basic auth request
Barry Scott
barry at barrys-emacs.org
Tue Aug 17 14:15:18 EDT 2021
On Tuesday, 17 August 2021 10:20:37 BST Robin Becker wrote:
> While porting an ap from python2.7 to python3 I see this
>
> base64string = base64.b64encode('%s:%s' % (wsemail, wspassword))
> request.add_header("Authorization", "Basic %s" % base64string)
>
> in python3.x I find this works
>
> base64string = base64.b64encode(('%s:%s' % (wsemail,
> wspassword)).encode('ascii')).decode('ascii')
> request.add_header("Authorization", "Basic %s" % base64string)
>
> but I find the conversion to and from ascii irksome. Is there a more direct
> way to create the basic auth value?
base64 works on BYTES not UNICODE that is why you need to convert to BYTES.
Its an important detail that you must handle. The py2 code meant that you
only see errors if you have a value in your string that is outside the ASCII
range.
> As an additional issue I find I have no clear idea what encoding is allowed
> for the components of a basic auth input. --
You will want to read this: https://datatracker.ietf.org/doc/html/rfc7617#section-2.1
It talks about a "charset" auth-param, then seems to say that only allowed value is
utf-8 and you most have the unicode Normalization Form C ("NFC").
Oh and if you have the freedom avoid Basic Auth as its not secure at all.
> Robin Becker
Barry
More information about the Python-list
mailing list