# Web

This page explores the concepts behind various Python packages related to the web.

## Requests

The [Requests](https://requests.readthedocs.io/en/latest/) package provides a more convenient interfaces for `urllib3`. This package hides a lot of ConnectionPool management inside it, which makes it easier to understand, but reduces the flexibility.

Check more detailed explanation in the [Requests](web/requests.ipynb) page.

---

The following cell shows how to make a GET request to google.com in just two lines of code, including the import.

In [2]:
import requests
requests.get("https://google.com")

<Response [200]>


## urllib3

The `urllib3` is a package for implementing network communication.

For more information:

- Check the official [website](https://urllib3.readthedocs.io/en/stable/index.html).
- Chekc [special page](web/urllib3.ipynb).

---

The following cell shows how to make a request to the `http://google.com` using `urllib3`.

In [1]:
import urllib3
pool_manager = urllib3.PoolManager()
resp = pool_manager.request("GET", "http://google.com")
resp.status

200

## Authlib

[Authlib](https://docs.authlib.org/en/stable/index.html) is the package that implement OAuth and OpenID protocols in python.

---

The following cell show how to obtain the Bearer token with OAuth2.

**Note.** You must run the keycloak, which plays the role of OAuth2 provider.

In [144]:
from authlib.integrations.requests_client import OAuth2Session
client = OAuth2Session(client_id="admin-cli")
token = client.fetch_token(
    "http://localhost:8080/realms/master/protocol/openid-connect/token",
    username="admin",
    password="admin",
    grant_type="password",
)
token

{'access_token': 'eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrTnA4VkMtYjB5RXh1N2VWQ21MTjNjdW5rWXVSTXExZFpkeUJQaU9WOWs4In0.eyJleHAiOjE3NzE3NzAzNDUsImlhdCI6MTc3MTc3MDI4NSwianRpIjoib25sdHJvOjUwNWZlNGFhLTg2ZjQtZjZjMi03MGEwLTJjZWFjNmEwYTJjNSIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9yZWFsbXMvbWFzdGVyIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwic2lkIjoiZjZiZjExMzQtZTA0Yy1kOTliLWE3YjUtYjk5ZGQxNDhmOGZkIiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIn0.ANicSYy3B6hoycEL1olJmsJ1h4UMCsus0X_lHtOs7sZb_EhMfRf5R_R03SD7Uwz8tT0Qp1Tww4dS58kyOb6b--QJz2WxS24t6yjUMJbH4NpQW-YzVsXwX_44VUBTHlNzKKeJDE_Wp-9UV7pXWMrGCtwzQxKrFf-QT3ULFHeYpFco71Xm3wer7n9H5LDYI2JEbUvToVKygPyuqg-MX14Xy4QkzUEcj6VZO6-R0-gWzMKAflj5EvTpb-NTl_ze-yzF6SXkhQaCTtZAYw4FW1qzvWVcvT2xB2kkqHStHUy1C5uU26wOgh9ekqyQYqFjph598HQvlUhCFYLkuZsEA8NNoA',
 'expires_in': 60,
 'refresh_expires_in': 1800,
 'refresh_token': 'eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmODBlNDZjZS1iZTY3LTRmOTItOTMyMi1mZmE5MjJiYjViYjgifQ.eyJleHAiOjE3NzE3NzIwODUsImlhdCI6MTc3MTc3MDI

**Note** The token here is not just a dictionary, it is a special `authlib` object that represents the token.

In [147]:
type(token)

authlib.oauth2.rfc6749.wrappers.OAuth2Token

### Removed session

Consider what happens when a session is removed and the application attempts to refresh the token. Typicallyk, OAuth returns the 400 error.

---

The following cell requests the token that creates a new Keycloak sesion.

In [35]:
from authlib.integrations.requests_client import OAuth2Session
client = OAuth2Session(client_id="admin-cli")
token = client.fetch_token(
    "http://localhost:8080/realms/master/protocol/openid-connect/token",
    username="admin",
    password="admin",
    grant_type="password",
)

The text code removes the session, emitating that session was accidentally dropped.

In [36]:
access_token = token["access_token"]
session_state = token["session_state"]

!curl -X DELETE  \
     -H "Authorization: Bearer $access_token" \
     "http://localhost:8080/admin/realms/master/sessions/$session_state"

Requesting a token refresh results in `OAuthError` with the relevant description.

In [39]:
try:
    client.fetch_token(
        "http://localhost:8080/realms/master/protocol/openid-connect/token",
        grant_type="refresh_token",
        refresh_token=token["refresh_token"]
    )
except Exception as e:
    print(type(e))
    print(e)

<class 'authlib.integrations.base_client.errors.OAuthError'>
invalid_grant: Session not active


### Requests integration

The `authlib` provides the `authlib.integrations.requests_client.OAuth2Session` class - the custom `requests.Session` to which the authentication logic is included.

---

The following cell shows the `mro` of `authlib.integrations.requests_client`.

In [172]:
from authlib.integrations.requests_client import OAuth2Session
OAuth2Session.__mro__

(authlib.integrations.requests_client.oauth2_session.OAuth2Session,
 authlib.oauth2.client.OAuth2Client,
 requests.sessions.Session,
 requests.sessions.SessionRedirectMixin,
 object)

The list of ancestors includes `requests.sessions.Session`.

This allows to use the `OAuth2Session` instance as a regular instance of `requests.sessions.Session` and not to care about the injecting the authentication information to the header.

The following code uses the `get` method of the `OAuth2Session`: 

In [173]:
client = OAuth2Session(client_id="admin-cli", leeway=30)
client.fetch_token(
    "http://localhost:8080/realms/master/protocol/openid-connect/token",
    username="admin",
    password="admin",
    grant_type="password",
)
response = client.get("http://localhost:8080/admin/realms/master/users/count")
response.status_code, response.text

(200, '1')