novaBBS - comp.lang.python - Re: basic auth request

Re: basic auth request

<mailman.420.1629224122.4164.python-list@python.org>

https://www.novabbs.com/devel/article-flat.php?id=14649&group=comp.lang.python#14649

copy link Newsgroups: comp.lang.python

Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!4.us.feeder.erje.net!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!not-for-mail
From: bar...@barrys-emacs.org (Barry Scott)
Newsgroups: comp.lang.python
Subject: Re: basic auth request
Date: Tue, 17 Aug 2021 19:15:18 +0100
Lines: 36
Message-ID: <mailman.420.1629224122.4164.python-list@python.org>
References: <07b8928a-fe1f-958b-3ee2-d0f6ec51d414@everest.reportlab.co.uk>
<4647390.GXAFRqVoOG@varric.chelsea.private>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit
X-Trace: news.uni-berlin.de HgrVrKxobGnx8j//BXaM/giEQBGcl8ezQIeQSNG3M+4Q==
Return-Path: <barry@barrys-emacs.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=none reason="no signature";
dkim-adsp=none (unprotected policy); dkim-atps=neutral
X-Spam-Status: OK 0.000
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'this:': 0.03; 'string':
0.05; 'utf-8': 0.07; 'auth': 0.09; 'barry': 0.09; 'convert': 0.09;
'from:addr:barry': 0.09; 'meant': 0.09; 'porting': 0.09;
'received:217.70': 0.09; 'received:gandi.net': 0.09;
'received:mail.gandi.net': 0.09; 'talks': 0.14; '%s"': 0.16;
'becker': 0.16; 'conversion': 0.16; 'encoding': 0.16; 'from:addr
:barrys-emacs.org': 0.16; 'from:name:barry scott': 0.16; 'input.':
0.16; 'py2': 0.16; 'python3': 0.16; 'robin': 0.16; 'unicode':
0.16; 'url-ip:4.31.198/24': 0.16; 'url-ip:4.31/16': 0.16; 'url-
ip:4/8': 0.16; 'url:doc': 0.16; 'url:ietf': 0.16; 'value?': 0.16;
'wrote:': 0.16; 'issue': 0.20; 'to:addr:python-list': 0.23;
'code': 0.24; 'idea': 0.25; 'seems': 0.26; 'cc:2**0': 0.27;
'subject:request': 0.29; 'there': 0.31; 'but': 0.31; 'skip:w 40':
0.32; 'header:In-Reply-To:1': 0.33; 'errors': 0.37; 'way': 0.37;
'read': 0.38; 'all.': 0.40; 'skip:r 30': 0.61; 'skip:b 10': 0.62;
'outside': 0.63; 'your': 0.64; 'clear': 0.65; 'received:217':
0.68; 'direct': 0.73; '2021': 0.84
In-Reply-To: <07b8928a-fe1f-958b-3ee2-d0f6ec51d414@everest.reportlab.co.uk>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <4647390.GXAFRqVoOG@varric.chelsea.private>
X-Mailman-Original-References: <07b8928a-fe1f-958b-3ee2-d0f6ec51d414@everest.reportlab.co.uk>

by: Barry Scott - Tue, 17 Aug 2021 18:15 UTC

On Tuesday, 17 August 2021 10:20:37 BST Robin Becker wrote:
> While porting an ap from python2.7 to python3 I see this
>
> base64string = base64.b64encode('%s:%s' % (wsemail, wspassword))
> request.add_header("Authorization", "Basic %s" % base64string)
>
> in python3.x I find this works
>
> base64string = base64.b64encode(('%s:%s' % (wsemail,
> wspassword)).encode('ascii')).decode('ascii')
> request.add_header("Authorization", "Basic %s" % base64string)
>
> but I find the conversion to and from ascii irksome. Is there a more direct
> way to create the basic auth value?

base64 works on BYTES not UNICODE that is why you need to convert to BYTES.

Its an important detail that you must handle. The py2 code meant that you
only see errors if you have a value in your string that is outside the ASCII
range.

> As an additional issue I find I have no clear idea what encoding is allowed
> for the components of a basic auth input. --

You will want to read this: https://datatracker.ietf.org/doc/html/rfc7617#section-2.1
It talks about a "charset" auth-param, then seems to say that only allowed value is
utf-8 and you most have the unicode Normalization Form C ("NFC").

Oh and if you have the freedom avoid Basic Auth as its not secure at all.

> Robin Becker

Barry

186,000 Miles per Second. It's not just a good idea. IT'S THE LAW.

devel / comp.lang.python / Re: basic auth request