Access to Private Datasets in ERDDAP
Many ERDDAP installations don't have authentication enabled and thus
don't provide any way for users to login, nor do they have any private datasets.
Some ERDDAP installations do have authentication enabled.
Currently, ERDDAP only supports authentication via Google-managed email accounts,
which includes email accounts at NOAA and many universities.
If an ERDDAP has authentication enabled, anyone with a Google-managed email account
can log in, but they will only have access to the private datasets
that the ERDDAP administrator has explicitly authorized them to access.
Humans With Browsers
Human users of ERDDAP can log into ERDDAP in a browser in order to gain access
to private datasets that they are authorized to access.
To log in:
- Click on the log in link in the upper left of any ERDDAP web page.
If there is no log in link, the ERDDAP installation
doesn't have authentication enabled and there are no private datasets.
- Click on the Sign in button to sign into your Google account.
The text of the button should change to "Signed in".
- Click on the Log into ERDDAP button.
The web page should change to say You are logged in as yourEmailAddress .
If it doesn't, wait 5 seconds and click on the Log into ERDDAP button again.
In extreme cases, you may have to wait and then try again a few times.
- Don't use your browser's Back button.
Use the "ERDDAP" link at the top of the above,
then use other links to go to ERDDAP pages you are interested in.
If a cached web page says you aren't logged in, reload the page.
[This is slightly modified from information provided by Lynn DeWitt, who did the hard
job of figuring this out. Lynn, thank you very much!
If you have corrections or suggestions, please email bob.simons @ noaa.gov .]
It is also possible to log in to ERDDAP and access private datasets via
Questions, comments, suggestions? Please send an email to
bob dot simons at noaa dot gov
and include the ERDDAP URL directly related to your question or comment.
- These instructions assume you are using a gmail address where
2-factor authentication is not turned on. If your main gmail address
has 2-factor authentication turned on, consider creating another
gmail address with 2-factor authentication turned off.
- Log in to ERDDAP manually with the gmail address you want use in your
script and accept any permissions required, then log completely back out.
- Open the browser Developer Tools, and go to the Network tab.
- Click on the ERDDAP "log in" link, then the "Sign in" button and choose
the appropriate email address if prompted.
- After the "Sign in" button changes to "Signed in", the
Developer Tools Network tab will show two entries that look like the following
(example from Firefox):
Use the mouse right-click context menu to "copy as cURL" both of
these urls and paste them into a plain text editor
- Click on the "Log into ERDDAP" button and "copy as cURL" the link that looks like:
and paste this third curl command into the text file.
- In the text file, you will now have 3 lines like the following,
where you have logged into an erddap server at 'https://host.somewhere.com/erddap'.
The first curl command gets your user profile in "login_hint" and generates an "id_token".
The second uses the id_token to log into Google, and the third then logs in to ERDDAP.
- The above 3 lines, when run sequentially from a command line, will log you
into ERDDAP. In order to use these in a script you need to capture the id_token
from the first line, feed it to the second line, and write a cookie to be read
by subsequent lines.
- To develop a script, run the first ('https://accounts.google.com)
curl line exactly as it was copied from the developer tools, and capture the response
(you may get a curl error about the flag "--2.0" just remove it).
In php it looks like the following:
Log in to Google by executing the second line using $id_token, first removing the
"-H 'Cookie: stuff'" parameter and instead telling curl to write a cookie:
Log in to ERDDAP, again removing the "-H 'Cookie: stuff'" parameter, and
using the previously written cookie:
You should now be able to request data from the server, using the same cookie:
ERDDAP, Version 1.76