Skip to content

httpx_auth integration - OAuth2, AWSSigV4, and more #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ggpwnkthx wants to merge 6 commits into from
Closed

httpx_auth integration - OAuth2, AWSSigV4, and more #92

ggpwnkthx wants to merge 6 commits into from

Conversation

@ggpwnkthx
Copy link
Contributor

@ggpwnkthx ggpwnkthx commented Jun 2, 2023

Using httpx_auth in the glue files so that the httpx authentication parameter is used as much as possible. The changes were designed to handle combination authentication methods. It brings support for OAuth2, AWSSigV4, and more.

Any authentication method in the httpx_auth library can be used directly and dynamically. In order to ensure Security Schemes Objects continue to follow the OpenAPI specifications, the type must be set to "http" and the scheme can be set to any of the httpx_auth classes that extend the httpx.Auth class.

Example Spec:

spec = {...}
spec["components"]["securitySchemes"]["sigv4"] = {"type": "http", "scheme": "aws4auth"}

api = OpenAPI("fict.iv", document=spec)
api.authenticate(
    apiKey="asdf1234",
    sigv4={
        "access_id": "my-access-id",
        "secret_key": "my-secret-key",
        "service": "execute-api",
        "region": "us-east-1",
    },
)

ggpwnkthx added 3 commits June 2, 2023 10:42
@ggpwnkthx
httpx_auth integration
2b8fb9c 
Using httpx_auth in the glue files so that the httpx authentication parameter is used as much as possible. The changes were designed to handle combination authentication methods. It brings support for OAuth2, AWSSigV4, and more.

Any authentication method in the httpx_auth library can be used directly and dynamically. In order to ensure Security Schemes Objects continue to follow the OpenAPI specifications, the type must be set to "http" and the scheme can be set to any of the httpx_auth classes that extend the httpx.Auth class.

Example Spec:
spec = {...}
spec["components"]["securitySchemes"]["sigv4"] = {"type": "http", "scheme": "aws4auth"}

api = OpenAPI("fict.iv", document=spec)
api.authenticate(
    apiKey="asdf1234",
    sigv4={
        "access_id": "my-access-id",
        "secret_key": "my-secret-key",
        "service": "execute-api",
        "region": "us-east-1",
    },
)
@ggpwnkthx
minor cleanup
1f755a6
@ggpwnkthx
httpx-auth
d5bd50c 
Added httpx-auth to the install requirements
commonism
commonism reviewed Jun 2, 2023
View reviewed changes
commonism
commonism reviewed Jun 2, 2023
View reviewed changes
aiopenapi3/v30/glue.py Outdated

for auth in add_auths:
if self.req.auth:
self.req.auth += auth
Copy link
Owner

@commonism commonism Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this actually works?
I guess test_paths_security_combined should validate this

Copy link
Contributor Author

@ggpwnkthx ggpwnkthx Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, although conditionally. It's a feature of httpx_auth. Ref: https://github.com/Colin-b/httpx_auth/blob/60bb9a7f4beb4b370398ae8fcb7d4402daa0b0bd/httpx_auth/authentication.py#L93

I think the code should be fine as is since all of that auth objects will be subclasses of httpx_auth.authentication.SupportMultiAuth, however I will add checks for this condition to be safe.

@commonism
Copy link
Owner

commonism commented Jun 2, 2023

Hi,

I'd be more comfortable if httpx-auth was optional and not a hard requirement.
I'll have a look myself and get this merged.
Thanks

@ggpwnkthx
conditional httpx_auth
830f04c 
Only uses httpx_auth if it's been installed separately.
@ggpwnkthx
Copy link
Contributor Author

ggpwnkthx commented Jun 2, 2023

That's understandable. In that case, this would probably best be handled by an Authentication plugin of some kind. Although, that may be outside of my development window for the near future.

@commonism
Copy link
Owner

commonism commented Jun 7, 2023
edited
Loading

Could you test https://github.com/commonism/aiopenapi3/tree/Esquire-Media/master ?
My changes 81b4f1b

I'll have to document httpx_auth & Colin-b/httpx_auth#48 somehow additionally.

I'd be best if you'd grant me edit privileges for the PR, so I can adjust the PR/repo to incorporate my changes.

@commonism commonism mentioned this pull request Jun 8, 2023
Merged
@commonism commonism closed this in #99 Jun 8, 2023
@ggpwnkthx
Copy link
Contributor Author

ggpwnkthx commented Jun 9, 2023

My apologies, I'm just now seeing your request. Thank you for reviewing, cleaning up, and merging my code. With the issue being close, is there anything you need from me at this point?

@commonism
Copy link
Owner

commonism commented Jun 9, 2023

No - this is settled.
As I intent to migrate master/HEAD to pydanticv2 I created a new release with the feature for use via pip.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@commonism commonism commonism left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ggpwnkthx @commonism