Metadata-Version: 2.1
Name: requests-iap2
Version: 1.0.1
Home-page: https://github.com/climateengine/requests-iap2
Author: Bennett Kanuka
Author-email: bennett@climateengine.com
Classifier: Environment :: Console
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: requests
Requires-Dist: google-auth
Requires-Dist: google-auth-oauthlib
Provides-Extra: dev
Requires-Dist: build ; extra == 'dev'
Requires-Dist: more-itertools (==5.0.0) ; extra == 'dev'
Requires-Dist: pip-tools ; extra == 'dev'
Requires-Dist: pytest (<5.0.0) ; extra == 'dev'
Requires-Dist: pytest-cov ; extra == 'dev'
Requires-Dist: pytest-mock (<3.3) ; extra == 'dev'
Requires-Dist: setuptools (>=42) ; extra == 'dev'
Requires-Dist: setuptools-scm[toml] (>=5.0.2) ; extra == 'dev'
Requires-Dist: tox ; extra == 'dev'
Requires-Dist: twine ; extra == 'dev'
Requires-Dist: wheel ; extra == 'dev'

# requests-iap2
Auth class for [requests](https://github.com/kennethreitz/requests) used to authenticate HTTP requests to 
Google Cloud [Identity-Aware Proxy](https://cloud.google.com/iap/) using **user** credentials.

This is in contrast to most other IAP authentication libraries which use **service account** credentials.

Original inspiration came from https://github.com/kiwicom/requests-iap 

## Installation

```
pip install git+https://github.com/climateengine/requests-iap2@main
```

## Usage

### Setup
You will need to have a Google Cloud project with IAP enabled and a user account with `IAP Webapp User` role.

Additionally, you will need to create 2 OAuth 2.0 client IDs in the Google Cloud Console:
one for the IAP server (created as a Web application) and one for the client application (created as a Desktop application).
You will need the client ID and secret for the client application.

If you have not already set up Application Default Credentials, you will need to do so with the following command:
```shell
gcloud auth login
gcloud auth application-default login
```
You should only have to do this once per machine.

### Example

```python
import requests
from requests_iap2 import IAPAuth

# This is the URL of the IAP-protected resource
url = "https://stac-staging.climateengine.net/"

# Create a requests Session object and set the authentication handler
session = requests.Session()
session.auth = IAPAuth(
    server_oauth_client_id="something.apps.googleusercontent.com",  # optional
    client_oauth_client_id="something_else.apps.googleusercontent.com",
    client_oauth_client_secret="client_secret_fjnclakjwencaiewnl",
)

resp = session.get(url)

# Alternatively, you can use the IAPAuth without a Session object
resp = requests.get(url,
                    auth=IAPAuth(
                        server_oauth_client_id="something.apps.googleusercontent.com",  # optional
                        client_oauth_client_id="something_else.apps.googleusercontent.com",
                        client_oauth_client_secret="client_secret_fjnclakjwencaiewnl"),
                    )
```

### Caching
Credentials are cached in a file specified by the optional `credentials_cache` parameter.
The default is `~/.requests_iap2_credentials.json`.
If this file exists, it will be used to load the credentials, and specifying `client_oauth_client_id` and 
`client_oauth_client_secret` will be optional. i.e. you won't need to specify these parameters again:

```python
import requests
from requests_iap2 import IAPAuth

session = requests.Session()
session.auth = IAPAuth()
```

## Development

### Code formatting

[black](https://github.com/ambv/black/)

### Package versioning

Versioning of this package is done through [setuptools-scm](https://github.com/pypa/setuptools_scm),
which auto-generates the version number based on git tags and commits. setuptools-scm generates a
unique version number for each commit in the repository according to
[this scheme](https://github.com/pypa/setuptools_scm/#default-versioning-scheme).

The version of the package is read from `requests_iap2/_version.py`
(which is generated by setuptools_scm during the package build) when running as a package, and derived
from git when running from source.

### Updating requirements.txt and test-requirements.txt

See `scripts/gen_requirements.sh`.

### Releasing

This project uses [semantic versioning](https://semver.org/).

For a new minor version release (`X.X.0`), create a `vX.X.0` tag in main branch,
and create a `vX.X` branch from the same commit for future patches to the minor version.

For patch versions, commit to and create `vX.X.Y` tags in the respective minor version branch.
(e.g `v1.1.1`, `v1.1.2`.. tags in the `v1.1` branch)

For building the package and publishing it on PyPI, see `scripts/build_package.sh`
and `scripts/publish_package.sh`.
