Skip to content

Refactor requests auth handling to enable per-request token discovery

Duncan Macleod requested to merge duncanmmacleod/igwn-auth-utils:scitoken-auth-handler into main

This MR refactors the igwn_auth_utils.requests module to enable per-request auth handling.

Closes #13 (closed).

The main new features of this change are as follows

  • a new HTTPSciTokenAuth object that implements Authorization token handling on a per-request basis
  • token discovery for Session objects is deferred until the token is needed for a request, unless token=True is given
  • the Session.token attribute is now a property tied to the HTTPSciTokenAuth.token attribute, which is likely to be None
  • basic auth and token auth are now formally exclusive (i.e. this is documented, and not implicit - they both rely on the Authorization header key, so can't both be used at the same time anyway)

This is a fairly major change, but is for The Greater Good ™️ so merits targeting 1.0.0 as the version.

Merge request reports