Great package; thanks! Is there a way to create an <code class="notr

Pass arbitrary httr2 request config to oauth requests about httr2 HOT 11 OPEN

steveputman commented on July 19, 2024

Pass arbitrary httr2 request config to oauth requests

from httr2.

Comments (11)

hadley commented on July 19, 2024 1

Leave it open, I think, and hopefully eventually I'll figure out a nice interface for this.

from httr2.

hadley commented on July 19, 2024

Do you have a pointer to the docs for the API?

from httr2.

steveputman commented on July 19, 2024

Probably not exactly what you're looking for but limiting myself to publicly available docs (and more informative than the actual docs)-- here's their page on access tokens, and here are their instructions for obtaining a token via Postman, which works fine, as does curl, as does passing sslcert and sslkey options to the request in httr2.

Thanks for looking!

from httr2.

hadley commented on July 19, 2024

Is this client credentials auth? In which req_oauth_client_credentials might do the trick for you.

from httr2.

steveputman commented on July 19, 2024

That does seem like the right path. Is there a way to pass the certificate and key that way? They're getting passed in the request itself (through req_options(sslcert = certfile, sslkey = keyfile), but in the simplest case, when I just try to obtain a token, I get a response that the cert wasn't passed (obviously token_params is not the answer).

library(httr2)

base_endpoint <- "https://api.adp.com"
certfile <- Sys.getenv("ADP_CERTFILE")
keyfile <- Sys.getenv("ADP_KEYFILE")

adp_client <- oauth_client(
  id = Sys.getenv("ADP_CLIENT_ID"),
  token_url = glue::glue("{base_endpoint}/auth/oauth/v2/token"),
  secret = Sys.getenv("ADP_CLIENT_SECRET"),
  auth = "body",
  name = "adpr"
)

token <- oauth_flow_client_credentials(adp_client, 
                                       token_params = (list(sslcert = certfile, 
                                                            sslkey = keyfile)))
#> Error in `oauth_flow_client_credentials()`:
#> ! OAuth failure [invalid_request]
#> • proper client ssl certificate was not presented
#> Backtrace:
#>     ▆
#>  1. └─httr2::oauth_flow_client_credentials(adp_client, token_params = (list(sslcert = certfile, sslkey = keyfile)))
#>  2.   └─httr2:::oauth_client_get_token(...)
#>  3.     └─httr2:::oauth_flow_fetch(req, "client$token_url", error_call = error_call)
#>  4.       └─httr2:::oauth_flow_parse(resp, source, error_call = error_call)
#>  5.         └─httr2:::oauth_flow_abort(...)
#>  6.           └─cli::cli_abort(...)
#>  7.             └─rlang::abort(...)

^{Created on 2024-03-12 with reprex v2.0.2}

from httr2.

hadley commented on July 19, 2024

Oh hmmmmm, there's no way to do that currently. I'll have to think about some way to extend the API so it is possible to add additional arbitrary request options to the OAuth request. Or possibly, if this is relatively rare, #435 is the way to go?

from httr2.

steveputman commented on July 19, 2024

Or I stay in httr2 and just use the workaround token function and refresh it myself on failure. But for what it's worth, this (admittedly, very targeted) approach seems to work:

oauth-flow-client-credentials.R -- add curl_opts arg to req_oauth_client_credentials and oauth_flow_client_credentials, which are passed to oauth_client_get_token:

req_oauth_client_credentials <- function(req,
                                         client,
                                         scope = NULL,
                                         token_params = list(),
					 curl_opts = list()) {

  params <- list(
    client = client,
    scope = scope,
    token_params = token_params,
    curl_opts = curl_opts
  )

  cache <- cache_mem(client, NULL)
  req_oauth(req, "oauth_flow_client_credentials", params, cache = cache)
}

#' @export
#' @rdname req_oauth_client_credentials
oauth_flow_client_credentials <- function(client,
                                          scope = NULL,
                                          token_params = list(),
					  curl_opts = list()) {
  oauth_flow_check("client credentials", client, is_confidential = TRUE)

  oauth_client_get_token(client,
    grant_type = "client_credentials",
    scope = scope,
    curl_opts = curl_opts,
    !!!token_params
  )
}

oauth-client.R -- add a req_options call to oauth_client_get_token and pass curl_opts

oauth_client_get_token <- function(client,
                                   grant_type,
				   curl_opts,
                                   ...,
                                   error_call = caller_env()) {
  req <- request(client$token_url)
  req <- req_body_form(req, grant_type = grant_type, ...)
  req <- oauth_client_req_auth(req, client)
  req <- req_headers(req, Accept = "application/json")
  req <- req_options(req, !!!curl_opts)

  resp <- oauth_flow_fetch(req, "client$token_url", error_call = error_call)
  exec(oauth_token, !!!resp)
}

Result

library(httr2)

base_endpoint <- "https://api.adp.com"
certfile <- Sys.getenv("ADP_CERTFILE")
keyfile <- Sys.getenv("ADP_KEYFILE")

adp_client <- oauth_client(
  id = Sys.getenv("ADP_CLIENT_ID"),
  token_url = glue::glue("{base_endpoint}/auth/oauth/v2/token"),
  secret = Sys.getenv("ADP_CLIENT_SECRET"),
  auth = "body",
  name = "adpr"
)

oauth_flow_client_credentials(adp_client, 
                              curl_opts = (list(sslcert = certfile, 
                                                sslkey = keyfile)))
#> <httr2_token>
#> token_type: Bearer
#> access_token: <REDACTED>
#> expires_at: 2024-03-12 16:53:59
#> scope: api

req <- httr2::request(glue::glue("{base_endpoint}/hr/v2/worker-demographics")) |> 
                        req_options(sslcert = certfile, sslkey = keyfile)

req_auth <- req_oauth_client_credentials(req, adp_client, curl_opts = (list(sslcert = certfile, 
                                                            sslkey = keyfile)))

req_perform(req_auth)
#> <httr2_response>
#> GET https://api.adp.com/hr/v2/worker-demographics
#> Status: 200 OK
#> Content-Type: application/json
#> Body: In memory (447831 bytes)

^{Created on 2024-03-12 with reprex v2.0.2}

from httr2.

hadley commented on July 19, 2024

Yeah, that's a totally reasonable work around, but I'd prefer something more general for httr2 itself.

from httr2.

steveputman commented on July 19, 2024

That makes sense: general as in all the oauth_ functions or general along the lines of the global configuration discussed in #435 (which, in my particular call, would allow me to avoid adding req_options to every single request)?

from httr2.

hadley commented on July 19, 2024

General, as in applied to all oauth_ functions. In general, you'll only want to use #435 for very specific purposes (e.g. a proxy) since it will effect all requests, even those done in different packages. Generally, you should be reducing duplication by creating a function that generates a "template" request with all the common parameters that you then modify for specific purposes.

from httr2.

steveputman commented on July 19, 2024

Got it; appreciate all the guidance. Shall I close the issue, or do you want me to retitle it as a feature request to pass arbitrary request options to oauth functions and leave it open?

from httr2.

Pass arbitrary httr2 request config to oauth requests about httr2 HOT 11 OPEN

Comments (11)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent