Create API Token programmatically (not through UI)

[syats]

I have several DV users authenticated using an OAuth 2.0 provider.

They want to retrieve, via API, un-published datasets, but it would be necessary that they only have access to documents as per the DV access controls.

Right now, the only way to do this is to have them go into the DV UI, log in (using OAuth), fetch their token, and do the API requests using this token. Of course, they would have to do this everytime the token expires, and would have to keep the token themselves, effectively negating the use of OAuth.

Is there a way for them to programatically get their API token using their OAuth credentials?

One way to achieve this would be to have OAuth 2.0 tokens be used as DV tokens, and then use the standard bearer token header that APIs using OAuth2.0 use.

I see in the dataverse-android repo that there was an idea to do this at some point, but the issue was closed without this functionality. Or am I missing something?

Thanks,
V.

[djbrooke]

Hey @syats, I don't think there's a way to get an API token programmatically. This seems like a good idea but I'm not sure of the technical details of the implementation. I'll update the title of this issue to more closely match your bold text above.

[pdurbin]

everytime the token expires

@syats I'm not sure how much this helps but it's at least possible to re-create your API token via API: http://guides.dataverse.org/en/4.20/api/native-api.html#users-token-management

During the Dataverse Community Meeting last week we were reminded that people want more flexibility with regard to API tokens. In particular, there are times when people don't want to be using the regular, full power API token. They only want to use something that gives them read only access to download files, for example.

[pdurbin]

They only want to use something that gives them read only access to download files, for example.

Related:

• GDCC/7715 Signed Urls for external tools #9001

[cmbz]

To focus on the most important features and bugs, we are closing issues created before 2020 (version 5.0) that are not new feature requests with the label 'Type: Feature'.

If you created this issue and you feel the team should revisit this decision, please reopen the issue and leave a comment.

[pdurbin]

Related:

• Create a login flow via pyDataverse to retrieve an API Token via Dataverse/a browser gdcc/pyDataverse#209