Community
Select to view content in your preferred language

Please add requests_pkcs12 to arcpy

351
3
02-03-2025 01:29 PM
Status: Needs Clarification
EricEagle
by
Frequent Contributor

Screenshot 2025-02-03 at 4.23.28 PM.png

As you can see, there are a number of requests package extensions that ship with arcpy.

I have to often deal with client certificates in PKCS12 bundles (.p12 files) in something of an edge case for managing authentication to web services.

requests_pkcs12 is a pure requests extension, well maintained, no problematic dependencies - it would fit easily right along side gssapi, kerberos and oauthlib.

Such an effortless add, and would make my life so dramatically easier - please help!

3 Comments
ShaunWalbridge
by Esri Regular Contributor
‎04-17-2025 01:11 PM
Status changed to: Needs Clarification

Thanks for the suggestion. Could you clarify what kinds of servers you need to access in this way? If they are ArcGIS Servers, the Python API today has a PKCS12 story that should work (it was added a few releases ago):

https://developers.arcgis.com/python/latest/guide/working-with-different-authentication-schemes/#web...

The package itself is really just one file (https://github.com/m-click/requests_pkcs12/blob/master/requests_pkcs12.py), which is about 150 lines if you strip off the tests. It might be easiest just to inline that if you do need direct access to a PKCS12 server outside of an ArcGIS server context, but am interested to hear if there are more nuances that aren't captured yet.

Thanks, Shaun

 

 

EricEagle
by
‎05-19-2025 07:13 AM

@ShaunWalbridge Shaun, sorry but I just saw this - I don't get notified for replies for some reason -

 

Anyway, I work in the federal space, and literally everything is accessed via client PKI certificates.  This means that when I write up python toolboxes that integrate with external (non-Esri) web services, a smartcard, .pfx or .p12 bundle is always part of the authentication workflow.

As requests_pkcs12 is sort of the de facto solution for dead simple management of PKCS12, I end up having to have users pip install requests_pkcs12 alongside the main arcgispro-py3 conda instance.

So I would suggest the inverse of what you wrote:  if the package is only one ~150 line file, why couldn't Esri just include it along with all of the other extensions to requests that you already include?  Thanks for considering!

JoshuaBixby
by MVP Esteemed Contributor
‎05-20-2025 06:07 AM

Although I am not a fan of the Python Requests library, I will second @EricEagle 's comment that support for PKCS#12 in general is very important.  It doesn't matter how good software is today in the enterprise if it doesn't have robust support for a range of authentication and access mechanisms.