While using evaluate_hazards with a credential-free source (nasa_power), the toolkit launched an interactive Earth Engine OAuth flow (ee.Authenticate()) in the browser and saved a credential token to ~/.config/earthengine/credentials — with no opt-in. A data-analysis call should never launch interactive auth implicitly.
Reproduce
import climate_toolkit as ct
ct.evaluate_hazards(
crop_name="maize", location_coord=(-1.286, 36.817),
date_from="2020-01-01", date_to="2020-06-30",
source="nasa_power", # no Earth Engine requested
)
Actual: prints To authorize access needed by Earth Engine, open the following URL ..., opens a browser, and on completion writes ~/.config/earthengine/credentials.
Expected: degrade gracefully with no auth prompt — exactly like download_station_data/compare_station_to_grids already do:
Anchor elevation unavailable; continuing without elevation guard.
Reason: Earth Engine project ID missing. ...
Cause
The livestock heat-stress branch auto-fetches an elevation anchor:
climate_toolkit/calculate_hazards/hazards.py:351-352 → elevation resolver with auto_fetch_elevation=True
- that reaches
climate_toolkit/fetch_data/source_data/sources/gee.py:42, which calls ee.Authenticate() unconditionally when EE is not already initialized
By contrast, the weather-station elevation path (climate_toolkit/weather_station/dem.py:98 fetch_anchor_elevation → initialize_earth_engine) catches the missing-project condition and continues without the elevation guard.
Suggested fix
- Never call
ee.Authenticate() implicitly from a library/analysis path.
- Have the hazards elevation auto-fetch use the same graceful degradation as the weather-station path: if Earth Engine is not configured (no
GCP_PROJECT_ID / not authenticated), skip the elevation guard and continue, with a one-line note.
- Optionally gate
auto_fetch_elevation behind an explicit EE-availability check.
Impact
Users running credential-free workflows (e.g. source="nasa_power") unexpectedly get an interactive auth prompt and a saved Google credential on their machine.
While using
evaluate_hazardswith a credential-free source (nasa_power), the toolkit launched an interactive Earth Engine OAuth flow (ee.Authenticate()) in the browser and saved a credential token to~/.config/earthengine/credentials— with no opt-in. A data-analysis call should never launch interactive auth implicitly.Reproduce
Actual: prints
To authorize access needed by Earth Engine, open the following URL ..., opens a browser, and on completion writes~/.config/earthengine/credentials.Expected: degrade gracefully with no auth prompt — exactly like
download_station_data/compare_station_to_gridsalready do:Cause
The livestock heat-stress branch auto-fetches an elevation anchor:
climate_toolkit/calculate_hazards/hazards.py:351-352→ elevation resolver withauto_fetch_elevation=Trueclimate_toolkit/fetch_data/source_data/sources/gee.py:42, which callsee.Authenticate()unconditionally when EE is not already initializedBy contrast, the weather-station elevation path (
climate_toolkit/weather_station/dem.py:98 fetch_anchor_elevation→initialize_earth_engine) catches the missing-project condition and continues without the elevation guard.Suggested fix
ee.Authenticate()implicitly from a library/analysis path.GCP_PROJECT_ID/ not authenticated), skip the elevation guard and continue, with a one-line note.auto_fetch_elevationbehind an explicit EE-availability check.Impact
Users running credential-free workflows (e.g.
source="nasa_power") unexpectedly get an interactive auth prompt and a saved Google credential on their machine.