We are proud to share our inclusion in the 2024 Gartner Magic Quadrant for Data Integration Tools. We believe this recognition reflects the differentiated business outcomes CData delivers to our customers.
Get the Report →
How to use SQLAlchemy ORM to access PingOne Data in Python
Create Python applications and scripts that use SQLAlchemy Object-Relational Mappings of PingOne data.
The rich ecosystem of Python modules lets you get to work quickly and integrate your systems effectively. With the CData Python Connector for PingOne and the SQLAlchemy toolkit, you can build PingOne-connected Python applications and scripts. This article shows how to use SQLAlchemy to connect to PingOne data to query PingOne data.
With built-in optimized data processing, the CData Python Connector offers unmatched performance for interacting with live PingOne data in Python. When you issue complex SQL queries from PingOne, the CData Connector pushes supported SQL operations, like filters and aggregations, directly to PingOne and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations).
Connecting to PingOne Data
Connecting to PingOne data looks just like connecting to any relational data source. Create a connection string using the required connection properties. For this article, you will pass the connection string as a parameter to the create_engine function.
To connect to PingOne, configure these properties:
- Region: The region where the data for your PingOne organization is being hosted.
- AuthScheme: The type of authentication to use when connecting to PingOne.
- Either WorkerAppEnvironmentId (required when using the default PingOne domain) or AuthorizationServerURL, configured as described below.
Configuring WorkerAppEnvironmentId
WorkerAppEnvironmentId is the ID of the PingOne environment in which your Worker application resides. This parameter is used only when the environment is using the default PingOne domain (auth.pingone). It is configured after you have created the custom OAuth application you will use to authenticate to PingOne, as described in Creating a Custom OAuth Application in the Help documentation.
First, find the value for this property:
- From the home page of your PingOne organization, move to the navigation sidebar and click Environments.
- Find the environment in which you have created your custom OAuth/Worker application (usually Administrators), and click Manage Environment. The environment's home page displays.
- In the environment's home page navigation sidebar, click Applications.
- Find your OAuth or Worker application details in the list.
-
Copy the value in the Environment ID field.
It should look similar to:
WorkerAppEnvironmentId='11e96fc7-aa4d-4a60-8196-9acf91424eca'
Now set WorkerAppEnvironmentId to the value of the Environment ID field.
Configuring AuthorizationServerURL
AuthorizationServerURL is the base URL of the PingOne authorization server for the environment where your application is located. This property is only used when you have set up a custom domain for the environment, as described in the PingOne platform API documentation. See Custom Domains.
Authenticating to PingOne with OAuth
PingOne supports both OAuth and OAuthClient authentication. In addition to performing the configuration steps described above, there are two more steps to complete to support OAuth or OAuthCliet authentication:
- Create and configure a custom OAuth application, as described in Creating a Custom OAuth Application in the Help documentation.
- To ensure that the driver can access the entities in Data Model, confirm that you have configured the correct roles for the admin user/worker application you will be using, as described in Administrator Roles in the Help documentation.
- Set the appropriate properties for the authscheme and authflow of your choice, as described in the following subsections.
OAuth (Authorization Code grant)
Set AuthScheme to OAuth.
Desktop Applications
Get and Refresh the OAuth Access Token
After setting the following, you are ready to connect:
- InitiateOAuth: GETANDREFRESH. To avoid the need to repeat the OAuth exchange and manually setting the OAuthAccessToken each time you connect, use InitiateOAuth.
- OAuthClientId: The Client ID you obtained when you created your custom OAuth application.
- OAuthClientSecret: The Client Secret you obtained when you created your custom OAuth application.
- CallbackURL: The redirect URI you defined when you registered your custom OAuth application. For example: https://localhost:3333
When you connect, the driver opens PingOne's OAuth endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:
- The driver obtains an access token from PingOne and uses it to request data.
- The OAuth values are saved in the location specified in OAuthSettingsLocation, to be persisted across connections.
The driver refreshes the access token automatically when it expires.
For other OAuth methods, including Web Applications, Headless Machines, or Client Credentials Grant, refer to the Help documentation.
Follow the procedure below to install SQLAlchemy and start accessing PingOne through Python objects.
Install Required Modules
Use the pip utility to install the SQLAlchemy toolkit and SQLAlchemy ORM package:
pip install sqlalchemy
pip install sqlalchemy.orm
Be sure to import the appropriate modules:
from sqlalchemy import create_engine, String, Column
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker
Model PingOne Data in Python
You can now connect with a connection string. Use the create_engine function to create an Engine for working with PingOne data.
NOTE: Users should URL encode the any connection string properties that include special characters. For more information, refer to the SQL Alchemy documentation.
engine = create_engine("pingone:///?AuthScheme=OAuth&WorkerAppEnvironmentId=eebc33a8-xxxx-4f3a-yyyy-d3e5262fd49e&Region=NA&OAuthClientId=client_id&OAuthClientSecret=client_secret&InitiateOAuth=GETANDREFRESH&OAuthSettingsLocation=/PATH/TO/OAuthSettings.txt")
Declare a Mapping Class for PingOne Data
After establishing the connection, declare a mapping class for the table you wish to model in the ORM (in this article, we will model the [CData].[Administrators].Users table). Use the sqlalchemy.ext.declarative.declarative_base function and create a new class with some or all of the fields (columns) defined.
base = declarative_base()
class [CData].[Administrators].Users(base):
__tablename__ = "[CData].[Administrators].Users"
Id = Column(String,primary_key=True)
Username = Column(String)
...
Query PingOne Data
With the mapping class prepared, you can use a session object to query the data source. After binding the Engine to the session, provide the mapping class to the session query method.
Using the query Method
engine = create_engine("pingone:///?AuthScheme=OAuth&WorkerAppEnvironmentId=eebc33a8-xxxx-4f3a-yyyy-d3e5262fd49e&Region=NA&OAuthClientId=client_id&OAuthClientSecret=client_secret&InitiateOAuth=GETANDREFRESH&OAuthSettingsLocation=/PATH/TO/OAuthSettings.txt")
factory = sessionmaker(bind=engine)
session = factory()
for instance in session.query([CData].[Administrators].Users).filter_by(EmployeeType="Contractor"):
print("Id: ", instance.Id)
print("Username: ", instance.Username)
print("---------")
Alternatively, you can use the execute method with the appropriate table object. The code below works with an active session.
Using the execute Method
[CData].[Administrators].Users_table = [CData].[Administrators].Users.metadata.tables["[CData].[Administrators].Users"]
for instance in session.execute([CData].[Administrators].Users_table.select().where([CData].[Administrators].Users_table.c.EmployeeType == "Contractor")):
print("Id: ", instance.Id)
print("Username: ", instance.Username)
print("---------")
For examples of more complex querying, including JOINs, aggregations, limits, and more, refer to the Help documentation for the extension.
Free Trial & More Information
Download a free, 30-day trial of the CData Python Connector for PingOne to start building Python apps and scripts with connectivity to PingOne data. Reach out to our Support Team if you have any questions.
Ready to get started?
Download a free trial of the PingOne Connector to get started:
Download NowLearn more:
PingOne Python Connector
Python Connector Libraries for PingOne Data Connectivity. Integrate PingOne with popular Python tools like Pandas, SQLAlchemy, Dash & petl.
