ENH: AWS4Auth - add option to use boto3 for automatically retrieving credentials

Colin-b / httpx_auth

Authentication classes to be used with httpx

MIT License

114 stars 26 forks source link

ENH: AWS4Auth - add option to use boto3 for automatically retrieving credentials #55

Closed snowman2 closed 1 year ago

snowman2 commented 1 year ago

Following what is done here: https://github.com/DavidMuller/aws-requests-auth/blob/2e1dd0f37e3815c417c3b0630215a77aab5af617/aws_requests_auth/boto_utils.py

Any interest in using boto3 to automatically retrieve AWS credentials?

Colin-b commented 1 year ago

Hello @snowman2,

What would be the exhaustive list of new dependencies in such as case (excluding the one already provided by httpx) ?

Thanks again

snowman2 commented 1 year ago

Looks like it just needs botocore.

snowman2 commented 1 year ago

It could be listed as a dependency in the extras_required section as aws.

python -m pip install httpx-auth[aws]

Colin-b commented 1 year ago

I wonder if we cannot provide a small sample on how to retrieve the information using botocore instead of introducing those changes in the code and adding an optional dependency.

I guess the following would work according to your sample:

from botocore.session import Session
from httpx_auth import AWS4Auth

credentials = Session().get_credentials()j.get_frozen_credentials()
aws = AWS4Auth(access_id=credentials.access_key, secret_key=credentials.secret_key, region="eu-west-1", service="s3", security_token=credentials.token)

snowman2 commented 1 year ago

Thank you for maintaining this library and for taking the time to consider this proposal. Your logic makes sense to me.

I am thinking that maybe a new library called aws-httpx-auth might be a good home for this if I (or someone else) ever get around to implementing it. It seems there is some demand for it (https://github.com/DavidMuller/aws-requests-auth/pull/50). It could wrap this library and add the feature mentioned here.

Thanks again for considering this proposal 👍

Colin-b commented 1 year ago

According to what you provided, it feels like this is 1 extra line of code (if we exclude the import statement). So this is why I would feel more comfortable having it described in documentation rather than having to maintain it :)

However don't hesitate to propose changes if you have any need :)

snowman2 commented 1 year ago

However don't hesitate to propose changes if you have any need :)

Thanks 👍. There is a good chance I will do that.

Notes for my future self or whoever implements this while it is fresh in my mind:

Credentials are refreshed with each call on the authorization class: https://github.com/DavidMuller/aws-requests-auth/blob/2e1dd0f37e3815c417c3b0630215a77aab5af617/aws_requests_auth/boto_utils.py#L50. I believe similar behavior can be achieved by creating a class based on AWS4Auth and overwriting __init__ to automatically provide initial credentials and auth_flow to refresh the credentials (https://github.com/Colin-b/httpx_auth/blob/75e0d19491df124e0808fd1c09cc7a18a87ec0c4/httpx_auth/aws.py#L58) and then calling the parent method for each one.

Colin-b commented 6 months ago

Documentation now includes a sample auth class to achieve this.