Authorizing Access to the Leap Service

Ocean’s SDK releases 6.6 and higher enable Leap™ authentication using the secure OAuth 2.0 industry standard. As described in the Configuring Access to the Leap Service (Basic) section, you require a Solver API (SAPI) token from your Leap account to submit problems to Leap solvers.

Authorization Procedure

The following procedure authorizes the Ocean software access to your account in the Leap service and enables storing your SAPI token in your development environment. Ocean software authorization to access the Leap service persists across subsequent development sessions for this development environment.

This procedure uses the Ocean software CLI dwave setup command, which also handles optional Ocean packages and the configuration file for you; the CLI page also describes alternative commands (e.g., dwave auth) for more granular control.

1. For any new developer environment (for example, a Python virtual environment or a GitHub Codespaces codespace), run one of the following commands from your terminal. If your account has more than one project, the Multiple Leap Projects tab below shows how to select one.

   Single Leap Project

   • In an environment such as an IDE installed on your system, where you can access localhost addresses from your browser, initiate the OAuth redirect flow:

   dwave setup --auth
   

   • In an environment such as a cloud IDE, where access to localhost addresses from your browser might be blocked, you can initiate the alternative OAuth out-of-band flow:

   dwave setup --oob
   

   Multiple Leap Projects

   You can log in to your Leap account, set the preferred project to be the active project (by selecting your_user_name > Projects > project) and then use the procedure described in the Single Leap Project tab.

   Alternatively, you can use the --project option to select a project as shown here (the example code below selects a project named PROJ3):[1]

   • In an environment such as an IDE installed on your system, where you can access localhost addresses from your browser, initiate the OAuth redirect flow:

   dwave setup --auth --project PROJ3
   

   • In an environment such as a cloud IDE, where access to localhost addresses from your browser might be blocked, you can initiate the alternative OAuth out-of-band flow:

   dwave setup --oob --project PROJ3
   

   You can always switch your environment to use the API token of another project later. For example, if you ran the procedure of the Single Leap Project tab with the PROJ2 project set to active in Leap, you can at any time switch to the PROJ3 project with the dwave config create --auto-token --project PROJ3 command.

   [1]

   If you have an existing environment, you can use the dwave leap project ls command to retrieve the names and codes of all your account’s projects.

2. If you are not currently logged into the Leap service, you are asked to enter your credentials.

   Figure 194 shows the login screen.

   

   Fig. 194 Login screen in the Leap service.

3. When you are logged into the Leap service, you are asked to grant the Ocean software permission to fetch an authorization code.

   Figure 195 shows the authorization request.

   

   Fig. 195 Authorization request screen.

   Click the Authorize button.

   For the OAuth redirect flow, the authorization code is now stored in your development environment; for the OAuth out-of-band flow, your browser displays the authorization code.

4. For the OAuth out-of-band flow only, copy the authorization code to your terminal’s “Authorization code:” prompt, similar to the representative shell lines shown below:

   $ dwave setup --oob
   Optionally install non-open-source packages and configure your environment.
   
   All optional packages already installed.
   
   Authorizing Leap access.
   
   Please visit the following URL to authorize Ocean:
   https://cloud.dwavesys.com/leap/openid/authorize?response_type=code&client_id=80...
   
   Authorization code: 717983...
   
   Authorization completed successfully. You can now use "dwave auth get"
   to fetch your token.
   
   Creating the D-Wave configuration file.
   
   Using the simplified configuration flow.
   Try 'dwave config create --full' for more options.
   
   Creating new configuration file: /home/user/.config/dwave/dwave.conf
   Updating existing profile: defaults
   Fetched SAPI token for project 'Project 5' (PRJ5) from Leap API.
   Configuration saved.
   

   Figure 196 shows the authorization code returned in a browser tab for you to copy to the terminal prompt.

   

   Fig. 196 Authorization code screen

5. Validate the configuration by running the following command in your terminal:

   dwave ping
   

If you cloned a D-Wave example, you can now run it.

Manual Authorization

The OAuth-based procedure of the previous section is provided for convenience but you also have the option of manually copying your SAPI token from the dashboard in the Leap service. The Configuring Access to the Leap Service (Basic) section provides more information.