAL >= 3.6 | |
# | |
edl_set_token <- function (username = Sys.getenv("EARTHDATA_USER"), | |
password = Sys.getenv("EARTHDATA_PASSWORD"), | |
token_number = 1 | |
) { | |
base <- 'https://urs.earthdata.nasa.gov' | |
list_tokens <- "/api/users/tokens" | |
pw <- openssl::base64_encode(paste0(username, ":", password)) | |
resp <- httr::GET(paste0(base,list_tokens), | |
httr::add_headers(Authorization= paste("Basic", pw))) | |
p <- httr::content(resp, "parsed")[[token_number]] | |
if(is.null(p$access_token)) { | |
request_token <- "/api/users/token" | |
resp <- httr::GET(paste0(base,request_token), | |
httr::add_headers(Authorization= paste("Basic", pw))) | |
p <- httr::content(resp, "parsed") | |
} | |
header = paste("Authorization: Bearer", p$access_token) | |
Sys.setenv("GDAL_HTTP_HEADERS"=header) | |
invisible(header) | |
} | |
# alias | |
ed_set_token <- edl_set_token | |
edl_download <- function(x, header = edl_set_token()) { | |
dest <- basename(x) | |
bearer <- gsub("Authorization: ", "", header) | |
httr::GET(x, httr::write_disk(dest, overwrite=TRUE), | |
httr::add_headers(Authorization = bearer)) | |
#download.file(x, dest, header = list(Authorization = bearer)) | |
dest | |
} | |
edl_stac_urls <- function(items, assets = "data") { | |
purrr::map(items$features, list("assets")) |> | |
purrr::map(list(assets)) |> | |
purrr::map_chr("href") | |
} | |
@cboettig interesting, thanks for the update. We moved to the token method because we couldn't get NetRC to work reliably on Windows, and didn't find your package. I'll talk with @yuvipanda and @betolink about this more since we are working on some related projects too.
@wildintellect nsidc/earthaccess#188 has a lot of investigative work on this as well.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks @wildintellect . This gist is was really just a first pass, current approach is now in https://cran.r-project.org/web/packages/earthdatalogin/, issues welcome.
I've moved away from bearer token as the default to use netrc as the default auth instead, though earthdatalogin supports both. The difficulty with bearer token method is that it actually doesn't work if your running inside AWS us-west-2, which is kinda silly.