Making HTTP(S) requests with IGWN Auth Utils¶

igwn_auth_utils provides a requests interface to support HTTP/HTTPS requests with the IGWN Auth flow.

Basic usage¶

To use this interface, open a Session and make some requests:

Make a request with igwn_auth_utils.Session.¶

from igwn_auth_utils import Session
with Session() as sess:
    sess.get("https://myservice.example.com/api/important/data")

The igwn_auth_utils.Session class will automatically discover available SciTokens and X.509 credentials and will send them with the request to maximise chances of a successfull authorisation.

See the igwn_auth_utils.Session documentation for details on keywords that enable configuring the discovery of each of the credential types, including disabling/enabling individual credential types, or disabling all credentials completely.

API¶

`get`	Send an HTTP GET request to the specified URL with IGWN Auth attached.
`request`	Send a request of the specific method to the specified URL.
`HTTPSciTokenAuth`	Auth handler for SciTokens.
`Session`	`requests.Session` class with default IGWN authorization handling.
`SessionAuthMixin`	Mixin for `requests.Session` to add support for IGWN auth.

Other request methods¶

Only the get() and request() functions are available from the top-level module interface, however all HTTP methods are supported via functions in the igwn_auth_utils.requests module:

`igwn_auth_utils.requests.delete`	Send an HTTP DELETE request to the specified URL with IGWN Auth attached.
`igwn_auth_utils.requests.head`	Send an HTTP HEAD request to the specified URL with IGWN Auth attached.
`igwn_auth_utils.requests.patch`	Send an HTTP PATCH request to the specified URL with IGWN Auth attached.
`igwn_auth_utils.requests.post`	Send an HTTP POST request to the specified URL with IGWN Auth attached.
`igwn_auth_utils.requests.put`	Send an HTTP PUT request to the specified URL with IGWN Auth attached.

Authentication credentials¶

By default, igwn_auth_utils will attempt to find both a SciToken and an X.509 credential, to attach to a request. If a credential or token is found it will be attached, if one isn’t found, no failures or warnings are emitted. Requests will then be accepted or rejected by the remote application as appropriate.

igwn_auth_utils supports two environment variables to explicitly enable (require) or disable automatic discovery of credentials.

Environment variable values¶
Enable	`y`, `yes`, `true`, `1`
Disable	`n`, `no`, `false`, `0`

If a variable is set to something ‘truthy’ (yes), and a credential of that type is not found, an error will be raised before the request is sent. If a variable is set to something ‘falsy’ (no) no attempt will be made to discover a credential of that type, and no warnings will be emitted.

`IGWN_AUTH_UTILS_FIND_SCITOKEN`¶

Set the IGWN_AUTH_UTILS_FIND_SCITOKEN variable to control automatic discovery of SciTokens.

Enable

Require finding a scitoken (bash)¶

IGWN_AUTH_UTILS_FIND_SCITOKEN=yes

Disable

Disable finding a scitoken (bash)¶

IGWN_AUTH_UTILS_FIND_SCITOKEN=no

`IGWN_AUTH_UTILS_FIND_X509`¶

Set the IGWN_AUTH_UTILS_FIND_X509 variable to control automatic discovery of X.509 certificates.

Enable

Require finding an X.509 credential (bash)¶

IGWN_AUTH_UTILS_FIND_X509=yes