HTTPX Auth

Warnings

• breaking When providing an `httpx.Client` instance as a parameter to any `httpx-auth` OAuth2 authentication class (e.g., `client` parameter in `OAuth2AuthorizationCode`), `httpx-auth` no longer closes this client automatically. Users are now responsible for explicitly closing these client instances when they are no longer needed to prevent resource leaks.
  Fix: Ensure you manage the lifecycle of `httpx.Client` instances passed to `httpx-auth` authentication classes. Wrap client usage in a `with httpx.Client() as client:` block or explicitly call `client.close()`.
• gotcha The `AWS4Auth` class, ported from `requests-aws4auth`, has specific behavioral changes and deprecated attributes compared to its origin. Notably, the `amz_date` attribute has been removed, direct provision of `AWSSigningKey` instances is not supported (use explicit parameters instead), and the `date` parameter now defaults to `now()` without options to override or raise on invalid date.
  Fix: Review the `AWS4Auth` documentation for `httpx-auth` to understand the current parameter requirements and behaviors. Adjust your code to use explicit `access_id`, `secret_key`, and `region` parameters, and avoid relying on previously supported `requests-aws4auth` specific attributes or behaviors.

Install

• pip install httpx-auth Install stable version

Imports

• OAuth2AuthorizationCode

  from httpx_auth import OAuth2AuthorizationCode

• AWS4Auth

  from httpx_auth import AWS4Auth

• OktaAuthorizationCodePKCE

  from httpx_auth import OktaAuthorizationCodePKCE

• MicrosoftEntraID

  from httpx_auth import MicrosoftEntraID

Quickstart

This quickstart demonstrates how to use `OAuth2AuthorizationCode` with HTTPX. It sets up an authentication object with placeholder OAuth2 URLs and a client ID. When `client.get()` is called, `httpx-auth` will manage the OAuth2 Authorization Code flow, typically by opening a browser for user interaction to obtain an access token, which is then used for the request. Remember to replace placeholder URLs and client ID with your actual values and configure the `redirect_uri` for your OAuth2 application if running locally.

import httpx
import os
from httpx_auth import OAuth2AuthorizationCode

# In a real application, these would come from environment variables or a secure configuration
# For this example, we use placeholders. Replace with your actual OAuth2 application details.
CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID", "your_client_id")
AUTHORIZATION_URL = os.environ.get("OAUTH_AUTH_URL", "https://example.com/oauth/authorize")
TOKEN_URL = os.environ.get("OAUTH_TOKEN_URL", "https://example.com/oauth/token")

try:
    auth = OAuth2AuthorizationCode(
        client_id=CLIENT_ID,
        authorization_url=AUTHORIZATION_URL,
        token_url=TOKEN_URL,
        # For local development, redirect_uri would typically be a local callback URL.
        # httpx-auth will start a local server to capture the redirect.
        # Ensure this matches what's configured for your OAuth2 client application.
        # Example: redirect_uri="http://localhost:8000/callback", port=8000
    )

    with httpx.Client() as client:
        # The first request will trigger the OAuth2 flow:
        # 1. Opens a browser for user consent.
        # 2. User grants permission, browser redirects to redirect_uri.
        # 3. httpx-auth captures the code and exchanges it for a token.
        # 4. The request to the protected resource is then made with the acquired token.
        response = client.get("https://api.example.com/protected-resource", auth=auth)
        response.raise_for_status()
        print(f"Successfully authenticated and fetched data: {response.json()}")

except httpx.HTTPStatusError as e:
    print(f"HTTP error occurred: {e.response.status_code} - {e.response.text}")
except httpx.RequestError as e:
    print(f"An error occurred while making the request: {e}")
except Exception as e:
    print(f"An unexpected error occurred: {e}")