feat: support OAuth2 via HTTP client middleware instead of subclass (#252)

* feat: support OAuth2 via HTTP client middleware instead of subclass

* docs: update CHANGELOG.md

Author: StijnCaerts

CHANGELOG.md

@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
+### Changed
+
+- Handle OAuth2 support via middleware of the HTTP client instead of a subclass ([252](https://github.com/stac-utils/stac-asset/pull/252))
+
 ## [0.4.6] - 2024-11-05
 
 ### Added

pyproject.toml

@@ -19,11 +19,11 @@ requires-python = ">=3.10"
 dependencies = [
     "aiofiles>=23.1.0",
     "aiobotocore>=2.5.0",
-    "aiohttp>=3.8.4",
+    "aiohttp~=3.12",
     "pystac>=1.8.4",
     "python-dateutil>=2.7.0",
     "yarl>=1.9.2",
-    "aiohttp-oauth2-client>=1.0.2",
+    "aiohttp-oauth2-client~=2.0",
     "aiohttp-retry>=2.8.3",
 ]
 
@@ -77,7 +77,6 @@ ignore_missing_imports = true
 
 [tool.pytest.ini_options]
 filterwarnings = [
-    "ignore:inheritance class OAuth2Client from ClientSession is discouraged:DeprecationWarning", # https://github.com/VITObelgium/aiohttp-oauth2-client/issues/1
     "ignore:datetime.datetime.utcnow.*:DeprecationWarning:botocore",                              # https://github.com/boto/boto3/issues/3889
 ]
 asyncio_default_fixture_loop_scope = "function"

src/stac_asset/http_client.py

@@ -6,7 +6,7 @@
 from typing import TypeVar
 
 from aiohttp import ClientError, ClientSession, ClientTimeout
-from aiohttp_oauth2_client.client import OAuth2Client
+from aiohttp_oauth2_client.middleware import OAuth2Middleware
 from aiohttp_oauth2_client.models.grant import GrantType
 from aiohttp_retry import JitterRetry, RetryClient
 from aiohttp_retry.types import ClientType
@@ -64,6 +64,7 @@ async def from_config(cls: type[T], config: Config) -> T:
         """  # noqa: E501
         # TODO add basic auth
         timeout = ClientTimeout(total=config.http_client_timeout)
+        middlewares = []
         if config.oauth2_grant is not None:
             if GrantType.DEVICE_CODE.endswith(config.oauth2_grant):
                 from aiohttp_oauth2_client.grant.device_code import DeviceCodeGrant
@@ -112,15 +113,16 @@ async def from_config(cls: type[T], config: Config) -> T:
                 )
             else:
                 raise ValueError("Unknown grant type")
-            session = OAuth2Client(grant, timeout=timeout, headers=config.http_headers)
-        else:
-            session = ClientSession(timeout=timeout, headers=config.http_headers)
-            session = RetryClient(
-                client_session=session,
-                retry_options=JitterRetry(
-                    attempts=config.http_max_attempts, exceptions={ClientError}
-                ),
-            )
+            middlewares.append(OAuth2Middleware(grant))
+        session = ClientSession(
+            timeout=timeout, headers=config.http_headers, middlewares=middlewares
+        )
+        session = RetryClient(
+            client_session=session,
+            retry_options=JitterRetry(
+                attempts=config.http_max_attempts, exceptions={ClientError}
+            ),
+        )
         return cls(session, config.http_assert_content_type)
 
     def __init__(

tests/test_http_client.py

@@ -1,11 +1,11 @@
 import pytest
-from aiohttp_oauth2_client.client import OAuth2Client
 from aiohttp_oauth2_client.grant.authorization_code import AuthorizationCodeGrant
 from aiohttp_oauth2_client.grant.client_credentials import ClientCredentialsGrant
 from aiohttp_oauth2_client.grant.device_code import DeviceCodeGrant
 from aiohttp_oauth2_client.grant.resource_owner_password_credentials import (
     ResourceOwnerPasswordCredentialsGrant,
 )
+from aiohttp_oauth2_client.middleware import OAuth2Middleware
 
 from stac_asset import Config, HttpClient
 
@@ -33,8 +33,9 @@ async def test_oauth2_device_code_config() -> None:
         oauth2_client_id="public",
     )
     async with await HttpClient.from_config(config) as client:
-        assert isinstance(client.session, OAuth2Client)
-        assert isinstance(client.session.grant, DeviceCodeGrant)
+        middlewares = client.session._client._middlewares
+        assert isinstance(middlewares[0], OAuth2Middleware)
+        assert isinstance(middlewares[0].grant, DeviceCodeGrant)
 
 
 async def test_oauth2_authorization_code_config() -> None:
@@ -46,8 +47,9 @@ async def test_oauth2_authorization_code_config() -> None:
         oauth2_pkce=False,
     )
     async with await HttpClient.from_config(config) as client:
-        assert isinstance(client.session, OAuth2Client)
-        assert isinstance(client.session.grant, AuthorizationCodeGrant)
+        middlewares = client.session._client._middlewares
+        assert isinstance(middlewares[0], OAuth2Middleware)
+        assert isinstance(middlewares[0].grant, AuthorizationCodeGrant)
 
 
 async def test_oauth2_password_config() -> None:
@@ -59,8 +61,9 @@ async def test_oauth2_password_config() -> None:
         oauth2_password="secret",
     )
     async with await HttpClient.from_config(config) as client:
-        assert isinstance(client.session, OAuth2Client)
-        assert isinstance(client.session.grant, ResourceOwnerPasswordCredentialsGrant)
+        middlewares = client.session._client._middlewares
+        assert isinstance(middlewares[0], OAuth2Middleware)
+        assert isinstance(middlewares[0].grant, ResourceOwnerPasswordCredentialsGrant)
 
 
 async def test_oauth2_client_credentials_config() -> None:
@@ -71,5 +74,6 @@ async def test_oauth2_client_credentials_config() -> None:
         oauth2_client_secret="secret",
     )
     async with await HttpClient.from_config(config) as client:
-        assert isinstance(client.session, OAuth2Client)
-        assert isinstance(client.session.grant, ClientCredentialsGrant)
+        middlewares = client.session._client._middlewares
+        assert isinstance(middlewares[0], OAuth2Middleware)
+        assert isinstance(middlewares[0].grant, ClientCredentialsGrant)