Making HTTP(S) requests with IGWN Auth Utils

igwn_auth_utils provides a requests interface to support HTTP/HTTPS requests with the IGWN Auth flow.

Basic usage

To use this interface, open a Session and make some requests:

Make a request with igwn_auth_utils.Session.
from igwn_auth_utils import Session
with Session() as sess:
    sess.get("https://myservice.example.com/api/important/data")

The igwn_auth_utils.Session class will automatically discover available SciTokens and X.509 credentials and will send them with the request to maximise chances of a successfull authorisation.

See the igwn_auth_utils.Session documentation for details on keywords that enable configuring the discovery of each of the credential types, including disabling/enabling individual credential types, or disabling all credentials completely.

API

get

Send an HTTP GET request to the specified URL with IGWN Auth attached.

request

Send a request of the specific method to the specified URL.

HTTPSciTokenAuth

Auth handler for SciTokens.

Session

requests.Session class with default IGWN authorization handling.

SessionAuthMixin

Mixin for requests.Session to add support for IGWN auth.

Other request methods

Only the get() and request() functions are available from the top-level module interface, however all HTTP methods are supported via functions in the igwn_auth_utils.requests module:

igwn_auth_utils.requests.delete

Send an HTTP DELETE request to the specified URL with IGWN Auth attached.

igwn_auth_utils.requests.head

Send an HTTP HEAD request to the specified URL with IGWN Auth attached.

igwn_auth_utils.requests.patch

Send an HTTP PATCH request to the specified URL with IGWN Auth attached.

igwn_auth_utils.requests.post

Send an HTTP POST request to the specified URL with IGWN Auth attached.

igwn_auth_utils.requests.put

Send an HTTP PUT request to the specified URL with IGWN Auth attached.

Authentication credentials

By default, igwn_auth_utils will attempt to find both a SciToken and an X.509 credential, to attach to a request. If a credential or token is found it will be attached, if one isn’t found, no failures or warnings are emitted. Requests will then be accepted or rejected by the remote application as appropriate.

igwn_auth_utils supports two environment variables to explicitly enable (require) or disable automatic discovery of credentials.

Environment variable values

Enable

y, yes, true, 1

Disable

n, no, false, 0

If a variable is set to something ‘truthy’ (yes), and a credential of that type is not found, an error will be raised before the request is sent. If a variable is set to something ‘falsy’ (no) no attempt will be made to discover a credential of that type, and no warnings will be emitted.

IGWN_AUTH_UTILS_FIND_SCITOKEN

Set the IGWN_AUTH_UTILS_FIND_SCITOKEN variable to control automatic discovery of SciTokens.

Require finding a scitoken (bash)
IGWN_AUTH_UTILS_FIND_SCITOKEN=yes
Disable finding a scitoken (bash)
IGWN_AUTH_UTILS_FIND_SCITOKEN=no

IGWN_AUTH_UTILS_FIND_X509

Set the IGWN_AUTH_UTILS_FIND_X509 variable to control automatic discovery of X.509 certificates.

Require finding an X.509 credential (bash)
IGWN_AUTH_UTILS_FIND_X509=yes
Disable finding an X.509 credential (bash)
IGWN_AUTH_UTILS_FIND_X509=no