search

mamaduckmaster / httplib2

Automatically exported from code.google.com/p/httplib2
0 stars 0 forks source link

WWW-Authenticate parsing requires authentication parameters, but HTTP doesn't #289

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
When a server returns a 401 with a WWW-Authenticate header, if that header 
doesn't include authentication parameters then httplib2 will raise a 
MalformedHeader error.  Here's an example:

WWW-Authenticate: Token

What is the expected output? What do you see instead?
HTTP doesn't seem to require any parameters to follow the scheme, but 
_parse_www_authenticate does.  Here's what I found for documentation on the 
header: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47.  It 
says:

"...the contents of a challenge itself can contain a comma-separated list of 
authentication parameters."

So it seems that they are not required.  And Salesforce's REST api, at least, 
does not provide any.

What version of the product are you using? On what operating system?
httplib2 0.8.  On Mac OS X 10.8.3.

Original issue reported on code.google.com by david.cr...@gmail.com on 30 Jun 2013 at 7:10

GoogleCodeExporter commented 8 years ago 
Okay, with a little more digging, RFC 2617 has a definition for a challenge 
that requires at least one authentication parameter:

http://tools.ietf.org/html/rfc2617#section-1.2

So my bug report is incorrect.  Httplib2 follows the spec, and Salesforce 
doesn't.

Original comment by david.cr...@gmail.com on 30 Jun 2013 at 8:36

GoogleCodeExporter commented 8 years ago 
I did encounter this kind of issue when using httplib2 to connect with 
Salesforce.
httplib2 cant handel the 401 unauthorized response by salesforce so it erred 
with malformed header error.

I just used urllib2 and as expected, the exception handler catched the 401 
response
to let my application refresh the token.

except urllib2.HTTPError, err:
            if err.code == 401:
                self.refresh_token(user)

Original comment by sugarray...@cloudsherpas.com on 30 Nov 2013 at 2:15

GoogleCodeExporter commented 8 years ago 
While it's probably wrong to not specify one,  I've seen a number of servers 
that don't. Here's a small patch to make it work:

Original comment by a...@google.com on 9 Dec 2013 at 8:06

Attachments: