feat: replace requests with httpx

[omercnet]

Pull Request Summary: Migrate from requests to httpx

Overview

This PR modernizes the Descope Python SDK by migrating from the requests library to httpx, providing better async support, HTTP/2 capabilities, and improved performance for HTTP operations.

Key Changes

🔧 Core Infrastructure

• Dependency Migration: Replaced requests with httpx ^0.27.2 in pyproject.toml and requirements.txt
• HTTP Client Updates: Updated all HTTP operations in the core Auth class (descope/auth.py) to use httpx methods:
  • httpx.get(), httpx.post(), httpx.patch(), httpx.delete()
  • Updated parameter naming: allow_redirects → follow_redirects
• Public Key Fetching: Migrated _fetch_public_keys() method to use httpx.get()

📦 Auth Methods Updated

• WebAuthn (descope/authmethod/webauthn.py): Updated import to use httpx.Response
• All authentication flows: OTP, Password, SAML, SSO, TOTP, WebAuthn, EnchantedLink

🧪 Comprehensive Test Updates

Updated all test files to mock httpx instead of requests:

• Core Tests: test_auth.py, test_descope_client.py
• Auth Method Tests: test_otp.py, test_password.py, test_saml.py, test_sso.py, test_totp.py, test_webauthn.py, test_enchantedlink.py, test_magiclink.py, test_oauth.py
• Management Tests: All management API tests (access keys, users, tenants, etc.)
• Parameter Updates: Changed allow_redirects=False to follow_redirects=False in test assertions

🔄 Build & CI

• Poetry Lock: Updated poetry.lock with new dependency resolution
• Pre-commit: Fixed poetry export configuration in .pre-commit-config.yaml

Benefits

• Modern HTTP Library: httpx provides better async support and HTTP/2 capabilities
• Backward Compatibility: All public APIs remain unchanged - this is purely an internal implementation update
• Performance: Potential performance improvements with better connection pooling and HTTP/2 support
• Future-Proofing: httpx is actively maintained and designed for modern Python async patterns

Testing

• ✅ All existing tests updated and passing
• ✅ No breaking changes to public API
• ✅ Comprehensive test coverage maintained across all authentication methods

Breaking Changes

None - this is an internal dependency migration that maintains full backward compatibility.

Files Changed

• pyproject.toml - Updated dependency from requests to httpx
• requirements.txt - Updated with new dependency resolution
• poetry.lock - Updated lock file
• descope/auth.py - Core HTTP client migration
• descope/authmethod/webauthn.py - Import updates
• All test files - Updated mocks and assertions
• .pre-commit-config.yaml - Fixed poetry export

[github-actions]

Coverage report

The coverage rate went from 97.67% to 97.67% ⬆️

100% of new lines are covered.

Diff Coverage details (click to unfold)

descope/authmethod/enchantedlink.py

100% of new lines are covered (97.82% of the complete file).

descope/authmethod/webauthn.py

100% of new lines are covered (100% of the complete file).

descope/descope_client.py

100% of new lines are covered (97.77% of the complete file).

descope/init.py

100% of new lines are covered (100% of the complete file).

descope/auth.py

100% of new lines are covered (95.59% of the complete file).

[wiz-63f3d288d3]

Wiz Scan Summary

Displaying only findings that violated a policy

Scanner	Findings
Vulnerabilities
Sensitive Data
Secrets
IaC Misconfigurations
Total

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

[wiz-63f3d288d3]

Wiz Scan Summary

Displaying only findings that violated a policy

Scanner	Findings
Vulnerabilities
Sensitive Data
Secrets
IaC Misconfigurations
Total

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.