Can't use on a long-lived requests.Session #8
Comments
|
Thanks for your comment. In concept, I agree, the token expiration should be tracked and expired credentials refreshed. Unfortunately, as it is currently implemented, credentials (key ID, secret, and optionally a token) are passed at the creation of the AWSSigV4 object. Since it does not dynamically generate credentials on the fly, it wouldn't know how to refresh them and also doesn't know when they expire. I would recommend getting and tracking the expiration of credentials outside of the requests.Session and refreshing the session when it expires. There are only a couple instances where credentials are provided from a dynamic source and would include an expiration:
For this library, the only time it loads credentials dynamically is when boto3 is available and keys were not explicitly provided. In this case, yes, it could track expiration and fetch new credentials upon expiration, but the behavior would need to be very different than all of the other use cases. I think this could be implemented, but would need to have a flag or option to identify when the setup uses a dynamic source (mentioned above) vs a static source (explicitly provided or using environment variables). It would also need to track what that dynamic source is. If you have ideas on how this could be implemented, I'll be happy to entertain a PR that adds this functionality. |
If you set the
authof arequests.Sessionto anAWSSigV4object, after the token expires (e.g. 15 minutes), requests no longer succeed. The__call__method should check whether the credentials are expired and refresh them before updating the request.The text was updated successfully, but these errors were encountered: