ENH: AWS4Auth - add option to use boto3 for automatically retrieving credentials

[snowman2]

Following what is done here:
https://github.com/DavidMuller/aws-requests-auth/blob/2e1dd0f37e3815c417c3b0630215a77aab5af617/aws_requests_auth/boto_utils.py

Any interest in using boto3 to automatically retrieve AWS credentials?

[Colin-b]

Hello @snowman2,

What would be the exhaustive list of new dependencies in such as case (excluding the one already provided by httpx) ?

Thanks again

[snowman2]

Looks like it just needs botocore.

[snowman2]

It could be listed as a dependency in the extras_required section as aws.

python -m pip install httpx-auth[aws]

[Colin-b]

I wonder if we cannot provide a small sample on how to retrieve the information using botocore instead of introducing those changes in the code and adding an optional dependency.

I guess the following would work according to your sample:

from botocore.session import Session
from httpx_auth import AWS4Auth


credentials = Session().get_credentials()j.get_frozen_credentials()
aws = AWS4Auth(access_id=credentials.access_key, secret_key=credentials.secret_key, region="eu-west-1", service="s3", security_token=credentials.token)

[snowman2]

Thank you for maintaining this library and for taking the time to consider this proposal. Your logic makes sense to me.

I am thinking that maybe a new library called aws-httpx-auth might be a good home for this if I (or someone else) ever get around to implementing it. It seems there is some demand for it (DavidMuller/aws-requests-auth#50). It could wrap this library and add the feature mentioned here.

Thanks again for considering this proposal 👍

[Colin-b]

According to what you provided, it feels like this is 1 extra line of code (if we exclude the import statement). So this is why I would feel more comfortable having it described in documentation rather than having to maintain it :)

However don't hesitate to propose changes if you have any need :)

[snowman2]

However don't hesitate to propose changes if you have any need :)

Thanks 👍. There is a good chance I will do that.

Notes for my future self or whoever implements this while it is fresh in my mind:

Credentials are refreshed with each call on the authorization class: https://github.com/DavidMuller/aws-requests-auth/blob/2e1dd0f37e3815c417c3b0630215a77aab5af617/aws_requests_auth/boto_utils.py#L50. I believe similar behavior can be achieved by creating a class based on AWS4Auth and overwriting __init__ to automatically provide initial credentials and auth_flow to refresh the credentials (

httpx_auth/httpx_auth/aws.py

Line 58 in 75e0d19

def auth_flow(

) and then calling the parent method for each one.

[Colin-b]

Documentation now includes a sample auth class to achieve this.