Login/Register
How do I use basic HTTP authentication with the Python Requests library?
Asked Answered
Solved pythonpython-requestsappdynamics
M

6

142

I'm trying to use basic HTTP authentication in Python. I am using the Requests library:

auth = requests.post('http://' + hostname, auth=HTTPBasicAuth(user, password))
request = requests.get('http://' + hostname + '/rest/applications')

Response form auth variable:

<<class 'requests.cookies.RequestsCookieJar'>[<Cookie JSESSIONID=cb10906c6219c07f887dff5312fb for appdynamics/controller>]>
200
CaseInsensitiveDict({'content-encoding': 'gzip', 'x-powered-by': 'JSP/2.2', 'transfer-encoding': 'chunked', 'set-cookie': 'JSESSIONID=cb10906c6219c07f887dff5312fb; Path=/controller; HttpOnly', 'expires': 'Wed, 05 Nov 2014 19:03:37 GMT', 'server': 'nginx/1.1.19', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=78000', 'date': 'Tue, 04 Nov 2014 21:23:37 GMT', 'content-type': 'text/html;charset=ISO-8859-1'})

But when I try to get data from different location, I'm getting HTTP Status 401 error:

<<class 'requests.cookies.RequestsCookieJar'>[]>
401
CaseInsensitiveDict({'content-length': '1073', 'x-powered-by': 'Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Oracle Corporation/1.7)', 'expires': 'Thu, 01 Jan 1970 00:00:00 UTC', 'server': 'nginx/1.1.19', 'connection': 'keep-alive', 'pragma': 'No-cache', 'cache-control': 'no-cache', 'date': 'Tue, 04 Nov 2014 21:23:37 GMT', 'content-type': 'text/html', 'www-authenticate': 'Basic realm="controller_realm"'})

As far as I understand, in the second request session parameters are not substituted.

Macklin answered 4/11, 2014 at 21:34 Comment(3)
You need to include code for making the second requestMarutani
I don't know how to do it, and I can't find an appropriate manualMacklin
I mean, you need to include your code for the second request. By second request are you referring to the 'get' request?Marutani
M
145

You need to use a session object and send the authentication each request. The session will also track cookies for you:

session = requests.Session()
session.auth = (user, password)

auth = session.post('http://' + hostname)
response = session.get('http://' + hostname + '/rest/applications')
Mercurio answered 4/11, 2014 at 22:54 Comment(7)
Thanks for your reply, but it's doesn't work too :( Error is the same as previousMacklin
@oleksii: define 'does not work'. And when you use POST (with no parameters, I note), does the server return any token or anything that you'd need to use for the REST API here? In other words, what does the documentation for the API state you need to do?Mercurio
@Sarit how so? Note that I link to the official documentation in my answer.Mercurio
@MartijnPieters Sorry I was taking about this page docs.python-requests.org/en/master/user/authenticationVernal
@Sarit that page deals with all different forms of HTTP authentication. Cluttering it with session handling would cloud matters. Not all use cases need to make multiple HTTP requests, and you can get the same effect by passing in the auth info manually with every request.Mercurio
@MartijnPieters After read your comment 10th fimes. I still not understand. I can use basicAuth in the Postman. Postman will digest username/password into header Authorization: Basic <....>. But I could not be able to connect why I need session here, but it works! What's wrong with @Macklin attempt?Vernal
@Sarit: The header needs to be included in every request that you send to the server; usually the only way the server can authenticate you based on the header being present, no other info. The easiest way to add the header to every request is to use a session. You don't have to, but then you have to include the header manually in each request.Mercurio
E
111
import requests

from requests.auth import HTTPBasicAuth
res = requests.post('https://api.github.com/user', auth=HTTPBasicAuth('user', 'password'))
print(res)
Eryn answered 1/1, 2019 at 7:30 Comment(2)
requests.posts does not work for me but requests.get does, there is also a shorter version requests.get(url, auth=(username, password))Afterpiece
This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.Tumblebug
C
51

In Python3 it becomes easy:

import requests
response = requests.get(uri, auth=(user, password))
Carboniferous answered 14/12, 2020 at 8:50 Comment(2)
You may need to additionally install requests-toolbelt pip install requests-toolbeltAlmondeyed
This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.Tumblebug
I
3

Below one worked for me

#!/usr/bin/python3
import xml.etree.ElementTree as ET
import requests
from requests.auth import HTTPBasicAuth

url = 'http://172.25.38.135:600/service/xx/users'      # my URL     
response = requests.get(url, auth=HTTPBasicAuth('admin', 'adminpass!'))

string_xml = response.content
tree = ET.fromstring(string_xml)
ET.dump(tree)
Industry answered 28/1, 2022 at 11:58 Comment(1)
This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.Tumblebug
W
0

for python 2:

base64string = base64.encodestring('%s:%s' % (username, password)).replace('\n', '')

request = urllib2.Request(url)

request.add_header("Authorization", "Basic %s" % base64string) 

result = urllib2.urlopen(request)
        data = result.read()
Wacker answered 11/2, 2020 at 14:46 Comment(1)
This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.Tumblebug
I
-2

The following worked for me

from requests.auth import HTTPDigestAuth
url = 'https://someserver.com'
requests.get(url, auth=HTTPDigestAuth('user', 'pass'))
Insignificance answered 8/6, 2021 at 8:5 Comment(1)
This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.Tumblebug

© 2022 - 2024 — McMap. All rights reserved.