New submission from Paul Stoner <pstoner6...@gmail.com>:
I found this issue when running an ansible playbook. In the playbook we go out to Azure Artifacts to download a customer jar to be deploy with a web application. After some digging, I found the error comes from the request class in the urllib library. Knowing this I wrote a small program to test and try to decipher what is happening. I've attached a scrubbed version of my test code. I've stripped all sensitive information. You may need to have an azure DevOps account with an artifact repository set up. I have not tested this against any other type of repository, such as GitHub. Additional information: 1) I also use CNTLM in order to avoid authentication through our corporate firewall. I have tested this with and without CNTLM active 2) My organization utilizes ADFS Federated authentication. I am assuming this is where the Bearer token is coming from. I will try and test this on a private network to see if ADFS is the issue. I'll augment this bug with my findings The debug output is shown below 3.8.2 (tags/v3.8.2:7b3ab59, Feb 25 2020, 23:03:10) [MSC v.1916 64 bit (AMD64)] send: b'GET /.../_packaging/artifacts/maven/v1/custom.jar HTTP/1.1\r\nAccept-Encoding: identity\r\nHost: pkgs.dev.azure.com\r\nUser-Agent: Python-urllib/3.8\r\nConnection: close\r\n\r\n' reply: 'HTTP/1.1 401 Unauthorized\r\n' header: Cache-Control: no-cache header: Pragma: no-cache header: Content-Length: 307 header: Content-Type: application/json; charset=utf-8 header: Expires: -1 header: P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT" header: WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/... header: WWW-Authenticate: Basic realm="https://pkgsprodcus1.pkgs.visualstudio.com/" header: WWW-Authenticate: TFS-Federated header: X-TFS-ProcessId: ... header: Strict-Transport-Security: max-age=31536000; includeSubDomains header: ActivityId: ... header: X-TFS-Session: ... header: X-VSS-E2EID: ... header: X-FRAME-OPTIONS: SAMEORIGIN header: X-TFS-FedAuthRealm: https://pkgsprodcus1.pkgs.visualstudio.com/ header: X-TFS-FedAuthIssuer: https://www.visualstudio.com/ header: X-VSS-AuthorizationEndpoint: https://vssps.dev.azure.com/.../ header: X-VSS-ResourceTenant: ... header: X-VSS-S2STargetService: 00000030-0000-8888-8000-000000000000/visualstudio.com header: X-TFS-FedAuthRedirect: https://spsprodcus2.vssps.visualstudio.com/... header: Request-Context: appId=cid-v1:540f64bd-7388-47ab-bdf2-a94451f9dd55 header: Access-Control-Expose-Headers: Request-Context header: X-Content-Type-Options: nosniff header: X-MSEdge-Ref: Ref A: ... Ref B: CHGEDGE1216 Ref C: 2020-04-22T13:01:32Z header: Date: Wed, 22 Apr 2020 13:01:32 GMT header: Connection: close AbstractBasicAuthHandler does not support the following scheme: 'Bearer' ---------- components: Library (Lib) files: linktest_clean.py messages: 367002 nosy: Paul Stoner priority: normal severity: normal status: open title: AbstractBasicAuthHandler does not support the following scheme: 'Bearer' type: behavior versions: Python 3.6, Python 3.7, Python 3.8 Added file: https://bugs.python.org/file49085/linktest_clean.py _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40362> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com