Update TerraScope authentication and notebook

[giswqs]

No description provided.

[Copilot]

Pull request overview

Updates the TerraScope integration by replacing the prior OAuth2 token-based workflow with GDAL HTTP Basic Auth configuration, and refreshes the TerraScope tutorial notebook accordingly.

Changes:

• Switched leafmap.terrascope authentication to set GDAL Basic Auth environment variables (and removed OAuth2 token management/refresh logic).
• Updated logout() to clear GDAL env vars and remove legacy token/header files.
• Expanded and refreshed docs/notebooks/115_terrascope.ipynb with improved narrative and additional visualization examples.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
leafmap/terrascope.py	Replaces OAuth2 token handling with Basic Auth via GDAL env vars; updates login/logout behavior.
docs/notebooks/115_terrascope.ipynb	Updates the TerraScope notebook content, adds installation/import sections, and expands visualization examples.

Comments suppressed due to low confidence (5)

leafmap/terrascope.py:58

• login() previously returned an access token string; it now returns None while the docstring says the signature is kept for API compatibility. This is a breaking API change for any callers doing token = terrascope.login(...). Consider keeping the original return type (e.g., return a string value for backward compatibility) or introducing a new function for Basic Auth while leaving login()/get_token() as deprecated wrappers for one release cycle (and documenting the breaking change in release notes).

def login(
    username: str | None = None,
    password: str | None = None,
    auto_refresh: bool = True,  # Kept for API compatibility, ignored
    quiet: bool = False,
) -> None:

leafmap/terrascope.py:90

• Setting GDAL_HTTP_USERPWD puts the raw username:password into the process environment, which can be exposed to child processes and (on some systems) other processes owned by the same user. If possible, prefer scoping credentials more tightly (e.g., use GDAL/rasterio config options within a context manager, or add a context-manager helper that sets these env vars temporarily and restores the previous values). At minimum, consider adding an explicit warning in the docstring about the exposure risk and recommending calling logout() after use.

    # Set GDAL environment variables for Basic Auth
    os.environ["GDAL_HTTP_AUTH"] = "BASIC"
    os.environ["GDAL_HTTP_USERPWD"] = f"{username}:{password}"
    os.environ["GDAL_DISABLE_READDIR_ON_OPEN"] = "EMPTY_DIR"

leafmap/terrascope.py:41

• The module-level _logged_in flag is set/reset but never read anywhere in the module. This can become misleading state (suggesting a guarantee that GDAL is configured when it may have been overwritten externally). Either remove it, or add a small public helper like is_logged_in() and use the flag to guard behaviors that depend on credentials being configured.

# Module state
_logged_in: bool = False
_stac_client: Any = None

leafmap/terrascope.py:127

• logout() prints unconditionally, which makes it harder to use this module as a library (e.g., in scripts/tests where stdout is meaningful). Consider adding a quiet: bool = False parameter (mirroring login) or switching to _logger.info(...) so callers can control output via logging configuration.

    print("Logged out from Terrascope")

docs/notebooks/115_terrascope.ipynb:158

• layers = terrascope.create_time_layers(items) can create a large number of layers depending on the search results, which may make the notebook slow/unresponsive (and can be problematic on Binder/Colab). Consider reintroducing a small slice (e.g., items[:N]) for the demo, or set a limit= in the preceding search call so the animation stays lightweight.

    "layers = terrascope.create_time_layers(items)\n",

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

🚀 Deployed on https://69a7aa22c0149a63d9d33ad3--opengeos.netlify.app