COP Dataspace fails to get access token if 2FA is active on the account #1538
Description
When you create an account on copernicus.dataspace.eu and add 2FA according to this eodag fails to fetch a token for a download request with an invalid grant error.
This was frustrating to identify since Eodag simply asks for a username & password but copernicus dataspace has guides for username & password, OAuth client & S3 credentials.
Only by creating a new account and not activating 2FA did I realize what was going on.
Below is the error message.
I can successfully fetch data directly from copernicus dataspace s3 using the s3 credentials directly using boto. These credentials are probably a better set to use with a different auth plugin than generating the token from username & password? Would it make sense to add a cop_dataspace_s3?
File "/usr/local/lib/python3.11/site-packages/eodag/api/core.py", line 2231, in download
path = product.download(
^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/eodag/api/product/_product.py", line 322, in download
self.downloader_auth.authenticate()
File "/usr/local/lib/python3.11/site-packages/eodag/plugins/authentication/keycloak.py", line 126, in authenticate
self._get_access_token()
File "/usr/local/lib/python3.11/site-packages/eodag/plugins/authentication/openid_connect.py", line 128, in _get_access_token
response = self._request_new_token()
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/eodag/plugins/authentication/keycloak.py", line 154, in _request_new_token
return self._request_new_token_error(e)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/eodag/plugins/authentication/openid_connect.py", line 183, in _request_new_token_error
raise AuthenticationError(
eodag.utils.exceptions.AuthenticationError: Something went wrong while trying to get access token:
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/eodag/plugins/authentication/keycloak.py", line 150, in _request_new_token
response.raise_for_status()
File "/usr/local/lib/python3.11/site-packages/requests/models.py", line 1024, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://identity.dataspace.copernicus.eu/auth/realms/CDSE/protocol/openid-connect/token
2025-02-22 15:00:23,667 eodag.auth.openid_connect [ERROR ] Provider cop_dataspace returned 401: {"error":"invalid_grant","error_description":"Invalid user credentials"}
Metadata
Metadata
Assignees
Labels
No labels