Martin Panter added the comment: Despite the title of the other report, it looks like we ended up having a HTTPPasswordMgrWithPriorAuth class instead, and there is no longer a HTTPBasicPriorAuthHandler class. Also, if this proposal could work, it would have to go into a new version of Python; 3.5 has already been released.
With Basic authentication, the client can easily pre-empt an Authorization field, because it sends the username and password in the clear. I have less understanding of Digest authentication, but it is described in <https://tools.ietf.org/html/rfc7616>. I understand the client first needs a “nonce” value issued by the server before it can generate the Authorization field. You gave some demonstration code. Can you explain what the code should be doing at the HTTP level? Do you have any example server, use case, or something that this would work with? What were you looking for with Wireshark? I suspect you would need to include the nonce or some previous session object with the password manager. The code to generate the Authorization field with Basic authentication is in AbstractBasicAuthHandler.http_request(): <https://hg.python.org/cpython/annotate/v3.5.1/Lib/urllib/request.py#l925>. For comparison, the Digest data for the Authorization field is generated in AbstractDigestAuthHandler.get_authorization(). See how it requires the “chal” parameter, derived from an Authorization response field. ---------- nosy: +martin.panter stage: -> test needed title: urllib2.HTTPBasicPriorAuthHandler does not work with DigestAuthentication -> HTTPPasswordMgrWithPriorAuth does not work with DigestAuthentication type: -> enhancement versions: +Python 3.6 -Python 3.5 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26134> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
