requests-oauthlib
requests-oauthlib copied to clipboard
requests
make OAuth2 session picklable
This PR makes me hesitate on a security library when the top of the documentation says pickling is not secure. Can you elaborate on the use case?
https://docs.python.org/3/library/pickle.html
This PR makes me hesitate on a security library when the top of the documentation says pickling is not secure. Can you elaborate on the use case?
The multiprocessing library (and consequently things such as concurrent.futures's ProcessPoolExecutor) requires that the objects be picklable.
That said, the fix here is incomplete, at least with current versions of requests. The requests Session defines a specific list of attributes to save/restore, which doesn't include the OAuth2Session's _client attribute, so the unpickled session is unusable when attempting to make a request.
For context, without the fix in the PR here, I see the following exception:
Traceback (most recent call last):
...
File "/usr/lib/python3.11/multiprocessing/pool.py", line 873, in next
raise value
File "/usr/lib/python3.11/multiprocessing/pool.py", line 540, in _handle_tasks
put(task)
File "/usr/lib/python3.11/multiprocessing/connection.py", line 205, in send
self._send_bytes(_ForkingPickler.dumps(obj))
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/multiprocessing/reduction.py", line 51, in dumps
cls(buf, protocol).dump(obj)
AttributeError: Can't pickle local object 'OAuth2Session.__init__.<locals>.<lambda>'