Shotgun_api3 - User authentication

I’m making SG tools for freelancers that are out of our studio.
So for security measures, I want to create a popup window asking for their SG user/password and give that to shotgun_api3 to see if they are valid users.

The thing is: I think shotgun_api3.Shotgun is still using old password before the Autodesk ID transition… So from a FrontEnd perspective, the password from SG website (using Autodesk ID) and the password required from shotgun_api3 are different. Am I correct?

What should I do/use to create a authentication popup using the same exact user/password from SG website (Autodesk ID) in python?

Pretty sure User Authentication (Authentication — python-api master documentation) uses the Legacy Login login and passphrase found in Account Settings

That’s what I believe.

SG Support team:
Is there any solution to make it completely seemless or I should ask Every user to change their passphrase as @schicky mentionned above to match their Autodesk ID password?

1 Like

You’ll need to have them set a passphrase, but it doesn’t need to match the Autodesk ID.
It’s a completely separate login/password system, in place to allow User-based API access.

If you really want to use Autodesk ID, see Patrick’s recent posts in this thread about using SG Toolkit to authenticate apps:

Hi @sbissonnette

You best bet is to use the Toolkit and leverage the SG Desktop.

Either integrate your application as a tool that is launched by the SG Desktop (users will already be authenticated), or write a script that will be run with the SG-Desktop-provided Python interpreter and Qt environment. You will be able to authenticate with a browser-like window, using the Autodesk Identity of the user. No need for a Personal Access Token or dealing with the legacy username and password.

-Patrick

2 Likes

Our studio isn’t using SG Desktop, it would have worked no problem before Autodesk migration.
The authentication I want would have been in Maya directly. I dont really want to install SG Desktop on all freelancers’ PC and run a subprocess from Maya to authenticate… There is no other way isn’t it?

Is there anything plan to bring this back to shotgun_api3 ? I understand that SG isn’t the Gate Keeper anymore, but this is a Major change for User Authentication.

Hi @sbissonnette

Maya comes with Python and Qt. You can use the Toolkit and authenticate this way using a Qt WebView.

Something along the lines of:

import logging
import sys
import sgtk
from sgtk.authentication.ui.qt_abstraction import QtGui
from sgtk.authentication import ShotgunAuthenticator, set_shotgun_authenticator_support_web_login

logging.basicConfig(
    stream=sys.stderr,
    level=logging.WARN,
    format="%(name)s (%(levelname)s): %(message)s"
)
sgtk.LogManager().initialize_custom_handler()
sgtk.LogManager().global_debug = True

# You need a Qt app in order to bring up a QWebView
_app = QtGui.QApplication([])

# This is to tell the Toolkit that your version of Qt will allow for a Web login...
# which may or may not be the case depending on your version of Qt, and a functional QtWebEngine setup
set_shotgun_authenticator_support_web_login(True)
authenticator = ShotgunAuthenticator()

# Clear the current user... you may or may not want to always do this...
authenticator.clear_default_user()
user = authenticator.get_user()

# With your user, now create a connection
sg = user.create_sg_connection()

print(sg.find('Project', [], ['name']))

You will need to use mayapy from your Maya distribution, and have a recent version of tk-core available (in your maya site-packages or in your PYTHONPATH)

Not knowing your exact version of Maya, I cannot guarantee that this script will work… every version of Qt is a bit special. We know that the version bundled with the SG Desktop will work, but it needs to be tested specifically for each distributions.

If you comment out the set_shotgun_authenticator_support_web_login(True) line, then instead of a web login you will get the old username/password Qt dialog to use the legacy login and passphrase, which rely on the Personal Access Token being setup.

Hoping that this give you a starting point.

-Patrick

Forgot to add something else:

We are also planing on using the default system browser to initiate the authentication. Thus removing the need to use Qt or any other web toolkit. That will lower considerably the requirements for scripts and applications.

This is currently in the planning phase and we do not have any ETA yet.

-Patrick

Thanks Patrick, I’ll dig into that!

If you guys are planning to remove the need of Qt or any webtoolkit, do you guys have plans to bring it back to shotgun_api3 like it used to be?

Hi @sbissonnette

By “what it used to be”, you mean being able to pass in Autodesk’s Identity username and password, correct ? (e.g. using the exact same credentials no matter if you connect with the browser or with the API).

The constraint is at the level of Autodesk Identity, not at the ShotGrid level : ShotGrid has no way to authenticate you if you provide it your credentials. It can only redirect you to a service that can.

But ShotGrid will not be moving away from Autodesk Identity.

If you do not want to use Qt or a web toolkit, until we released the login with the native browser, your only option is to use a Personal Access Token and the legacy username/passphrase.

-Patrick