Pluggable authentication support #63
Description
Let's decouple the authentication mechanism from farmOS.py. Original motivation from #31
Currently we only support the OAuth password credentials flow which has been OK for most use-cases. But going forward we should encourage other OAuth flows (authorization code and client credentials) instead of password. With farmOS v3 and Simple OAuth v6 the password grant is no longer enabled by default. Also, it would be nice to allow API key based auth to support #55
One approach could be to allow a separate auth parameter, as inspiration from both Requests and HTTPX. This is nice and would allow simple auth methods to be reused yet still be customized as needed.
But there have already been a few use-cases for this where we have designed workarounds replacing the farmOS session with a custom session class: eg #55 (comment). This exercise demonstrated how farmOS.py already has much of the logic abstracted to work with any requests compatible session object (and highlighted some things that can be improved).
Thus, the simplest abstraction may be to require that a session is created and prepared (authorized) separately and passed as a required argument when instantiating a farmOS.py client.
This may look like (roughly):
from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import LegacyApplicationClient
from farmOS import farmOS
# Create an OAuth2Session with password credentials
session = OAuth2Session(
client=LegacyApplicationClient(client_id='farm'),
auto_refresh_url=refresh_url,
)
# Authorize via Password Credentials Flow
session.fetch_token(
token_url=token_url,
username=username,
password=password,
scope='farm_manager',
)
farmos = farmos(url=farm_url, session=session)