”;
This chapter will discuss the types of authentication available in the Requests module.
We are going to discuss the following −
- Working of Authentication in HTTP Requests
- Basic Authentication
- Digest Authentication
- OAuth2 Authentication
Working of Authentication in HTTP Requests
HTTP authentication is on the server-side asking for some authentication information like username, password when the client requests a URL. This is additional security for the request and the response being exchanged between the client and the server.
From the client-side these additional authentication information i.e. username and password can be sent in the headers, which later on the server side will be validated. The response will be delivered from the server-side only when the authentication is valid.
Requests library has most commonly used authentication in requests.auth, which are Basic Authentication (HTTPBasicAuth) and Digest Authentication (HTTPDigestAuth).
Basic Authentication
This is the simplest form of providing authentication to the server. To work with basic authentication, we are going to use HTTPBasicAuth class available with requests library.
Example
Here is a working example of how to use it.
import requests from requests.auth import HTTPBasicAuth response_data = requests.get(''httpbin.org/basic-auth/admin/admin123'', auth = HTTPDigestAuth(''admin'', ''admin123'')) print(response_data.text)
We are calling the url, https://httpbin.org/basic-auth/admin/admin123 with user as admin and password as admin123.
So, this URL will not work without authentication, i.e. user and password. Once you give the authentication using the auth param, then only the server will give back the response.
Output
E:prequests>python makeRequest.py { "authenticated": true, "user": "admin" }
Digest Authentication
This is another form of authentication available with requests. We are going to make use of HTTPDigestAuth class from requests.
Example
import requests from requests.auth import HTTPDigestAuth response_data = requests.get(''https://httpbin.org/digest-auth/auth/admin/admin123'', auth = HTTPDigestAuth(''admin'', ''admin123'')) print(response_data.text)
Output
E:prequests>python makeRequest.py { "authenticated": true, "user": "admin" }
OAuth2 Authentication
To use OAuth2 Authentication, we need “requests_oauth2” library. To install “requests_oauth2” do the following −
pip install requests_oauth2
The display in your terminal while installing will be something as shown below −
E:prequests>pip install requests_oauth2 Collecting requests_oauth2 Downloading https://files.pythonhosted.org/packages/52/dc/01c3c75e6e7341a2c7a9 71d111d7105df230ddb74b5d4e10a3dabb61750c/requests-oauth2-0.3.0.tar.gz Requirement already satisfied: requests in c:usersxyzappdatalocalprograms pythonpython37libsite-packages (from requests_oauth2) (2.22.0) Requirement already satisfied: six in c:usersxyzappdatalocalprogramspyth onpython37libsite-packages (from requests_oauth2) (1.12.0) Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in c:use rsxyzappdatalocalprogramspythonpython37libsite-packages (from requests ->requests_oauth2) (1.25.3) Requirement already satisfied: certifi>=2017.4.17 in c:usersxyzappdataloca lprogramspythonpython37libsite-packages (from requests->requests_oauth2) (2 019.3.9) Requirement already satisfied: chardet<3.1.0,>=3.0.2 in c:usersxyzappdatal ocalprogramspythonpython37libsite-packages (from requests->requests_oauth2) (3.0.4) Requirement already satisfied: idna<2.9,>=2.5 in c:usersxyzappdatalocalpr ogramspythonpython37libsite-packages (from requests->requests_oauth2) (2.8) Building wheels for collected packages: requests-oauth2 Building wheel for requests-oauth2 (setup.py) ... done Stored in directory: C:UsersxyzAppDataLocalpipCachewheels90efb443 3743cbbc488463491da7df510d41c4e5aa28213caeedd586 Successfully built requests-oauth2
We are done installing “requests-oauth2”. To use the API’s of Google, Twitter we need its consent and the same is done using OAuth2 authentication.
For OAuth2 authentication we will need Client ID and a Secret Key. The details of how to get it, is mentioned on https://developers.google.com/identity/protocols/OAuth2.
Later on, login to Google API Console which is available at https://console.developers.google.com/and get the client id and secret key.
Example
Here is an example of how to use “requests-oauth2”.
import requests from requests_oauth2.services import GoogleClient google_auth = GoogleClient( client_id="xxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com", redirect_uri="http://localhost/auth/success.html", ) a = google_auth.authorize_url( scope=["profile", "email"], response_type="code", ) res = requests.get(a) print(res.url)
We will not be able to redirect to the URL given, as it needs to login to the Gmail account, but here, you will see from the example, that google_auth works and the authorized URL is given.
Output
E:prequests>python oauthRequest.py https://accounts.google.com/o/oauth2/auth?redirect_uri= http%3A%2F%2Flocalhost%2Fauth%2Fsuccess.html& client_id=xxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com& scope=profile+email&response_type=code
”;