[REQ] [Python] Support per-request auth settings
Created by: warrengray
I'm working on a distributed system that uses Bearer auth and JWTs to identify user requests. It is a common pattern to propagate these tokens from an incoming request to upstream services whose clients are implemented via the OpenAPI generator.
In the Python code, it's not clear to me how one can set the access token on each individual requests since it's defined globally within the Configuration
object passed to the client. Previously we've solved this by creating a new client for each upstream request, but this feels wasteful to me.
Describe the solution you'd like
To me, the obvious solution is to add a kwarg for access_token
for operations that require authentication.
Describe alternatives you've considered
As mentioned above, the workaround we've implemented is to create a new ApiClient
for each outgoing request, but this means that we almost never reuse connection pools, reducing efficiency.
I'm wondering if this can be implemented with a custom template, but I'm wary of "ejecting" from the standard Python code generation.
Additional context
Our system relies on the propagation of each user's security context as requests flow from service to service, which is then verified at each step in the chain. In our specific case, a JWT comes from our frontend application into Service A, which verifies the token. Service A then calls Service B, using the user's JWT as an access token. This allows Service B to independently verify and apply policy based on the subject that initiated the request.
Because services communicate using the identity of the user, access tokens are constantly changing. The current Python implementation only allows the setting of a token at instantiation and we're working in a multi-threaded environment, so we are forced to instantiate a new Configuration
and ApiClient
for each request we send.