Swagger-codegen: [Python] OAuth2 support & refresh-tokens

@khorolets yes to both.

There were some discussion about these before but we've not seen any PRs from the community so far.

@wing328
I have found the lib https://github.com/requests/requests-oauthlib which can be used to reach the goal.

Would you merge a PR if it uses requests and requests-oauthlib?

The usage of this libs will add extra dependencies. So we want to bring requests to add oauth2 support but we have no time to refactor the whole python code to use requests instead of urllib3.

/cc @geekerzp

We do have feedback before about avoiding unnecessary dependency if possible, which means owners of a REST API using API key for authentication probably don't want the extra dependencies for oauth2 support.

Let me check a bit more on this and get back to you.

Seems like https://github.com/requests/requests-oauthlib is the most mature and active module for OAuth support in Python.

Another thing we need to consider is that the module needs to work with both python 2.x and 3.x, which should not be a problem for request-oauthlib as its CI tests already cover both python 2.x and 3.x

My sense is that requests in particular is so ubiquitous and well-tested as to be worthwhile in terms of making the code easier to read and maintain. If there were interest in accepting a change to use it more extensively throughout the Python client, I'd be interested in doing the work (assuming nobody else has already got it going, of course!).

👍 requestsis clearly the best http library in python. Using it would remove a lot of generated boilerplate code.

There are some pros and cons.

Pros:

• requests is well-tested and supported
• Adding features like OAuth2/HTTP Auth/Proxy will be easier (I don't see any good OAuth2 client except requests-oauthlib, and it is not fun to reimplement it over urllib3)
• The generated code will be cleaner (I think the rest.py might be removed and api_client.py might become slimmer)

Cons:

• requests adds 3MB in size (mostly due to the vendoring urllib3, chardet, and idna) and I don't think the generated boilerplate cleanup will save us even 1MB
• requests introduce performance overhead compared to urllib3: http://stackoverflow.com/a/32899936/1178806

Neutral:

• requests doesn't have any extra dependencies

As said in the comments of the SOF thread : if performance matters, just don't use python 😄

Has there been any update on this? I'm in the process of trying to integrate requests_oauthlib into the python client but don't see an easy way of doing it.

@anschwa There is a hacky implementation for OAuth2 Client Credentials Flow in @khorolets's fork (oauth2_support branch): https://github.com/khorolets/swagger-codegen/tree/oauth2_support. @khorolets and I were using it for quite a long time now, but I wish to implement it in a less hacky way and PR to upstream.

Also, after a year of dealing with various OAuth2 flows, it seems to me that requests-oauthlib and oauthlib are not required since OAuth2 client side is quite straightforward to implement.

@frol Thanks, I'll check it out.

I agree with you there, (un)fortunately OAuth1 needs to sign every request so oauthlib seems to be the only viable option.

see #4102