summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCoprDistGit <infra@openeuler.org>2023-04-12 00:04:33 +0000
committerCoprDistGit <infra@openeuler.org>2023-04-12 00:04:33 +0000
commitf9de26fddc708494e31d69ad154aaa41478de232 (patch)
treef43a086f5861e6fd1f7e5b6f1afa8e4c3a5caa9f
parenteb720edda265a6e944f354dddf46bc5c94b3cffa (diff)
automatic import of python-requests-auth
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--python-requests-auth.spec2425
-rw-r--r--sources1
3 files changed, 2427 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index e69de29..40928d3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/requests_auth-6.0.0.tar.gz
diff --git a/python-requests-auth.spec b/python-requests-auth.spec
new file mode 100644
index 0000000..6aad049
--- /dev/null
+++ b/python-requests-auth.spec
@@ -0,0 +1,2425 @@
+%global _empty_manifest_terminate_build 0
+Name: python-requests-auth
+Version: 6.0.0
+Release: 1
+Summary: Authentication for Requests
+License: MIT
+URL: https://colin-b.github.io/requests_auth/
+Source0: https://mirrors.nju.edu.cn/pypi/web/packages/84/b0/86715e999d9893a4874d0db1beacd264ba994d48c22efa22caef6f666a5a/requests_auth-6.0.0.tar.gz
+BuildArch: noarch
+
+Requires: python3-requests
+Requires: python3-pyjwt
+Requires: python3-pytest-responses
+Requires: python3-pytest-cov
+
+%description
+<h2 align="center">Authentication for Requests</h2>
+
+<p align="center">
+<a href="https://pypi.org/project/requests-auth/"><img alt="pypi version" src="https://img.shields.io/pypi/v/requests_auth"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Build status" src="https://github.com/Colin-b/requests_auth/workflows/Release/badge.svg"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Coverage" src="https://img.shields.io/badge/coverage-100%25-brightgreen"></a>
+<a href="https://github.com/psf/black"><img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Number of tests" src="https://img.shields.io/badge/tests-275 passed-blue"></a>
+<a href="https://pypi.org/project/requests-auth/"><img alt="Number of downloads" src="https://img.shields.io/pypi/dm/requests_auth"></a>
+</p>
+
+Provides authentication classes to be used with [`requests`][1] [authentication parameter][2].
+
+<p align="center">
+ <a href="https://oauth.net/2/"><img alt="OAuth2" src="https://oauth.net/images/oauth-2-sm.png"></a>
+ <a href="https://www.okta.com"><img alt="Okta" src="https://www.okta.com/sites/all/themes/Okta/images/logos/developer/Dev_Logo-03_Large.png" height="120"></a>
+ <a href="https://azure.microsoft.com/en-us/services/active-directory/"><img alt="Azure Active Directory (AD)" src="https://azurecomcdn.azureedge.net/cvt-cda59ccd0aa5ced6ff5a2052417cf596b92980921e88e667127eaca2232a31ab/images/shared/services/pricing-glyph-lock.svg" height="120"></a>
+</p>
+<p align="center">Some of the supported authentication</p>
+
+## Available authentication
+
+- [OAuth2](#oauth-2)
+ - [Authorization Code Flow](#authorization-code-flow)
+ - [Okta](#okta-oauth2-authorization-code)
+ - [Authorization Code Flow with PKCE](#authorization-code-flow-with-proof-key-for-code-exchange)
+ - [Okta](#okta-oauth2-proof-key-for-code-exchange)
+ - [Resource Owner Password Credentials flow](#resource-owner-password-credentials-flow)
+ - [Client Credentials Flow](#client-credentials-flow)
+ - [Okta](#okta-oauth2-client-credentials)
+ - [Implicit Flow](#implicit-flow)
+ - [Azure AD (Access Token)](#microsoft---azure-active-directory-oauth2-access-token)
+ - [Azure AD (ID token)](#microsoft---azure-active-directory-openid-connect-id-token)
+ - [Okta (Access Token)](#okta-oauth2-implicit-access-token)
+ - [Okta (ID token)](#okta-openid-connect-implicit-id-token)
+ - [Managing token cache](#managing-token-cache)
+- API key
+ - [In header](#api-key-in-header)
+ - [In query](#api-key-in-query)
+- [Basic](#basic)
+- [NTLM (Windows)](#ntlm)
+- [Multiple authentication at once](#multiple-authentication-at-once)
+- [Endorsements](#endorsements)
+
+## OAuth 2
+
+Most of [OAuth2](https://oauth.net/2/) flows are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+### Authorization Code flow
+
+Authorization Code Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.1).
+
+Use `requests_auth.OAuth2AuthorizationCode` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2AuthorizationCode
+
+requests.get('https://www.example.com', auth=OAuth2AuthorizationCode('https://www.authorization.url', 'https://www.token.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 code will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a code or a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a code is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received code is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `username` | User name in case basic authentication should be used to retrieve token. | Optional | |
+| `password` | User password in case basic authentication should be used to retrieve token. | Optional | |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Authorization Code Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Authorization Code)
+
+[Okta Authorization Code Grant](https://developer.okta.com/docs/guides/implement-auth-code/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaAuthorizationCode` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaAuthorizationCode
+
+
+okta = OktaAuthorizationCode(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+### Authorization Code Flow with Proof Key for Code Exchange
+
+Proof Key for Code Exchange is implemented following [rfc7636](https://tools.ietf.org/html/rfc7636).
+
+Use `requests_auth.OAuth2AuthorizationCodePKCE` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2AuthorizationCodePKCE
+
+requests.get('https://www.example.com', auth=OAuth2AuthorizationCodePKCE('https://www.authorization.url', 'https://www.token.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 code will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a code or a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a code is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received code is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Proof Key for Code Exchange providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Proof Key for Code Exchange)
+
+[Okta Proof Key for Code Exchange](https://developer.okta.com/docs/guides/implement-auth-code-pkce/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaAuthorizationCodePKCE` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaAuthorizationCodePKCE
+
+
+okta = OktaAuthorizationCodePKCE(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+### Resource Owner Password Credentials flow
+
+Resource Owner Password Credentials Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.3).
+
+Use `requests_auth.OAuth2ResourceOwnerPasswordCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2ResourceOwnerPasswordCredentials
+
+requests.get('https://www.example.com', auth=OAuth2ResourceOwnerPasswordCredentials('https://www.token.url', 'user name', 'user password'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `username` | Resource owner user name. | Mandatory | |
+| `password` | Resource owner password. | Mandatory | |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent to token URL as body. Can also be a list of scopes. | Optional | |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as body parameter in the token URL.
+
+### Client Credentials flow
+
+Client Credentials Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.4).
+
+Use `requests_auth.OAuth2ClientCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2ClientCredentials
+
+requests.get('https://www.example.com', auth=OAuth2ClientCredentials('https://www.token.url', client_id='id', client_secret='secret'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `client_id` | Resource owner user name. | Mandatory | |
+| `client_secret` | Resource owner password. | Mandatory | |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent to token URL as body. Can also be a list of scopes. | Optional | |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as body parameter in the token URL.
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Client Credentials Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Client Credentials)
+
+[Okta Client Credentials Grant](https://developer.okta.com/docs/guides/implement-client-creds/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaClientCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaClientCredentials
+
+
+okta = OktaClientCredentials(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_secret="secret")
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-----------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_secret` | Resource owner password. | Mandatory | |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the token URL.
+
+### Implicit flow
+
+Implicit Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.2).
+
+Use `requests_auth.OAuth2Implicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2Implicit
+
+requests.get('https://www.example.com', auth=OAuth2Implicit('https://www.authorization.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:--------------------------------------------------------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | id_token if response_type is id_token, otherwise access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Implicit Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Microsoft - Azure Active Directory (OAuth2 Access Token)
+
+[Microsoft identity platform access tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens) are supported.
+
+Use `requests_auth.AzureActiveDirectoryImplicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import AzureActiveDirectoryImplicit
+
+
+aad = AzureActiveDirectoryImplicit(tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=aad)
+```
+
+You can retrieve Microsoft Azure Active Directory application information thanks to the [application list on Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/).
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `tenant_id` | Microsoft Tenant Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_id` | Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details | Optional | Newly generated Universal Unique Identifier. |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Microsoft - Azure Active Directory (OpenID Connect ID token)
+
+[Microsoft identity platform ID tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens) are supported.
+
+Use `requests_auth.AzureActiveDirectoryImplicitIdToken` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import AzureActiveDirectoryImplicitIdToken
+
+
+aad = AzureActiveDirectoryImplicitIdToken(tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=aad)
+```
+
+You can retrieve Microsoft Azure Active Directory application information thanks to the [application list on Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/).
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:---------------------------------------------|
+| `tenant_id` | Microsoft Tenant Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_id` | Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | id_token |
+| `token_field_name` | Field name containing the token. | Optional | id_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details | Optional | Newly generated Universal Unique Identifier. |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Okta (OAuth2 Implicit Access Token)
+
+[Okta Implicit Grant](https://developer.okta.com/docs/guides/implement-implicit/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaImplicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaImplicit
+
+
+okta = OktaImplicit(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | ['openid', 'profile', 'email'] |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Okta (OpenID Connect Implicit ID token)
+
+[Okta Implicit Grant](https://developer.okta.com/docs/guides/implement-implicit/overview/) providing ID tokens is supported.
+
+Use `requests_auth.OktaImplicitIdToken` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaImplicitIdToken
+
+
+okta = OktaImplicitIdToken(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | id_token |
+| `token_field_name` | Field name containing the token. | Optional | id_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | ['openid', 'profile', 'email'] |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+### Managing token cache
+
+To avoid asking for a new token every new request, a token cache is used.
+
+Default cache is in memory but it is also possible to use a physical cache.
+
+You need to provide the location of your token cache file. It can be a full or relative path.
+
+If the file already exists it will be used, if the file do not exists it will be created.
+
+```python
+from requests_auth import OAuth2, JsonTokenFileCache
+
+OAuth2.token_cache = JsonTokenFileCache('path/to/my_token_cache.json')
+```
+
+## API key in header
+
+You can send an API key inside the header of your request using `requests_auth.HeaderApiKey`.
+
+```python
+import requests
+from requests_auth import HeaderApiKey
+
+requests.get('https://www.example.com', auth=HeaderApiKey('my_api_key'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `api_key` | The API key that will be sent. | Mandatory | |
+| `header_name` | Name of the header field. | Optional | "X-API-Key" |
+
+## API key in query
+
+You can send an API key inside the query parameters of your request using `requests_auth.QueryApiKey`.
+
+```python
+import requests
+from requests_auth import QueryApiKey
+
+requests.get('https://www.example.com', auth=QueryApiKey('my_api_key'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `api_key` | The API key that will be sent. | Mandatory | |
+| `query_parameter_name` | Name of the query parameter. | Optional | "api_key" |
+
+## Basic
+
+You can use basic authentication using `requests_auth.Basic`.
+
+The only advantage of using this class instead of `requests` native support of basic authentication, is to be able to use it in [multiple authentication](#multiple-authentication-at-once).
+
+```python
+import requests
+from requests_auth import Basic
+
+requests.get('https://www.example.com', auth=Basic('username', 'password'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `username` | User name. | Mandatory | |
+| `password` | User password. | Mandatory | |
+
+## NTLM
+
+Requires [`requests-negotiate-sspi` module][4] or [`requests_ntlm` module][5] depending on provided parameters.
+
+You can use Windows authentication using `requests_auth.NTLM`.
+
+```python
+import requests
+from requests_auth import NTLM
+
+requests.get('https://www.example.com', auth=NTLM())
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `username` | User name. | Mandatory if `requests_negotiate_sspi` module is not installed. In such a case `requests_ntlm` module is mandatory. | |
+| `password` | User password. | Mandatory if `requests_negotiate_sspi` module is not installed. In such a case `requests_ntlm` module is mandatory. | |
+
+## Multiple authentication at once
+
+You can also use a combination of authentication using `+` or `&` as in the following sample:
+
+```python
+import requests
+from requests_auth import HeaderApiKey, OAuth2Implicit
+
+api_key = HeaderApiKey('my_api_key')
+oauth2 = OAuth2Implicit('https://www.example.com')
+requests.get('https://www.example.com', auth=api_key + oauth2)
+```
+
+## Available pytest fixtures
+
+Testing the code using `requests_auth` authentication classes can be achieved using provided [`pytest`][6] fixtures.
+
+### token_cache_mock
+
+```python
+from requests_auth.testing import token_cache_mock, token_mock
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+Use this fixture to mock authentication success for any of the following classes:
+ * OAuth2AuthorizationCodePKCE
+ * OktaAuthorizationCodePKCE
+ * OAuth2Implicit
+ * OktaImplicit
+ * OktaImplicitIdToken
+ * AzureActiveDirectoryImplicit
+ * AzureActiveDirectoryImplicitIdToken
+ * OAuth2AuthorizationCode
+ * OktaAuthorizationCode
+ * OAuth2ClientCredentials
+ * OktaClientCredentials
+ * OAuth2ResourceOwnerPasswordCredentials,
+
+By default, an access token with value `2YotnFZFEjr1zCsicMWpAA` is generated.
+
+You can however return your custom token by providing your own `token_mock` fixture as in the following sample:
+
+```python
+import pytest
+
+from requests_auth.testing import token_cache_mock
+
+
+@pytest.fixture
+def token_mock() -> str:
+ return "MyCustomTokenValue"
+
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+You can even return a more complex token by using the `create_token` function.
+
+Note that [`pyjwt`](https://pypi.org/project/PyJWT/) is a required dependency in this case as it is used to generate the token returned by the authentication.
+
+```python
+import pytest
+
+from requests_auth.testing import token_cache_mock, create_token
+
+
+@pytest.fixture
+def token_mock() -> str:
+ expiry = None # TODO Compute your expiry
+ return create_token(expiry)
+
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+### Advanced testing
+
+#### token_cache
+
+This [`pytest`][6] fixture will return the token cache and ensure it is reset at the end of the test case.
+
+```python
+from requests_auth.testing import token_cache
+
+def test_something(token_cache):
+ # perform code using authentication
+ pass
+```
+
+#### browser_mock
+
+This [`pytest`][6] fixture will allow to mock the behavior of a web browser.
+
+With this [`pytest`][6] fixture you will be allowed to fine tune your authentication related failures handling.
+
+[`pyjwt`](https://pypi.org/project/PyJWT/) is a required dependency if you use `create_token` helper function.
+
+```python
+import datetime
+
+from requests_auth.testing import browser_mock, BrowserMock, create_token
+
+def test_something(browser_mock: BrowserMock):
+ token_expiry = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
+ token = create_token(token_expiry)
+ tab = browser_mock.add_response(
+ opened_url="http://url_opened_by_browser?state=1234",
+ reply_url=f"http://localhost:5000#access_token={token}&state=1234",
+ )
+
+ # perform code using authentication
+
+ tab.assert_success(
+ "You are now authenticated on 1234 You may close this tab."
+ )
+```
+
+## Endorsements
+
+> I love requests_auth. As a ~15 year pythonista, this library makes working with OAuth services a breeze. <333
+
+**Randall Degges**, Head of Evangelism, [Okta](https://developer.okta.com)
+
+[1]: https://pypi.python.org/pypi/requests "requests module"
+[2]: https://2.python-requests.org/en/master/user/authentication/ "authentication parameter on requests module"
+[3]: https://openid.net/specs/openid-connect-core-1_0.html#IDToken "OpenID ID Token specifications"
+[4]: https://pypi.python.org/pypi/requests-negotiate-sspi "requests-negotiate-sspi module"
+[5]: https://pypi.python.org/pypi/requests_ntlm "requests_ntlm module"
+[6]: https://docs.pytest.org/en/latest/ "pytest module"
+
+
+
+%package -n python3-requests-auth
+Summary: Authentication for Requests
+Provides: python-requests-auth
+BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-pip
+%description -n python3-requests-auth
+<h2 align="center">Authentication for Requests</h2>
+
+<p align="center">
+<a href="https://pypi.org/project/requests-auth/"><img alt="pypi version" src="https://img.shields.io/pypi/v/requests_auth"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Build status" src="https://github.com/Colin-b/requests_auth/workflows/Release/badge.svg"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Coverage" src="https://img.shields.io/badge/coverage-100%25-brightgreen"></a>
+<a href="https://github.com/psf/black"><img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Number of tests" src="https://img.shields.io/badge/tests-275 passed-blue"></a>
+<a href="https://pypi.org/project/requests-auth/"><img alt="Number of downloads" src="https://img.shields.io/pypi/dm/requests_auth"></a>
+</p>
+
+Provides authentication classes to be used with [`requests`][1] [authentication parameter][2].
+
+<p align="center">
+ <a href="https://oauth.net/2/"><img alt="OAuth2" src="https://oauth.net/images/oauth-2-sm.png"></a>
+ <a href="https://www.okta.com"><img alt="Okta" src="https://www.okta.com/sites/all/themes/Okta/images/logos/developer/Dev_Logo-03_Large.png" height="120"></a>
+ <a href="https://azure.microsoft.com/en-us/services/active-directory/"><img alt="Azure Active Directory (AD)" src="https://azurecomcdn.azureedge.net/cvt-cda59ccd0aa5ced6ff5a2052417cf596b92980921e88e667127eaca2232a31ab/images/shared/services/pricing-glyph-lock.svg" height="120"></a>
+</p>
+<p align="center">Some of the supported authentication</p>
+
+## Available authentication
+
+- [OAuth2](#oauth-2)
+ - [Authorization Code Flow](#authorization-code-flow)
+ - [Okta](#okta-oauth2-authorization-code)
+ - [Authorization Code Flow with PKCE](#authorization-code-flow-with-proof-key-for-code-exchange)
+ - [Okta](#okta-oauth2-proof-key-for-code-exchange)
+ - [Resource Owner Password Credentials flow](#resource-owner-password-credentials-flow)
+ - [Client Credentials Flow](#client-credentials-flow)
+ - [Okta](#okta-oauth2-client-credentials)
+ - [Implicit Flow](#implicit-flow)
+ - [Azure AD (Access Token)](#microsoft---azure-active-directory-oauth2-access-token)
+ - [Azure AD (ID token)](#microsoft---azure-active-directory-openid-connect-id-token)
+ - [Okta (Access Token)](#okta-oauth2-implicit-access-token)
+ - [Okta (ID token)](#okta-openid-connect-implicit-id-token)
+ - [Managing token cache](#managing-token-cache)
+- API key
+ - [In header](#api-key-in-header)
+ - [In query](#api-key-in-query)
+- [Basic](#basic)
+- [NTLM (Windows)](#ntlm)
+- [Multiple authentication at once](#multiple-authentication-at-once)
+- [Endorsements](#endorsements)
+
+## OAuth 2
+
+Most of [OAuth2](https://oauth.net/2/) flows are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+### Authorization Code flow
+
+Authorization Code Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.1).
+
+Use `requests_auth.OAuth2AuthorizationCode` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2AuthorizationCode
+
+requests.get('https://www.example.com', auth=OAuth2AuthorizationCode('https://www.authorization.url', 'https://www.token.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 code will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a code or a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a code is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received code is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `username` | User name in case basic authentication should be used to retrieve token. | Optional | |
+| `password` | User password in case basic authentication should be used to retrieve token. | Optional | |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Authorization Code Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Authorization Code)
+
+[Okta Authorization Code Grant](https://developer.okta.com/docs/guides/implement-auth-code/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaAuthorizationCode` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaAuthorizationCode
+
+
+okta = OktaAuthorizationCode(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+### Authorization Code Flow with Proof Key for Code Exchange
+
+Proof Key for Code Exchange is implemented following [rfc7636](https://tools.ietf.org/html/rfc7636).
+
+Use `requests_auth.OAuth2AuthorizationCodePKCE` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2AuthorizationCodePKCE
+
+requests.get('https://www.example.com', auth=OAuth2AuthorizationCodePKCE('https://www.authorization.url', 'https://www.token.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 code will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a code or a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a code is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received code is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Proof Key for Code Exchange providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Proof Key for Code Exchange)
+
+[Okta Proof Key for Code Exchange](https://developer.okta.com/docs/guides/implement-auth-code-pkce/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaAuthorizationCodePKCE` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaAuthorizationCodePKCE
+
+
+okta = OktaAuthorizationCodePKCE(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+### Resource Owner Password Credentials flow
+
+Resource Owner Password Credentials Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.3).
+
+Use `requests_auth.OAuth2ResourceOwnerPasswordCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2ResourceOwnerPasswordCredentials
+
+requests.get('https://www.example.com', auth=OAuth2ResourceOwnerPasswordCredentials('https://www.token.url', 'user name', 'user password'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `username` | Resource owner user name. | Mandatory | |
+| `password` | Resource owner password. | Mandatory | |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent to token URL as body. Can also be a list of scopes. | Optional | |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as body parameter in the token URL.
+
+### Client Credentials flow
+
+Client Credentials Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.4).
+
+Use `requests_auth.OAuth2ClientCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2ClientCredentials
+
+requests.get('https://www.example.com', auth=OAuth2ClientCredentials('https://www.token.url', client_id='id', client_secret='secret'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `client_id` | Resource owner user name. | Mandatory | |
+| `client_secret` | Resource owner password. | Mandatory | |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent to token URL as body. Can also be a list of scopes. | Optional | |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as body parameter in the token URL.
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Client Credentials Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Client Credentials)
+
+[Okta Client Credentials Grant](https://developer.okta.com/docs/guides/implement-client-creds/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaClientCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaClientCredentials
+
+
+okta = OktaClientCredentials(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_secret="secret")
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-----------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_secret` | Resource owner password. | Mandatory | |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the token URL.
+
+### Implicit flow
+
+Implicit Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.2).
+
+Use `requests_auth.OAuth2Implicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2Implicit
+
+requests.get('https://www.example.com', auth=OAuth2Implicit('https://www.authorization.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:--------------------------------------------------------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | id_token if response_type is id_token, otherwise access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Implicit Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Microsoft - Azure Active Directory (OAuth2 Access Token)
+
+[Microsoft identity platform access tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens) are supported.
+
+Use `requests_auth.AzureActiveDirectoryImplicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import AzureActiveDirectoryImplicit
+
+
+aad = AzureActiveDirectoryImplicit(tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=aad)
+```
+
+You can retrieve Microsoft Azure Active Directory application information thanks to the [application list on Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/).
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `tenant_id` | Microsoft Tenant Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_id` | Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details | Optional | Newly generated Universal Unique Identifier. |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Microsoft - Azure Active Directory (OpenID Connect ID token)
+
+[Microsoft identity platform ID tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens) are supported.
+
+Use `requests_auth.AzureActiveDirectoryImplicitIdToken` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import AzureActiveDirectoryImplicitIdToken
+
+
+aad = AzureActiveDirectoryImplicitIdToken(tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=aad)
+```
+
+You can retrieve Microsoft Azure Active Directory application information thanks to the [application list on Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/).
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:---------------------------------------------|
+| `tenant_id` | Microsoft Tenant Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_id` | Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | id_token |
+| `token_field_name` | Field name containing the token. | Optional | id_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details | Optional | Newly generated Universal Unique Identifier. |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Okta (OAuth2 Implicit Access Token)
+
+[Okta Implicit Grant](https://developer.okta.com/docs/guides/implement-implicit/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaImplicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaImplicit
+
+
+okta = OktaImplicit(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | ['openid', 'profile', 'email'] |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Okta (OpenID Connect Implicit ID token)
+
+[Okta Implicit Grant](https://developer.okta.com/docs/guides/implement-implicit/overview/) providing ID tokens is supported.
+
+Use `requests_auth.OktaImplicitIdToken` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaImplicitIdToken
+
+
+okta = OktaImplicitIdToken(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | id_token |
+| `token_field_name` | Field name containing the token. | Optional | id_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | ['openid', 'profile', 'email'] |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+### Managing token cache
+
+To avoid asking for a new token every new request, a token cache is used.
+
+Default cache is in memory but it is also possible to use a physical cache.
+
+You need to provide the location of your token cache file. It can be a full or relative path.
+
+If the file already exists it will be used, if the file do not exists it will be created.
+
+```python
+from requests_auth import OAuth2, JsonTokenFileCache
+
+OAuth2.token_cache = JsonTokenFileCache('path/to/my_token_cache.json')
+```
+
+## API key in header
+
+You can send an API key inside the header of your request using `requests_auth.HeaderApiKey`.
+
+```python
+import requests
+from requests_auth import HeaderApiKey
+
+requests.get('https://www.example.com', auth=HeaderApiKey('my_api_key'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `api_key` | The API key that will be sent. | Mandatory | |
+| `header_name` | Name of the header field. | Optional | "X-API-Key" |
+
+## API key in query
+
+You can send an API key inside the query parameters of your request using `requests_auth.QueryApiKey`.
+
+```python
+import requests
+from requests_auth import QueryApiKey
+
+requests.get('https://www.example.com', auth=QueryApiKey('my_api_key'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `api_key` | The API key that will be sent. | Mandatory | |
+| `query_parameter_name` | Name of the query parameter. | Optional | "api_key" |
+
+## Basic
+
+You can use basic authentication using `requests_auth.Basic`.
+
+The only advantage of using this class instead of `requests` native support of basic authentication, is to be able to use it in [multiple authentication](#multiple-authentication-at-once).
+
+```python
+import requests
+from requests_auth import Basic
+
+requests.get('https://www.example.com', auth=Basic('username', 'password'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `username` | User name. | Mandatory | |
+| `password` | User password. | Mandatory | |
+
+## NTLM
+
+Requires [`requests-negotiate-sspi` module][4] or [`requests_ntlm` module][5] depending on provided parameters.
+
+You can use Windows authentication using `requests_auth.NTLM`.
+
+```python
+import requests
+from requests_auth import NTLM
+
+requests.get('https://www.example.com', auth=NTLM())
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `username` | User name. | Mandatory if `requests_negotiate_sspi` module is not installed. In such a case `requests_ntlm` module is mandatory. | |
+| `password` | User password. | Mandatory if `requests_negotiate_sspi` module is not installed. In such a case `requests_ntlm` module is mandatory. | |
+
+## Multiple authentication at once
+
+You can also use a combination of authentication using `+` or `&` as in the following sample:
+
+```python
+import requests
+from requests_auth import HeaderApiKey, OAuth2Implicit
+
+api_key = HeaderApiKey('my_api_key')
+oauth2 = OAuth2Implicit('https://www.example.com')
+requests.get('https://www.example.com', auth=api_key + oauth2)
+```
+
+## Available pytest fixtures
+
+Testing the code using `requests_auth` authentication classes can be achieved using provided [`pytest`][6] fixtures.
+
+### token_cache_mock
+
+```python
+from requests_auth.testing import token_cache_mock, token_mock
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+Use this fixture to mock authentication success for any of the following classes:
+ * OAuth2AuthorizationCodePKCE
+ * OktaAuthorizationCodePKCE
+ * OAuth2Implicit
+ * OktaImplicit
+ * OktaImplicitIdToken
+ * AzureActiveDirectoryImplicit
+ * AzureActiveDirectoryImplicitIdToken
+ * OAuth2AuthorizationCode
+ * OktaAuthorizationCode
+ * OAuth2ClientCredentials
+ * OktaClientCredentials
+ * OAuth2ResourceOwnerPasswordCredentials,
+
+By default, an access token with value `2YotnFZFEjr1zCsicMWpAA` is generated.
+
+You can however return your custom token by providing your own `token_mock` fixture as in the following sample:
+
+```python
+import pytest
+
+from requests_auth.testing import token_cache_mock
+
+
+@pytest.fixture
+def token_mock() -> str:
+ return "MyCustomTokenValue"
+
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+You can even return a more complex token by using the `create_token` function.
+
+Note that [`pyjwt`](https://pypi.org/project/PyJWT/) is a required dependency in this case as it is used to generate the token returned by the authentication.
+
+```python
+import pytest
+
+from requests_auth.testing import token_cache_mock, create_token
+
+
+@pytest.fixture
+def token_mock() -> str:
+ expiry = None # TODO Compute your expiry
+ return create_token(expiry)
+
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+### Advanced testing
+
+#### token_cache
+
+This [`pytest`][6] fixture will return the token cache and ensure it is reset at the end of the test case.
+
+```python
+from requests_auth.testing import token_cache
+
+def test_something(token_cache):
+ # perform code using authentication
+ pass
+```
+
+#### browser_mock
+
+This [`pytest`][6] fixture will allow to mock the behavior of a web browser.
+
+With this [`pytest`][6] fixture you will be allowed to fine tune your authentication related failures handling.
+
+[`pyjwt`](https://pypi.org/project/PyJWT/) is a required dependency if you use `create_token` helper function.
+
+```python
+import datetime
+
+from requests_auth.testing import browser_mock, BrowserMock, create_token
+
+def test_something(browser_mock: BrowserMock):
+ token_expiry = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
+ token = create_token(token_expiry)
+ tab = browser_mock.add_response(
+ opened_url="http://url_opened_by_browser?state=1234",
+ reply_url=f"http://localhost:5000#access_token={token}&state=1234",
+ )
+
+ # perform code using authentication
+
+ tab.assert_success(
+ "You are now authenticated on 1234 You may close this tab."
+ )
+```
+
+## Endorsements
+
+> I love requests_auth. As a ~15 year pythonista, this library makes working with OAuth services a breeze. <333
+
+**Randall Degges**, Head of Evangelism, [Okta](https://developer.okta.com)
+
+[1]: https://pypi.python.org/pypi/requests "requests module"
+[2]: https://2.python-requests.org/en/master/user/authentication/ "authentication parameter on requests module"
+[3]: https://openid.net/specs/openid-connect-core-1_0.html#IDToken "OpenID ID Token specifications"
+[4]: https://pypi.python.org/pypi/requests-negotiate-sspi "requests-negotiate-sspi module"
+[5]: https://pypi.python.org/pypi/requests_ntlm "requests_ntlm module"
+[6]: https://docs.pytest.org/en/latest/ "pytest module"
+
+
+
+%package help
+Summary: Development documents and examples for requests-auth
+Provides: python3-requests-auth-doc
+%description help
+<h2 align="center">Authentication for Requests</h2>
+
+<p align="center">
+<a href="https://pypi.org/project/requests-auth/"><img alt="pypi version" src="https://img.shields.io/pypi/v/requests_auth"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Build status" src="https://github.com/Colin-b/requests_auth/workflows/Release/badge.svg"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Coverage" src="https://img.shields.io/badge/coverage-100%25-brightgreen"></a>
+<a href="https://github.com/psf/black"><img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"></a>
+<a href="https://github.com/Colin-b/requests_auth/actions"><img alt="Number of tests" src="https://img.shields.io/badge/tests-275 passed-blue"></a>
+<a href="https://pypi.org/project/requests-auth/"><img alt="Number of downloads" src="https://img.shields.io/pypi/dm/requests_auth"></a>
+</p>
+
+Provides authentication classes to be used with [`requests`][1] [authentication parameter][2].
+
+<p align="center">
+ <a href="https://oauth.net/2/"><img alt="OAuth2" src="https://oauth.net/images/oauth-2-sm.png"></a>
+ <a href="https://www.okta.com"><img alt="Okta" src="https://www.okta.com/sites/all/themes/Okta/images/logos/developer/Dev_Logo-03_Large.png" height="120"></a>
+ <a href="https://azure.microsoft.com/en-us/services/active-directory/"><img alt="Azure Active Directory (AD)" src="https://azurecomcdn.azureedge.net/cvt-cda59ccd0aa5ced6ff5a2052417cf596b92980921e88e667127eaca2232a31ab/images/shared/services/pricing-glyph-lock.svg" height="120"></a>
+</p>
+<p align="center">Some of the supported authentication</p>
+
+## Available authentication
+
+- [OAuth2](#oauth-2)
+ - [Authorization Code Flow](#authorization-code-flow)
+ - [Okta](#okta-oauth2-authorization-code)
+ - [Authorization Code Flow with PKCE](#authorization-code-flow-with-proof-key-for-code-exchange)
+ - [Okta](#okta-oauth2-proof-key-for-code-exchange)
+ - [Resource Owner Password Credentials flow](#resource-owner-password-credentials-flow)
+ - [Client Credentials Flow](#client-credentials-flow)
+ - [Okta](#okta-oauth2-client-credentials)
+ - [Implicit Flow](#implicit-flow)
+ - [Azure AD (Access Token)](#microsoft---azure-active-directory-oauth2-access-token)
+ - [Azure AD (ID token)](#microsoft---azure-active-directory-openid-connect-id-token)
+ - [Okta (Access Token)](#okta-oauth2-implicit-access-token)
+ - [Okta (ID token)](#okta-openid-connect-implicit-id-token)
+ - [Managing token cache](#managing-token-cache)
+- API key
+ - [In header](#api-key-in-header)
+ - [In query](#api-key-in-query)
+- [Basic](#basic)
+- [NTLM (Windows)](#ntlm)
+- [Multiple authentication at once](#multiple-authentication-at-once)
+- [Endorsements](#endorsements)
+
+## OAuth 2
+
+Most of [OAuth2](https://oauth.net/2/) flows are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+### Authorization Code flow
+
+Authorization Code Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.1).
+
+Use `requests_auth.OAuth2AuthorizationCode` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2AuthorizationCode
+
+requests.get('https://www.example.com', auth=OAuth2AuthorizationCode('https://www.authorization.url', 'https://www.token.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 code will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a code or a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a code is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received code is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `username` | User name in case basic authentication should be used to retrieve token. | Optional | |
+| `password` | User password in case basic authentication should be used to retrieve token. | Optional | |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Authorization Code Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Authorization Code)
+
+[Okta Authorization Code Grant](https://developer.okta.com/docs/guides/implement-auth-code/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaAuthorizationCode` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaAuthorizationCode
+
+
+okta = OktaAuthorizationCode(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+### Authorization Code Flow with Proof Key for Code Exchange
+
+Proof Key for Code Exchange is implemented following [rfc7636](https://tools.ietf.org/html/rfc7636).
+
+Use `requests_auth.OAuth2AuthorizationCodePKCE` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2AuthorizationCodePKCE
+
+requests.get('https://www.example.com', auth=OAuth2AuthorizationCodePKCE('https://www.authorization.url', 'https://www.token.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 code will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a code or a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a code is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received code is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Proof Key for Code Exchange providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Proof Key for Code Exchange)
+
+[Okta Proof Key for Code Exchange](https://developer.okta.com/docs/guides/implement-auth-code-pkce/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaAuthorizationCodePKCE` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaAuthorizationCodePKCE
+
+
+okta = OktaAuthorizationCodePKCE(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | code |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `code_field_name` | Field name containing the code. | Optional | code |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the authorization URL and as body parameters in the token URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_secret` | If client is not authenticated with the authorization server |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+
+### Resource Owner Password Credentials flow
+
+Resource Owner Password Credentials Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.3).
+
+Use `requests_auth.OAuth2ResourceOwnerPasswordCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2ResourceOwnerPasswordCredentials
+
+requests.get('https://www.example.com', auth=OAuth2ResourceOwnerPasswordCredentials('https://www.token.url', 'user name', 'user password'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `username` | Resource owner user name. | Mandatory | |
+| `password` | Resource owner password. | Mandatory | |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent to token URL as body. Can also be a list of scopes. | Optional | |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as body parameter in the token URL.
+
+### Client Credentials flow
+
+Client Credentials Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.4).
+
+Use `requests_auth.OAuth2ClientCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2ClientCredentials
+
+requests.get('https://www.example.com', auth=OAuth2ClientCredentials('https://www.token.url', client_id='id', client_secret='secret'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `token_url` | OAuth 2 token URL. | Mandatory | |
+| `client_id` | Resource owner user name. | Mandatory | |
+| `client_secret` | Resource owner password. | Mandatory | |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent to token URL as body. Can also be a list of scopes. | Optional | |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as body parameter in the token URL.
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Client Credentials Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Okta (OAuth2 Client Credentials)
+
+[Okta Client Credentials Grant](https://developer.okta.com/docs/guides/implement-client-creds/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaClientCredentials` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaClientCredentials
+
+
+okta = OktaClientCredentials(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_secret="secret")
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:-----------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_secret` | Resource owner password. | Mandatory | |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | openid |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `session` | `requests.Session` instance that will be used to request the token. Use it to provide a custom proxying rule for instance. | Optional | |
+
+Any other parameter will be put as query parameter in the token URL.
+
+### Implicit flow
+
+Implicit Grant is implemented following [rfc6749](https://tools.ietf.org/html/rfc6749#section-4.2).
+
+Use `requests_auth.OAuth2Implicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OAuth2Implicit
+
+requests.get('https://www.example.com', auth=OAuth2Implicit('https://www.authorization.url'))
+```
+
+#### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:--------------------------------------------------------------|
+| `authorization_url` | OAuth 2 authorization URL. | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | id_token if response_type is id_token, otherwise access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `client_id` | Corresponding to your Application ID (in Microsoft Azure app portal) |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details |
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+#### Common providers
+
+Most of [OAuth2](https://oauth.net/2/) Implicit Grant providers are supported.
+
+If the one you are looking for is not yet supported, feel free to [ask for its implementation](https://github.com/Colin-b/requests_auth/issues/new).
+
+##### Microsoft - Azure Active Directory (OAuth2 Access Token)
+
+[Microsoft identity platform access tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens) are supported.
+
+Use `requests_auth.AzureActiveDirectoryImplicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import AzureActiveDirectoryImplicit
+
+
+aad = AzureActiveDirectoryImplicit(tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=aad)
+```
+
+You can retrieve Microsoft Azure Active Directory application information thanks to the [application list on Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/).
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `tenant_id` | Microsoft Tenant Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_id` | Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details | Optional | Newly generated Universal Unique Identifier. |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Microsoft - Azure Active Directory (OpenID Connect ID token)
+
+[Microsoft identity platform ID tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens) are supported.
+
+Use `requests_auth.AzureActiveDirectoryImplicitIdToken` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import AzureActiveDirectoryImplicitIdToken
+
+
+aad = AzureActiveDirectoryImplicitIdToken(tenant_id='45239d18-c68c-4c47-8bdd-ce71ea1d50cd', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=aad)
+```
+
+You can retrieve Microsoft Azure Active Directory application information thanks to the [application list on Azure portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/).
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:---------------------------------------------|
+| `tenant_id` | Microsoft Tenant Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `client_id` | Microsoft Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | id_token |
+| `token_field_name` | Field name containing the token. | Optional | id_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details | Optional | Newly generated Universal Unique Identifier. |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Okta (OAuth2 Implicit Access Token)
+
+[Okta Implicit Grant](https://developer.okta.com/docs/guides/implement-implicit/overview/) providing access tokens is supported.
+
+Use `requests_auth.OktaImplicit` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaImplicit
+
+
+okta = OktaImplicit(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | token |
+| `token_field_name` | Field name containing the token. | Optional | access_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | ['openid', 'profile', 'email'] |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+##### Okta (OpenID Connect Implicit ID token)
+
+[Okta Implicit Grant](https://developer.okta.com/docs/guides/implement-implicit/overview/) providing ID tokens is supported.
+
+Use `requests_auth.OktaImplicitIdToken` to configure this kind of authentication.
+
+```python
+import requests
+from requests_auth import OktaImplicitIdToken
+
+
+okta = OktaImplicitIdToken(instance='testserver.okta-emea.com', client_id='54239d18-c68c-4c47-8bdd-ce71ea1d50cd')
+requests.get('https://www.example.com', auth=okta)
+```
+
+###### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:---------------------------------------------|
+| `instance` | Okta instance (like "testserver.okta-emea.com"). | Mandatory | |
+| `client_id` | Okta Application Identifier (formatted as an Universal Unique Identifier). | Mandatory | |
+| `response_type` | Value of the response_type query parameter if not already provided in authorization URL. | Optional | id_token |
+| `token_field_name` | Field name containing the token. | Optional | id_token |
+| `early_expiry` | Number of seconds before actual token expiry where token will be considered as expired. Used to ensure token will not expire between the time of retrieval and the time the request reaches the actual server. Set it to 0 to deactivate this feature and use the same token until actual expiry. | Optional | 30.0 |
+| `nonce` | Refer to [OpenID ID Token specifications][3] for more details. | Optional | Newly generated Universal Unique Identifier. |
+| `scope` | Scope parameter sent in query. Can also be a list of scopes. | Optional | ['openid', 'profile', 'email'] |
+| `authorization_server` | Okta authorization server. | Optional | 'default' |
+| `redirect_uri_endpoint` | Custom endpoint that will be used as redirect_uri the following way: http://localhost:<redirect_uri_port>/<redirect_uri_endpoint>. | Optional | '' |
+| `redirect_uri_port` | The port on which the server listening for the OAuth 2 token will be started. | Optional | 5000 |
+| `timeout` | Maximum amount of seconds to wait for a token to be received once requested. | Optional | 60 |
+| `success_display_time` | In case a token is successfully received, this is the maximum amount of milliseconds the success page will be displayed in your browser. | Optional | 1 |
+| `failure_display_time` | In case received token is not valid, this is the maximum amount of milliseconds the failure page will be displayed in your browser. | Optional | 5000 |
+| `header_name` | Name of the header field used to send token. | Optional | Authorization |
+| `header_value` | Format used to send the token value. "{token}" must be present as it will be replaced by the actual token. | Optional | Bearer {token} |
+
+Any other parameter will be put as query parameter in the authorization URL.
+
+Usual extra parameters are:
+
+| Name | Description |
+|:----------------|:---------------------------------------------------------------------|
+| `prompt` | none to avoid prompting the user if a session is already opened. |
+
+### Managing token cache
+
+To avoid asking for a new token every new request, a token cache is used.
+
+Default cache is in memory but it is also possible to use a physical cache.
+
+You need to provide the location of your token cache file. It can be a full or relative path.
+
+If the file already exists it will be used, if the file do not exists it will be created.
+
+```python
+from requests_auth import OAuth2, JsonTokenFileCache
+
+OAuth2.token_cache = JsonTokenFileCache('path/to/my_token_cache.json')
+```
+
+## API key in header
+
+You can send an API key inside the header of your request using `requests_auth.HeaderApiKey`.
+
+```python
+import requests
+from requests_auth import HeaderApiKey
+
+requests.get('https://www.example.com', auth=HeaderApiKey('my_api_key'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `api_key` | The API key that will be sent. | Mandatory | |
+| `header_name` | Name of the header field. | Optional | "X-API-Key" |
+
+## API key in query
+
+You can send an API key inside the query parameters of your request using `requests_auth.QueryApiKey`.
+
+```python
+import requests
+from requests_auth import QueryApiKey
+
+requests.get('https://www.example.com', auth=QueryApiKey('my_api_key'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `api_key` | The API key that will be sent. | Mandatory | |
+| `query_parameter_name` | Name of the query parameter. | Optional | "api_key" |
+
+## Basic
+
+You can use basic authentication using `requests_auth.Basic`.
+
+The only advantage of using this class instead of `requests` native support of basic authentication, is to be able to use it in [multiple authentication](#multiple-authentication-at-once).
+
+```python
+import requests
+from requests_auth import Basic
+
+requests.get('https://www.example.com', auth=Basic('username', 'password'))
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `username` | User name. | Mandatory | |
+| `password` | User password. | Mandatory | |
+
+## NTLM
+
+Requires [`requests-negotiate-sspi` module][4] or [`requests_ntlm` module][5] depending on provided parameters.
+
+You can use Windows authentication using `requests_auth.NTLM`.
+
+```python
+import requests
+from requests_auth import NTLM
+
+requests.get('https://www.example.com', auth=NTLM())
+```
+
+### Parameters
+
+| Name | Description | Mandatory | Default value |
+|:------------------------|:-------------------------------|:----------|:--------------|
+| `username` | User name. | Mandatory if `requests_negotiate_sspi` module is not installed. In such a case `requests_ntlm` module is mandatory. | |
+| `password` | User password. | Mandatory if `requests_negotiate_sspi` module is not installed. In such a case `requests_ntlm` module is mandatory. | |
+
+## Multiple authentication at once
+
+You can also use a combination of authentication using `+` or `&` as in the following sample:
+
+```python
+import requests
+from requests_auth import HeaderApiKey, OAuth2Implicit
+
+api_key = HeaderApiKey('my_api_key')
+oauth2 = OAuth2Implicit('https://www.example.com')
+requests.get('https://www.example.com', auth=api_key + oauth2)
+```
+
+## Available pytest fixtures
+
+Testing the code using `requests_auth` authentication classes can be achieved using provided [`pytest`][6] fixtures.
+
+### token_cache_mock
+
+```python
+from requests_auth.testing import token_cache_mock, token_mock
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+Use this fixture to mock authentication success for any of the following classes:
+ * OAuth2AuthorizationCodePKCE
+ * OktaAuthorizationCodePKCE
+ * OAuth2Implicit
+ * OktaImplicit
+ * OktaImplicitIdToken
+ * AzureActiveDirectoryImplicit
+ * AzureActiveDirectoryImplicitIdToken
+ * OAuth2AuthorizationCode
+ * OktaAuthorizationCode
+ * OAuth2ClientCredentials
+ * OktaClientCredentials
+ * OAuth2ResourceOwnerPasswordCredentials,
+
+By default, an access token with value `2YotnFZFEjr1zCsicMWpAA` is generated.
+
+You can however return your custom token by providing your own `token_mock` fixture as in the following sample:
+
+```python
+import pytest
+
+from requests_auth.testing import token_cache_mock
+
+
+@pytest.fixture
+def token_mock() -> str:
+ return "MyCustomTokenValue"
+
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+You can even return a more complex token by using the `create_token` function.
+
+Note that [`pyjwt`](https://pypi.org/project/PyJWT/) is a required dependency in this case as it is used to generate the token returned by the authentication.
+
+```python
+import pytest
+
+from requests_auth.testing import token_cache_mock, create_token
+
+
+@pytest.fixture
+def token_mock() -> str:
+ expiry = None # TODO Compute your expiry
+ return create_token(expiry)
+
+
+def test_something(token_cache_mock):
+ # perform code using authentication
+ pass
+```
+
+### Advanced testing
+
+#### token_cache
+
+This [`pytest`][6] fixture will return the token cache and ensure it is reset at the end of the test case.
+
+```python
+from requests_auth.testing import token_cache
+
+def test_something(token_cache):
+ # perform code using authentication
+ pass
+```
+
+#### browser_mock
+
+This [`pytest`][6] fixture will allow to mock the behavior of a web browser.
+
+With this [`pytest`][6] fixture you will be allowed to fine tune your authentication related failures handling.
+
+[`pyjwt`](https://pypi.org/project/PyJWT/) is a required dependency if you use `create_token` helper function.
+
+```python
+import datetime
+
+from requests_auth.testing import browser_mock, BrowserMock, create_token
+
+def test_something(browser_mock: BrowserMock):
+ token_expiry = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
+ token = create_token(token_expiry)
+ tab = browser_mock.add_response(
+ opened_url="http://url_opened_by_browser?state=1234",
+ reply_url=f"http://localhost:5000#access_token={token}&state=1234",
+ )
+
+ # perform code using authentication
+
+ tab.assert_success(
+ "You are now authenticated on 1234 You may close this tab."
+ )
+```
+
+## Endorsements
+
+> I love requests_auth. As a ~15 year pythonista, this library makes working with OAuth services a breeze. <333
+
+**Randall Degges**, Head of Evangelism, [Okta](https://developer.okta.com)
+
+[1]: https://pypi.python.org/pypi/requests "requests module"
+[2]: https://2.python-requests.org/en/master/user/authentication/ "authentication parameter on requests module"
+[3]: https://openid.net/specs/openid-connect-core-1_0.html#IDToken "OpenID ID Token specifications"
+[4]: https://pypi.python.org/pypi/requests-negotiate-sspi "requests-negotiate-sspi module"
+[5]: https://pypi.python.org/pypi/requests_ntlm "requests_ntlm module"
+[6]: https://docs.pytest.org/en/latest/ "pytest module"
+
+
+
+%prep
+%autosetup -n requests-auth-6.0.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+ find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+ find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+ find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+ find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+ find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-requests-auth -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Wed Apr 12 2023 Python_Bot <Python_Bot@openeuler.org> - 6.0.0-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..ad44bf9
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+01ba5798b33978a40e0900cf774871b4 requests_auth-6.0.0.tar.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 17:46:36 +0000