Skip to content

feat: replace requests with httpx #456

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat: replace requests with httpx #456

wants to merge 7 commits into from

Conversation

omercnet
Copy link
Member

@omercnet omercnet commented Nov 10, 2024

Pull Request Summary: Migrate from requests to httpx

Overview

This PR modernizes the Descope Python SDK by migrating from the requests library to httpx, providing better async support, HTTP/2 capabilities, and improved performance for HTTP operations.

Key Changes

🔧 Core Infrastructure

  • Dependency Migration: Replaced requests with httpx ^0.27.2 in pyproject.toml and requirements.txt
  • HTTP Client Updates: Updated all HTTP operations in the core Auth class (descope/auth.py) to use httpx methods:
    • httpx.get(), httpx.post(), httpx.patch(), httpx.delete()
    • Updated parameter naming: allow_redirectsfollow_redirects
  • Public Key Fetching: Migrated _fetch_public_keys() method to use httpx.get()

📦 Auth Methods Updated

  • WebAuthn (descope/authmethod/webauthn.py): Updated import to use httpx.Response
  • All authentication flows: OTP, Password, SAML, SSO, TOTP, WebAuthn, EnchantedLink

🧪 Comprehensive Test Updates

Updated all test files to mock httpx instead of requests:

  • Core Tests: test_auth.py, test_descope_client.py
  • Auth Method Tests: test_otp.py, test_password.py, test_saml.py, test_sso.py, test_totp.py, test_webauthn.py, test_enchantedlink.py, test_magiclink.py, test_oauth.py
  • Management Tests: All management API tests (access keys, users, tenants, etc.)
  • Parameter Updates: Changed allow_redirects=False to follow_redirects=False in test assertions

🔄 Build & CI

  • Poetry Lock: Updated poetry.lock with new dependency resolution
  • Pre-commit: Fixed poetry export configuration in .pre-commit-config.yaml

Benefits

  • Modern HTTP Library: httpx provides better async support and HTTP/2 capabilities
  • Backward Compatibility: All public APIs remain unchanged - this is purely an internal implementation update
  • Performance: Potential performance improvements with better connection pooling and HTTP/2 support
  • Future-Proofing: httpx is actively maintained and designed for modern Python async patterns

Testing

  • ✅ All existing tests updated and passing
  • ✅ No breaking changes to public API
  • ✅ Comprehensive test coverage maintained across all authentication methods

Breaking Changes

None - this is an internal dependency migration that maintains full backward compatibility.

Files Changed

  • pyproject.toml - Updated dependency from requests to httpx
  • requirements.txt - Updated with new dependency resolution
  • poetry.lock - Updated lock file
  • descope/auth.py - Core HTTP client migration
  • descope/authmethod/webauthn.py - Import updates
  • All test files - Updated mocks and assertions
  • .pre-commit-config.yaml - Fixed poetry export

Copy link

github-actions bot commented Nov 10, 2024

Coverage report

The coverage rate went from 97.67% to 97.67% ⬆️

100% of new lines are covered.

Diff Coverage details (click to unfold)

descope/authmethod/enchantedlink.py

100% of new lines are covered (97.82% of the complete file).

descope/authmethod/webauthn.py

100% of new lines are covered (100% of the complete file).

descope/descope_client.py

100% of new lines are covered (97.77% of the complete file).

descope/init.py

100% of new lines are covered (100% of the complete file).

descope/auth.py

100% of new lines are covered (95.59% of the complete file).

@omercnet omercnet enabled auto-merge (squash) November 10, 2024 11:27
@omercnet omercnet closed this Jun 26, 2025
auto-merge was automatically disabled June 26, 2025 18:30

Pull request was closed

@omercnet omercnet reopened this Jun 30, 2025
@wiz-63f3d288d3
Copy link

wiz-63f3d288d3 bot commented Jun 30, 2025

Wiz Scan Summary

Displaying only findings that violated a policy

Scanner Findings
Vulnerability Finding Vulnerabilities
Data Finding Sensitive Data
Secret Finding Secrets
IaC Misconfiguration IaC Misconfigurations
Total

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@wiz-63f3d288d3
Copy link

Wiz Scan Summary

Displaying only findings that violated a policy

Scanner Findings
Vulnerability Finding Vulnerabilities
Data Finding Sensitive Data
Secret Finding Secrets
IaC Misconfiguration IaC Misconfigurations
Total

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant