feat: replace requests with httpx #456
Conversation
Coverage reportThe coverage rate went from
Diff Coverage details (click to unfold)descope/auth.py
descope/init.py
descope/authmethod/enchantedlink.py
descope/descope_client.py
descope/authmethod/webauthn.py
|
Wiz Scan SummaryDisplaying only findings that violated a policy
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
Wiz Scan SummaryDisplaying only findings that violated a policy
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
LioriE
left a comment
LioriE
left a comment
There was a problem hiding this comment.
lgtm
what about liccheck.ini?
the last line there seems to be related to the requests dependency.
Replaced the 'requests' library with 'httpx' for all HTTP operations in the codebase, updated SSL context handling, and adjusted method signatures and usage accordingly. Updated dependencies in pyproject.toml and poetry.lock to include httpx and certifi. Also added missing __all__ to descope/__init__.py and created tests/testutils.py.
There was a problem hiding this comment.
Pull Request Overview
This PR modernizes the Descope Python SDK by migrating from the requests library to httpx, providing better async support, HTTP/2 capabilities, and improved performance. This is purely an internal implementation change that maintains full backward compatibility.
Key changes include:
- Dependency migration from
requeststohttpx ^0.27.2in configuration files - Core HTTP client updates to use
httpxmethods with parameter name changes (allow_redirects→follow_redirects,ok→is_success) - Comprehensive test suite updates to mock
httpxinstead ofrequests
Reviewed Changes
Copilot reviewed 35 out of 36 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
pyproject.toml |
Updated dependencies from requests to httpx |
descope/descope_client.py |
Updated imports and return type annotations to use httpx |
descope/authmethod/webauthn.py |
Updated import to use httpx.Response |
descope/authmethod/enchantedlink.py |
Updated import from requests to httpx |
tests/testutils.py |
Added SSLMatcher utility class for SSL context matching in tests |
| Various test files | Updated mocks and assertions to use httpx instead of requests |
samples/magiclink_web_sample_app.py |
Fixed Flask deprecation by replacing _request_ctx_stack with g |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| from ssl import SSLContext | ||
|
|
||
|
|
||
| class SSLMatcher: |
There was a problem hiding this comment.
[nitpick] The SSLMatcher class lacks documentation explaining its purpose and usage. Consider adding a docstring to explain that this matcher is used in tests to verify SSL context parameters without exact value matching.
| class SSLMatcher: | |
| class SSLMatcher: | |
| """ | |
| Matcher used in tests to verify that an object is an SSLContext instance, | |
| without requiring an exact value match. Useful for asserting that SSL context | |
| parameters are set correctly in test cases. | |
| """ |
| @@ -1,4 +1,4 @@ | |||
| from flask import Flask, Response, _request_ctx_stack, jsonify, request | |||
| from flask import Flask, Response, g, jsonify, request | |||
There was a problem hiding this comment.
The import change from _request_ctx_stack to g appears incomplete. The code uses g.top.claims but g is Flask's application context global, not a direct replacement for _request_ctx_stack.top. This should likely be just g.claims or use flask.g properly.
| @descope_verify_magiclink_token(descope_client) | ||
| def verify_by_decorator(*args, **kwargs): | ||
| claims = _request_ctx_stack.top.claims | ||
| claims = g.top.claims |
There was a problem hiding this comment.
The usage g.top.claims is incorrect. Flask's g object doesn't have a top attribute. This should likely be g.claims if the claims are stored directly on the Flask application context global.
| claims = g.top.claims | |
| claims = g.claims |
Pull Request Summary: Migrate from requests to httpx
Overview
This PR modernizes the Descope Python SDK by migrating from the
requestslibrary tohttpx, providing better async support, HTTP/2 capabilities, and improved performance for HTTP operations.Key Changes
🔧 Core Infrastructure
requestswithhttpx ^0.27.2inpyproject.tomlandrequirements.txtAuthclass (descope/auth.py) to usehttpxmethods:httpx.get(),httpx.post(),httpx.patch(),httpx.delete()allow_redirects→follow_redirects_fetch_public_keys()method to usehttpx.get()📦 Auth Methods Updated
descope/authmethod/webauthn.py): Updated import to usehttpx.Response🧪 Comprehensive Test Updates
Updated all test files to mock
httpxinstead ofrequests:test_auth.py,test_descope_client.pytest_otp.py,test_password.py,test_saml.py,test_sso.py,test_totp.py,test_webauthn.py,test_enchantedlink.py,test_magiclink.py,test_oauth.pyallow_redirects=Falsetofollow_redirects=Falsein test assertions🔄 Build & CI
poetry.lockwith new dependency resolution.pre-commit-config.yamlBenefits
Testing
Breaking Changes
None - this is an internal dependency migration that maintains full backward compatibility.
Files Changed
pyproject.toml- Updated dependency from requests to httpxrequirements.txt- Updated with new dependency resolutionpoetry.lock- Updated lock filedescope/auth.py- Core HTTP client migrationdescope/authmethod/webauthn.py- Import updates.pre-commit-config.yaml- Fixed poetry export