Skip to content

refactor(google-auth): refactor async AuthorizedSession to remove inheritance from aiohttp.ClientSession#16153

Open
marotta-j wants to merge 2 commits intogoogleapis:mainfrom
marotta-j:authorizedsession-patch
Open

refactor(google-auth): refactor async AuthorizedSession to remove inheritance from aiohttp.ClientSession#16153
marotta-j wants to merge 2 commits intogoogleapis:mainfrom
marotta-j:authorizedsession-patch

Conversation

@marotta-j
Copy link

@marotta-j marotta-j commented Mar 24, 2026

aiohttp discourages inheritance from aiohttp.ClientSession as noted in issue #15184 (and discussed here and here). This PR alters the async implementation of AuthorizedSession to hold aiohttp.ClientSession internally rather than inheriting.

This removes the DeprecationWarning while also keeping the same interface as aiohttp.ClientSession. Fixes #15184.

The previous implementation also did not respect the auth_request parameter which has now been fixed to mirror the sync version of AuthorizedSession. Explicit cleanup for the auth_request session was also added in close().

@marotta-j marotta-j requested review from a team as code owners March 24, 2026 03:23
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Mar 24, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly refactors the asynchronous AuthorizedSession implementation within google-auth. The core change moves from an inheritance-based model to a composition-based one, where AuthorizedSession now internally manages an aiohttp.ClientSession instance. This resolves a known aiohttp deprecation warning and improves the robustness of credential refreshing by correctly handling the auth_request parameter and ensuring proper session closure, aligning the async implementation more closely with its synchronous counterpart.

Highlights

  • Refactor AuthorizedSession: The AuthorizedSession class was refactored to use composition instead of inheritance from aiohttp.ClientSession, addressing a deprecation warning and aligning with aiohttp's recommended practices.
  • Improved auth_request handling: The handling of the auth_request parameter was fixed to mirror the synchronous version of AuthorizedSession, ensuring correct behavior for credential refreshing.
  • Explicit session cleanup: Explicit cleanup for the auth_request session was added in the close() method and __aexit__ for proper resource management.
  • Enhanced session management: New methods (get, post, patch, put, delete, close, __getattr__, __aenter__, __aexit__) were added to AuthorizedSession to maintain compatibility with aiohttp.ClientSession's interface and ensure proper lifecycle management.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 24, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors the async AuthorizedSession to use composition over inheritance with aiohttp.ClientSession, which is the recommended approach. The changes are well-implemented, using an internal session and proxying methods to maintain the same interface. This also resolves an issue with the auth_request parameter and adds proper resource cleanup. I have one suggestion to simplify the __aexit__ method for better code clarity and to reduce duplication.

packages/google-auth/google/auth/transport/_aiohttp_requests.py Outdated
Comment on lines +430 to +433
async def __aexit__(self, *exc):
if self._auth_request_session is not None:
await self._auth_request_session.close()
return await self._session.__aexit__(*exc)
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The implementation of __aexit__ duplicates logic from the close method for closing _auth_request_session. To improve maintainability and align with the pattern used in aiohttp.ClientSession (which just calls self.close() in its __aexit__), this method can be simplified to delegate the closing logic to self.close(). This makes the code cleaner and avoids redundancy.

    async def __aexit__(self, *exc):
        await self.close()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DeprecationWarning: Inheritance class AuthorizedSession from ClientSession is discouraged

1 participant

@marotta-j