HTTPSciTokenAuth

class requests_scitokens.HTTPSciTokenAuth(token=None, audience=None, *, force=None)[source]

Bases: AuthBase

Auth handler for SciTokens.

Parameters:

  • token (scitokens.SciToken, None, True) – The SciToken to use for bearer authorisation. Default (None) will dynamically discover a token for each request. token=True is an alias for token=None, force=True.

  • audience (str, optional) – The aud claim to require when discovering tokens.

  • force (bool, optional) –

    If True, preemptively discover a token and generate an Authorization header for all requests.

    If False, wait for the remote server to respond with an authorisation challenge via a 401 Unauthorized response that includes a WWW-Authenticate header.

Methods Summary

__call__(request)

Augment the Request request with an Authorization header.

authenticate_bearer(response, **kwargs)

Re-send a request in response to a Bearer challenge.

find_token([url, error, find_func])

Find a bearer token for authorization.

generate_bearer_header([response])

Generate a bearer token header, possibly based on a response.

handle_401(response, **kwargs)

Handle 401 response.

handle_response(response, **kwargs)

Handle a response.

Methods Documentation

__call__(request)[source]

Augment the Request request with an Authorization header.

Parameters:

request (requests.Request) – The request to authorise.

Returns:

request (requests.Request) – The original request, which may now have an HTTP Authorization header attached.

authenticate_bearer(response, **kwargs)[source]

Re-send a request in response to a Bearer challenge.

This method attemps to find a token and construct an HTTP Authorization header for the response endpoint. If that is successful, a new request will be sent using the header.

Parameters:

  • response (requests.Response) – The HTTP response to handle.

  • kwargs – Other keyword arguments are passed to the new request.

Returns:

response (requests.Response)

find_token(url=None, *, error=True, find_func=<function SciToken.discover>, **discover_kwargs)[source]

Find a bearer token for authorization.

Parameters:

  • url (str) – The URL that will be queried.

  • error (bool) – If True, raise exceptions, otherwise return None.

  • find_func (callable) – The function to call to discover SciTokens, defaults to discover().

  • discover_kwargs – Other keyword arguments to pass to find_func.

Returns:

token (scitokens.SciToken, None) – The discovered token, or None if a token is not foudn and error=False is given.

Raises:

OSError – If error=True is given (default) and a token discovery fails.

generate_bearer_header(response=None)[source]

Generate a bearer token header, possibly based on a response.

Parameters:

response (requests.Response, optional) – The HTTP response to handle.

Returns:

auth (str or None) – The value of the HTTP Authorization header to apply, or None if not found or needed.

handle_401(response, **kwargs)[source]

Handle 401 response.

Parameters:

  • response (requests.Response) – The HTTP response to handle.

  • kwargs – Other keyword arguments are passed to the new request.

Returns:

response (requests.Response) – Either the original response given as input, or a new response to a new request that included Authorization.

handle_response(response, **kwargs)[source]

Handle a response.

If the response is a 401 (Unauthorized) and this is first attempt, a SciToken will be discovered and attached via an HTTP Authorization header, and the request retried.

If any other circumstances, the response is returned with no action.

Parameters:

  • response (requests.Response) – The HTTP response to handle.

  • kwargs – Other keyword arguments are passed to the new request.

Returns:

response (requests.Response) – Either the original response given as input, or a new response to a new request that included Authorization.