Client#

class PrescientClient(env_file: str | Path | None = None, settings: Settings | None = None)[source]#

Client for interacting with the Prescient API.

This client is used to authenticate, and for obtaining bucket credentials using the authenticated token. The client also provides helpers such as provding the STAC URL for the Prescient API, and authentication headers for making requests to the STAC API.

Token expiration is handled automatically for long running instances of the client (in a notebook for example).

Configuration Options:
  1. Construct the prescient_sdk.config.Settings object directly

  2. Specify the path to an environment file containing configuration values

  3. Do neither, and allow the client to build the Settings object using default methods (env variables, config.env file location in the working directory)

Note that you cannot specify the env_file location AND provide a Settings object.

Parameters:
  • env_file (str | Path, optional) – Path to a configuration file. Defaults to None.

  • settings (Settings, optional) – Configuration settings for the client. Defaults to None.

Raises:
  • ValueError – If both an environment file and a settings object are provided.

  • ValueError – If the provided configuration file is not found.

property auth_credentials: dict#

Get the authorization credentials for the client.

When prescient_api_key is configured, returns a static dict {"api_key": "<key>"} and the IDP flow is skipped entirely. Otherwise returns the IDP token response, refreshing if expired.

Returns:

Token response containing at minimum:

{
    "id_token": "string",
    "refresh_token": "string",
    "access_token": "string",
}

or, in API-key mode:

{"api_key": "string"}

Return type:

dict

Raises:

ValueError – If a valid id_token cannot be obtained.

property bucket_credentials#

Get bucket credentials using an auth access token

Returns:

bucket temporary credentials:

{
    "AccessKeyId": "string",
    "SecretAccessKey": "string",
    "SessionToken": "string",
    "Expiration": datetime(2015, 1, 1)
}

Return type:

dict

Raises:

ValueError – If the credentials response is empty

property credentials_expired: bool#

Checks to see if the client credentials have expired. Note: if auth credentials have expired, all credentials are considered expired as they all depend on auth credentials. When prescient_api_key is configured the key is static and is treated as never expiring.

Returns:

True - credentials are expired, False - credentials have NOT expired.

Return type:

bool

property headers: dict#

Get headers for a request.

When prescient_api_key is configured, key is sent as an api-key header. Otherwise an Authorization: Bearer <id_token> header is used.

Returns:

The headers.

Return type:

dict

refresh_credentials(force=False)[source]#

Will refresh all the client credentials.

When prescient_api_key is configured there is nothing to refresh; the call is a no-op.

param force: If True will force the creds to be refreshed.

Returns:

None

property session: Session#

Get an AWS session for authenticating to the bucket

Returns:

boto3 Session object

Return type:

Session

property stac_catalog_url: str#

Get the STAC URL.

Returns:

The STAC URL.

Return type:

str

property upload_bucket_credentials#

Get upload bucket credentials using an auth access token

Note: uploads use STS assume_role_with_web_identity which requires an IDP id_token. Not supported in API-key mode.

Returns:

bucket temporary credentials:

{
    "AccessKeyId": "string",
    "SecretAccessKey": "string",
    "SessionToken": "string",
    "Expiration": datetime(2015, 1, 1)
}

Return type:

dict

Raises:
  • NotImplementedError – If the client is configured with an API key.

  • ValueError – If the credentials response is empty

property upload_session: Session#

Get an AWS session for authenticating to the upload bucket

Returns:

boto3 Session object

Return type:

Session