Using Basic HTTP Authentication with Python Requests

General Discussions
, ,
1

How do I use basic HTTP authentication with the Python Requests library?

I’m trying to use basic HTTP authentication in Python with the Requests library. Here’s what I’ve tried:

auth = requests.post('http://' + hostname, auth=HTTPBasicAuth(user, password))
request = requests.get('http://' + hostname + '/rest/applications')

The response from the auth variable is:

<<class 'requests.cookies.RequestsCookieJar'>[<Cookie JSESSIONID=cb10906c6219c07f887dff5312fb for appdynamics/controller>]>
200

The headers are:

CaseInsensitiveDict({'content-encoding': 'gzip', 'x-powered-by': 'JSP/2.2', 'transfer-encoding': 'chunked', 'set-cookie': 'JSESSIONID=cb10906c6219c07f887dff5312fb; Path=/controller; HttpOnly', 'expires': 'Wed, 05 Nov 2014 19:03:37 GMT', 'server': 'nginx/1.1.19', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=78000', 'date': 'Tue, 04 Nov 2014 21:23:37 GMT', 'content-type': 'text/html;charset=ISO-8859-1'})

However, when I try to retrieve data from a different endpoint, I’m getting an HTTP Status 401 error:

<<class 'requests.cookies.RequestsCookieJar'>[]>
401

The headers are:

CaseInsensitiveDict({'content-length': '1073', 'x-powered-by': 'Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Oracle Corporation/1.7)', 'expires': 'Thu, 01 Jan 1970 00:00:00 UTC', 'server': 'nginx/1.1.19', 'connection': 'keep-alive', 'pragma': 'No-cache', 'cache-control': 'no-cache', 'date': 'Tue, 04 Nov 2014 21:23:37 GMT', 'content-type': 'text/html', 'www-authenticate': 'Basic realm="controller_realm"'})

It seems like the session parameters aren’t being passed correctly with the second request. How can I ensure that the authentication is applied correctly to all requests in this session?

2

Hey! I’ve worked with this scenario quite a bit. To handle authentication persistently, you can use a session object. It keeps all your authentication details intact across multiple requests. Here’s how you can do it:

import requests
from requests.auth import HTTPBasicAuth

# Create a session
session = requests.Session()

# Authenticate with the first request
session.auth = (user, password)

# Make a GET request using the same session
response = session.get(f'http://{hostname}/rest/applications')

print(response.status_code)

Using session.auth ensures that the authentication details are automatically applied to every subsequent request. It’s a clean and efficient way to handle python requests basic auth for multiple endpoints.

3

Good point, Shilpa! But sometimes you don’t want to manage a session for whatever reason. You can still handle this elegantly by passing the auth parameter explicitly with every request. Here’s an example of that approach:

import requests
from requests.auth import HTTPBasicAuth

# Make the first request with basic auth
auth = requests.post(f'http://{hostname}', auth=HTTPBasicAuth(user, password))

# Make subsequent requests with auth parameter
response = requests.get(f'http://{hostname}/rest/applications', auth=HTTPBasicAuth(user, password))

print(response.status_code)

Even without a session, auth=HTTPBasicAuth(user, password) ensures the credentials are sent every time. If your use case is simple or you don’t need to maintain cookies, this can be a practical way to use python requests basic auth.

4

Both great suggestions! Let me add one more nuance. Sometimes, once authenticated, the server uses cookies to manage the session. If the cookies aren’t passed correctly, you could still run into issues. To handle this, use a session object, which automatically manages cookies for you. Here’s how:

import requests
from requests.auth import HTTPBasicAuth

# Create a session
session = requests.Session()

# Authenticate with the session
session.auth = (user, password)

# Make the first request to authenticate
session.post(f'http://{hostname}')

# Make the second request with cookies and auth
response = session.get(f'http://{hostname}/rest/applications')

print(response.status_code)

This approach not only keeps your python requests basic auth credentials intact but also ensures that session cookies (like JSESSIONID) are passed correctly. It’s particularly useful for more complex setups or when the server requires cookies for further interaction.