treq-kerberos 1.1.0

Simple Example: making a request

GET a URL that requires Kerberos authentication:

from treq_kerberos import TreqKerberosAuth
import treq_kerberos
from twisted.internet import defer, reactor


@defer.inlineCallbacks
def example():
    url = 'https://errata.devel.redhat.com/'
    auth = TreqKerberosAuth()
    try:
        response = yield treq_kerberos.get(url, auth=auth)
        content = yield response.content()
        print(content)
    except Exception as e:
        print(e)


if __name__ == '__main__':
    example().addCallback(lambda ign: reactor.stop())
    reactor.run()

(See the full script at examples/get.py.)

Preemptive authentication

Ordinarily, web clients attempt HTTP Negotiate authentication only after receiving a HTTP 401 response from the web server. The client then retries with the proper Authentication: Negotiate ... header.

If you know your web server will always prompt for HTTP Negotiate authentication, you can skip the first round-trip by setting the force_preemptive=True keyword argument when instantiating TreqKerberosAuth. (This behavior is identical to request-kerberos’s force_preemptive kwarg for HTTPKerberosAuth.)

@defer.inlineCallbacks
def example():
    url = 'https://errata.devel.redhat.com/'
    auth = TreqKerberosAuth(force_preemptive=True)
    response = yield treq_kerberos.get(url, auth=auth)
    # ...

Integration with treq upstream

At the time of this writing, treq supports HTTP Basic authentication by passing a (username, password) tuple via an auth kwarg.

This module borrows that same auth concept. You pass in a TreqNegotiateAuth object instead of the username and password tuple.

Eventually treq may allow more flexible authentication designs that could be suitable to third parties. When this is available in treq upstream, I want treq-kerberos module to support it, ideally minimizing the API changes to support such a future transition.