This module provides you authentication classes to be used with requests
.
To use a specific authentication in combination with requests, use the authentication parameter on requests
module.
Sample:
import requests
from requests_auth import OAuth2AuthorizationCode
requests.get('http://www.example.com', auth=OAuth2AuthorizationCode('https://www.authorization.url', 'https://www.token.url'))
or
import requests
from requests_auth import oauth2, OAuth2Flow
requests.get('http://www.example.com', auth=oauth2(OAuth2Flow.AuthorizationCode, 'https://www.authorization.url', 'https://www.token.url'))
Name | Description | Mandatory | Default value |
---|---|---|---|
authorization_url |
OAuth 2 authorization URL. | Mandatory | |
token_url |
OAuth 2 token URL. | Mandatory | |
redirect_uri_endpoint |
Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
redirect_uri_port |
The port on which the server listening for the OAuth 2 code will be started. | Optional | 5000 |
timeout |
Maximum amount of seconds to wait for a code or a token to be received once requested. | Optional | 60 |
success_display_time |
In case a code is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
failure_display_time |
In case received code is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
header_name |
Name of the header field used to send token. | Optional | Authorization |
header_value |
Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
response_type |
Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
token_field_name |
Field name containing the token. | Optional | access_token |
code_field_name |
Field name containing the code. | Optional | code |
username |
User name in case basic authentication should be used to retrieve token. | Optional | |
password |
User password in case basic authentication should be used to retrieve token. | Optional |
Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
Usual parameters are:
Name | Description |
---|---|
client_id |
Corresponding to your Application ID (in Microsoft Azure app portal) |
client_secret |
If client is not authenticated with the authorization server |
nonce |
Refer to OpenID ID Token specifications for more details |
Sample:
import requests
from requests_auth import OAuth2ResourceOwnerPasswordCredentials
requests.get('http://www.example.com', auth=OAuth2ResourceOwnerPasswordCredentials('https://www.token.url', 'user name', 'user password'))
or
import requests
from requests_auth import oauth2, OAuth2Flow
requests.get('http://www.example.com', auth=oauth2(OAuth2Flow.PasswordCredentials, 'https://www.token.url', 'user name', 'user password'))
Name | Description | Mandatory | Default value |
---|---|---|---|
token_url |
OAuth 2 token URL. | Mandatory | |
username |
Resource owner user name. | Mandatory | |
password |
Resource owner password. | Mandatory | |
timeout |
Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
header_name |
Name of the header field used to send token. | Optional | Authorization |
header_value |
Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
scope |
Scope parameter sent to token URL as body. Can also be a list of scopes. | Optional | |
token_field_name |
Field name containing the token. | Optional | access_token |
Any other parameter will be put as body parameter in the token URL.
Sample:
import requests
from requests_auth import OAuth2ClientCredentials
requests.get('http://www.example.com', auth=OAuth2ClientCredentials('https://www.token.url', 'user name', 'user password'))
or
import requests
from requests_auth import oauth2, OAuth2Flow
requests.get('http://www.example.com', auth=oauth2(OAuth2Flow.ClientCredentials, 'https://www.token.url', 'user name', 'user password'))
Name | Description | Mandatory | Default value |
---|---|---|---|
token_url |
OAuth 2 token URL. | Mandatory | |
username |
Resource owner user name. | Mandatory | |
password |
Resource owner password. | Mandatory | |
timeout |
Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
header_name |
Name of the header field used to send token. | Optional | Authorization |
header_value |
Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
scope |
Scope parameter sent to token URL as body. Can also be a list of scopes. | Optional | |
token_field_name |
Field name containing the token. | Optional | access_token |
Any other parameter will be put as body parameter in the token URL.
Sample:
import requests
from requests_auth import OAuth2Implicit
requests.get('http://www.example.com', auth=OAuth2Implicit('https://www.authorization.url'))
or
import requests
from requests_auth import oauth2, OAuth2Flow
requests.get('http://www.example.com', auth=oauth2(OAuth2Flow.Implicit, 'https://www.authorization.url'))
Name | Description | Mandatory | Default value |
---|---|---|---|
authorization_url |
OAuth 2 authorization URL. | Mandatory | |
response_type |
Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
token_field_name |
Field name containing the token. | Optional | id_token if response_type is id_token, otherwise access_token |
redirect_uri_endpoint |
Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
redirect_uri_port |
The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
timeout |
Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
success_display_time |
In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
failure_display_time |
In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
header_name |
Name of the header field used to send token. | Optional | Authorization |
header_value |
Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
Any other parameter will be put as query parameter in the authorization URL.
Usual parameters are:
Name | Description |
---|---|
client_id |
Corresponding to your Application ID (in Microsoft Azure app portal) |
nonce |
Refer to OpenID ID Token specifications for more details |
prompt |
none to avoid prompting the user if a session is already opened. |
Sample:
import requests
from requests_auth import AzureActiveDirectoryImplicit
aad = AzureActiveDirectoryImplicit(tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
requests.get('http://www.example.com', auth=aad)
or
import requests
from requests_auth import aad, OAuth2Flow
requests.get('http://www.example.com', auth=aad(OAuth2Flow.Implicit, tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd'))
Name | Description | Mandatory | Default value |
---|---|---|---|
tenant_id |
Microsoft Tenant Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
client_id |
Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
response_type |
Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
token_field_name |
Field name containing the token. | Optional | access_token |
nonce |
Refer to OpenID ID Token specifications for more details | Optional | Newly generated Universal Unique Identifier. |
redirect_uri_endpoint |
Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
redirect_uri_port |
The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
timeout |
Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
success_display_time |
In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
failure_display_time |
In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
header_name |
Name of the header field used to send token. | Optional | Authorization |
header_value |
Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
Any other parameter will be put as query parameter in the authorization URL.
Usual parameters are:
Name | Description |
---|---|
prompt |
none to avoid prompting the user if a session is already opened. |
Sample:
import requests
from requests_auth import AzureActiveDirectoryImplicitIdToken
aad = AzureActiveDirectoryImplicitIdToken(tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
requests.get('http://www.example.com', auth=aad)
Name | Description | Mandatory | Default value |
---|---|---|---|
tenant_id |
Microsoft Tenant Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
client_id |
Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
response_type |
Value of the response_type query parameter if not already provided in authorization URL. | Optional | id_token |
token_field_name |
Field name containing the token. | Optional | id_token |
nonce |
Refer to OpenID ID Token specifications for more details | Optional | Newly generated Universal Unique Identifier. |
redirect_uri_endpoint |
Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
redirect_uri_port |
The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
timeout |
Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
success_display_time |
In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
failure_display_time |
In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
header_name |
Name of the header field used to send token. | Optional | Authorization |
header_value |
Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
Any other parameter will be put as query parameter in the authorization URL.
Usual parameters are:
Name | Description |
---|---|
prompt |
none to avoid prompting the user if a session is already opened. |
Sample:
import requests
from requests_auth import OktaImplicit
okta = OktaImplicit(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
requests.get('http://www.example.com', auth=okta)
or
import requests
from requests_auth import okta, OAuth2Flow
requests.get('http://www.example.com', auth=okta(OAuth2Flow.Implicit, instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd'))
Name | Description | Mandatory | Default value |
---|---|---|---|
instance |
OKTA instance (like "testserver.okta-emea.com"). | Mandatory | |
client_id |
Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
response_type |
Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
token_field_name |
Field name containing the token. | Optional | access_token |
nonce |
Refer to OpenID ID Token specifications for more details. | Optional | Newly generated Universal Unique Identifier. |
scope |
Scope parameter sent in query. Can also be a list of scopes. | Optional | ['openid', 'profile', 'email'] |
authorization_server |
OKTA authorization server. | Optional | '' |
redirect_uri_endpoint |
Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
redirect_uri_port |
The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
timeout |
Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
success_display_time |
In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
failure_display_time |
In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
header_name |
Name of the header field used to send token. | Optional | Authorization |
header_value |
Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
Any other parameter will be put as query parameter in the authorization URL.
Usual parameters are:
Name | Description |
---|---|
prompt |
none to avoid prompting the user if a session is already opened. |
Sample:
import requests
from requests_auth import OktaImplicitIdToken
okta = OktaImplicitIdToken(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
requests.get('http://www.example.com', auth=okta)
Name | Description | Mandatory | Default value |
---|---|---|---|
instance |
OKTA instance (like "testserver.okta-emea.com"). | Mandatory | |
client_id |
Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
response_type |
Value of the response_type query parameter if not already provided in authorization URL. | Optional | id_token |
token_field_name |
Field name containing the token. | Optional | id_token |
nonce |
Refer to OpenID ID Token specifications for more details. | Optional | Newly generated Universal Unique Identifier. |
scope |
Scope parameter sent in query. Can also be a list of scopes. | Optional | ['openid', 'profile', 'email'] |
authorization_server |
OKTA authorization server. | Optional | '' |
redirect_uri_endpoint |
Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
redirect_uri_port |
The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
timeout |
Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
success_display_time |
In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
failure_display_time |
In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
header_name |
Name of the header field used to send token. | Optional | Authorization |
header_value |
Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
Any other parameter will be put as query parameter in the authorization URL.
Usual parameters are:
Name | Description |
---|---|
prompt |
none to avoid prompting the user if a session is already opened. |
To avoid asking for a new token every new request, a token cache is used.
Default cache is in memory but it is also possible to use a physical cache using the following method:
from requests_auth import OAuth2, JsonTokenFileCache
OAuth2.token_cache = JsonTokenFileCache('my_token_cache')
Sample:
import requests
from requests_auth import HeaderApiKey
requests.get('http://www.example.com', auth=HeaderApiKey('my_api_key'))
Name | Description | Mandatory | Default value |
---|---|---|---|
api_key |
The API key that will be sent. | Mandatory | |
header_name |
Name of the header field. | Optional | "X-API-Key" |
Sample:
import requests
from requests_auth import QueryApiKey
requests.get('http://www.example.com', auth=QueryApiKey('my_api_key'))
Name | Description | Mandatory | Default value |
---|---|---|---|
api_key |
The API key that will be sent. | Mandatory | |
query_parameter_name |
Name of the query parameter. | Optional | "api_key" |
Sample:
import requests
from requests_auth import Basic
requests.get('http://www.example.com', auth=Basic('username', 'password'))
Name | Description | Mandatory | Default value |
---|---|---|---|
username |
User name. | Mandatory | |
password |
User password. | Mandatory |
Requires requests-negotiate-sspi module or requests_ntlm module depending on provided parameters.
Sample:
import requests
from requests_auth import NTLM
requests.get('http://www.example.com', auth=NTLM())
Name | Description | Mandatory | Default value |
---|---|---|---|
username |
User name. | Mandatory if requests_negotiate_sspi module is not installed. In such a case requests_ntlm module is mandatory. | |
password |
User password. | Mandatory if requests_negotiate_sspi module is not installed. In such a case requests_ntlm module is mandatory. |
You can also use a combination of authentication as in the following sample:
import requests
from requests_auth import HeaderApiKey, OAuth2Implicit
api_key = HeaderApiKey('my_api_key')
oauth2 = OAuth2Implicit('https://www.example.com')
requests.get('http://www.example.com', auth=api_key + oauth2)