geeViz.eeAuth.client

Client-side helpers for routing the Earth Engine Python SDK through a token-injecting proxy.

The pattern:

  1. Run a proxy server (see geeViz.eeAuth.server) that holds the SA credentials and substitutes the right bearer token per request based on a tenant header / query param.

  2. Tell the EE SDK to send all REST calls through that proxy instead of directly to Google. Pass anonymous credentials — the proxy supplies the real ones.

  3. Switch tenants on the client side by setting a ContextVar; the custom HTTP transport reads it and stamps the routing header on every outbound request.

That gives you full multi-tenant concurrency in a single Python process, which the bare EE SDK can’t do because ee.Initialize() stores credentials in module-global state.

Quick start

from geeViz.eeAuth import initialize_via_proxy, tenant_context
import ee

initialize_via_proxy("http://localhost:8888/ee-api")
# Now ee.X calls go through the proxy with the default tenant

with tenant_context("training"):
    ee.Image(1).getInfo()  # uses the training SA

Functions

initialize_via_proxy(proxy_url[, ...])

Initialize the Earth Engine SDK to route all REST calls through proxy_url.

reset_tenant(token)

Restore the tenant to what it was before the matching set_tenant call.

set_tenant(tenant)

Set the current tenant for subsequent EE calls in this context.

tenant_context(tenant)

Scoped tenant switch.

Classes

TenantAwareHttp([tenant_header])

httplib2.Http subclass that stamps the tenant header on every outbound request and strips whatever Authorization the SDK injected.