httpie auth plugin for OAuth2.0 client credentials flow.
Project description
hca-httpie-auth
As an auth plugin for httpie, it obtains a token with the OAuth2.0 client_credentials flow before executing http, and adds the Authorization: Bearer ${token}
header to the executed request.
Token request patterns
Token request patterns are supported for the following:
Installation
pip install httpie-oauth2-client-credentials
Usage
Since the format of the request to get the token depends on the support of the server, this module supports the following three patterns depending on the --token-request-type
option.
The SCOPE parameter is optional in all patterns.
Basic authentication (default)
Set CLIENT_ID and CLIENT_SECRET to Basic authentication to get the token.
Since this pattern is the default, you can omit the --token-request-type
option.
Execute command:
http --auth-type=oauth2-client-credentials \
--auth="${CLIENT_ID}:${CLIENT_SECRET}" \
--token-endpoint="${TOKEN_ENDPOINT_URL}" \
--token-request-type="basic" \
--scope="${SCOPE}" \
${TARGET_ENDPOINT_URL}
Token request:
POST ${TOKEN_ENDPOINT_URL} HTTP/1.1
Host: ${TOKEN_ENDPOINT_HOST}
Authorization: Basic ${CLIENT_ID:CLIENT_SECRET base64 strings}
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&scope=${SCOPE}
Form request (application/x-www-form-urlencoded)
Send CLIENT_ID and CLIENT_SECRET as part of the Form data.
Execute command:
http --auth-type=oauth2-client-credentials \
--auth="${CLIENT_ID}:${CLIENT_SECRET}" \
--token-endpoint="${TOKEN_ENDPOINT_URL}" \
--token-request-type="form" \
--scope="${SCOPE}" \
${TARGET_ENDPOINT_URL}
Token request:
POST ${TOKEN_ENDPOINT_URL} HTTP/1.1
Host: ${TOKEN_ENDPOINT_HOST}
Content-Type: application/x-www-form-urlencoded
client_id=${CLIENT_ID}
&client_secret=${CLIENT_SECRET}
&grant_type=client_credentials
&scope=${SCOPE}
JSON request (application/json)
Sends all request properties as JSON format.
Execute command:
http --auth-type=oauth2-client-credentials \
--auth="${CLIENT_ID}:${CLIENT_SECRET}" \
--token-endpoint="${TOKEN_ENDPOINT_URL}" \
--token-request-type="json" \
--scope="${SCOPE}" \
${TARGET_ENDPOINT_URL}
Token request:
POST ${TOKEN_ENDPOINT_URL} HTTP/1.1
Host: ${TOKEN_ENDPOINT_HOST}
Content-Type: application/json
{
"client_id": "${client_id}",
"client_secret": "${client_secret}",
"grant_type": "client_credentials",
"scope": "${SCOPE}"
}
Supported .netrc
Supported .netrc
.
Please check the httpie documentation for usage instructions.
Important Notes before Use
The value for "machine" in the ".netrc" file is the TARGET_ENDPOINT host, not the TOKEN_ENDPOINT host. It should be TOKEN_ENDPOINT, but the main body of httpie is designed to extract authentication information from the TARGET_ENDPOINT host.
# Create(or add) .netrc file.
cat <<EOF>> ~/.netrc
machine {TARGET_ENDPOINT_HOST}
login {Your Client ID}
password {Your Client Secret}
EOF
# Change permission.
chmod 600 ~/.netrc
# Example request.
http --auth-type=oauth2-client-credentials \
--token-endpoint="${TOKEN_ENDPOINT_URL}" \
--token-request-type="form" \
--scope="${SCOPE}" \
${TARGET_ENDPOINT_URL}
Options
--print-token-response
Output the token acquisition response to the console
Note
Token response
The token response must be JSON in the following format.
The format to be given to the Authorization header of the target endpoint is ${token_type} ${access_token}
.
If token_type
is not included in the response, the default value of the Prefix is Bearer
.
{
"token_type":"Bearer",
"access_token": "xxxxxxxxxxxx",
"expires_in": 3599
}
Caution
This plugin does not have a function to cache the token until "expires_in", so it will send a token request every time you execute the http command.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for httpie-oauth2-client-credentials-0.2.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | e35fc2b1c379f71c5e62112f9e0e77862c13ff74b1b5bd2350cd0bcb53c9eaa7 |
|
MD5 | 3588075ef13268bc5b8072652d21f356 |
|
BLAKE2b-256 | c1872fac7e4a60c2113214cc5a36b3cac06198e9b2c455ee0ddd3d35d1e0448a |
Hashes for httpie_oauth2_client_credentials-0.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6711a04fff0a38ef7fed90bb37d6c09096b09efcb4b95e12f1c05aa883bba146 |
|
MD5 | b06293199d1c29d00fb88a19f644c210 |
|
BLAKE2b-256 | c454ce72f75acce034a082c1a2e62b993c17513dc53374bed237a2278317593c |