@@ -43,7 +43,7 @@ def __init__(
4343 client_assertion_type = None , # type: Optional[str]
4444 default_headers = None , # type: Optional[dict]
4545 default_body = None , # type: Optional[dict]
46- verify = True , # type: Union[str, True, False, None]
46+ verify = None , # type: Union[str, True, False, None]
4747 proxies = None , # type: Optional[dict]
4848 timeout = None , # type: Union[tuple, float, None]
4949 ):
@@ -60,9 +60,21 @@ def __init__(
6060 or
6161 https://example.com/.../.well-known/openid-configuration
6262 client_id (str): The client's id, issued by the authorization server
63+
6364 http_client (http.HttpClient):
6465 Your implementation of abstract class :class:`http.HttpClient`.
6566 Defaults to a requests session instance.
67+
68+ There is no session-wide `timeout` parameter defined here.
69+ Timeout behavior is determined by the actual http client you use.
70+ If you happen to use Requests, it disallows session-wide timeout
71+ (https://github.com/psf/requests/issues/3341). The workaround is:
72+
73+ s = requests.Session()
74+ s.request = functools.partial(s.request, timeout=3)
75+
76+ and then feed that patched session instance to this class.
77+
6678 client_secret (str): Triggers HTTP AUTH for Confidential Client
6779 client_assertion (bytes, callable):
6880 The client assertion to authenticate this client, per RFC 7521.
@@ -86,28 +98,25 @@ def __init__(
8698 verify (boolean):
8799 It will be passed to the
88100 `verify parameter in the underlying requests library
89- <http://docs.python-requests.org/en/v2.9.1/user/advanced/#ssl-cert-verification>`_
101+ <http://docs.python-requests.org/en/v2.9.1/user/advanced/#ssl-cert-verification>`_.
102+ When leaving it with default value (None), we will use True instead.
103+
90104 This does not apply if you have chosen to pass your own Http client.
105+
91106 proxies (dict):
92107 It will be passed to the
93108 `proxies parameter in the underlying requests library
94- <http://docs.python-requests.org/en/v2.9.1/user/advanced/#proxies>`_
109+ <http://docs.python-requests.org/en/v2.9.1/user/advanced/#proxies>`_.
110+
95111 This does not apply if you have chosen to pass your own Http client.
112+
96113 timeout (object):
97114 It will be passed to the
98115 `timeout parameter in the underlying requests library
99- <http://docs.python-requests.org/en/v2.9.1/user/advanced/#timeouts>`_
100- This does not apply if you have chosen to pass your own Http client.
101-
102- There is no session-wide `timeout` parameter defined here.
103- The timeout behavior is determined by the actual http client you use.
104- If you happen to use Requests, it chose to not support session-wide timeout
105- (https://github.com/psf/requests/issues/3341), but you can patch that by:
116+ <http://docs.python-requests.org/en/v2.9.1/user/advanced/#timeouts>`_.
106117
107- s = requests.Session()
108- s.request = functools.partial(s.request, timeout=3)
118+ This does not apply if you have chosen to pass your own Http client.
109119
110- and then feed that patched session instance to this class.
111120 """
112121 self .configuration = server_configuration
113122 self .client_id = client_id
@@ -119,10 +128,14 @@ def __init__(
119128 self .default_body ["client_assertion_type" ] = client_assertion_type
120129 self .logger = logging .getLogger (__name__ )
121130 if http_client :
131+ if verify is not None or proxies is not None or timeout is not None :
132+ raise ValueError (
133+ "verify, proxies, or timeout is not allowed "
134+ "when http_client is in use" )
122135 self .http_client = http_client
123136 else :
124137 self .http_client = requests .Session ()
125- self .http_client .verify = verify
138+ self .http_client .verify = True if verify is None else verify
126139 self .http_client .proxies = proxies
127140 self .http_client .request = functools .partial (
128141 # A workaround for requests not supporting session-wide timeout
0 commit comments