Transition to Secured Data Access

by | Nov 13, 2020

Earth Observation Group (EOG) had been providing its products free to the public with direct HTTP link, some of them are secured by Basic Authentication. With increasing popularity of these datasets, EOG will begin securing its data distribution with modern standards. Users will need to register a free account with verified e-mail address to access EOG’s resources.

Transition Schedule

The transition will be implemented in stages

Stages Securing Contents Actions Planned Dates
Stage 1 None Early warning of changes. Present to 2020-11-30
Stage 2 Nighttime Light Products Securing DMSP and VIIRS-DNB NTL products Start on 2020-12-01
Stage 3 VIIRS Nightfire Securing VNF products Start on 2021-01-01
Stage 4 VIIRS Boat Detection (Free tier) Securing free tier VBD products Start on 2021-01-15
Stage 5 Paid Contents Securing contents for paid subscribers Start on 2021-01-22

Note: Planned dates are subject to changes.

Registration

Users can user this link to register their account and test the connection.

Browser Access

The new secured access is easy with browser. You can try this link to experience the flow, and create your account if you do not have one yet.

Programmed Access

For those need to perform programmed downloads, the new system uses OAuth2.0 protocol. Users need to use Bearer token in the request header to gain access to the file. Here is how you can do that with cURL command under Linux environment.

cURL

To retrieve token from authentication server, user need to supply the following key-param pairs in the request header.

  • clinet_id=eogdata_oidc 
  • client_secret=368127b1-1ee0-4f3f-8429-29e9a93daf9a 
  • username=<your_username>
  • password=<your_password>

Use the following command to retrieve the token, parse it as JSON format and save to $response variable.

response=`curl -L -d ‘client_id=eogdata_oidc‘ -d ‘client_secret=368127b1-1ee0-4f3f-8429-29e9a93daf9a’ -d ‘username=<username>‘ -d ‘password=<password>‘ -d ‘grant_type=password’ ‘https://eogauth.mines.edu/auth/realms/master/protocol/openid-connect/token’ | python -m json.tool` 

Then the token string need to be parsed to extract the JWT (JSON Web Token) access token and save to $access_token variable. 

access_token=`echo $response|jq ‘.access_token’|cut -d\” -f2` 

Finally, the token can be as a Bearer Token to access protected resources. The access token is good for 24 hours. It is a good idea to renew the token before it expires. 

curl -L https://eogdata.mines.edu/eog/EOG_sensitive_contents -d “Authorization: Bearer $access_token” 

Change Account Settings

Users can use this link to

  • Change email
  • Change username
  • Change password
  • Setup two-factor authentication
  • Review current logged in sessions and logout all sessions.
  • Review account privilege. 

Questions?

10 + 14 =