New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
netrc auth overrides OAuth bearer token header #2425
Comments
Hi @MHLut, thanks for the report. This behavior is specific to requests the same way that defining requests sessions take a user_token = "long oauth token here"
client = gitlab.Gitlab(url=settings.GITLAB_BASE_URL, oauth_token=user_token)
client.session.trust_env = False
client.auth() So it might just be a case of documenting that along with our advanced use case docs or FAQ I'd say (we should definitely warn the user about this gotcha and the config required). When we have our http backend code then, we could potentially just pass |
@nejch Thank you for your response! Using I do get an HTTP 401 invalid_token error now, but that might be unrelated to this issue. |
Thanks @MHLut, keep us updated and maybe use |
I haven't heard anything back @MHLut so I assume this works well, I've added some docs that should clarify this. |
@nejch Apologies, the proposed fix didn't work back in December, and due to time constraints, I had to go with a workaround. Since the documentation fix seems more elaborate than the one mentioned above, I'll have to try that still. |
I encountered this too, took me time to discover it was impacted by netrc, since it was the final step in a CI step I opted for removing According to the Update: I started working on a suggestion, would like input how to structure the solution since there is the |
Description of the problem, including code/CLI snippet
When using the OAuth integration while having a
.netrc
file on the filesystem, the.netrc
authentication overrides the OAuth bearer token.Use the following code to trigger an error:
(Any call using the Client's
http_xxx()
method should fail;auth()
is the easiest to use, though)Expected Behavior
Every request to the GitLab API via the
Gitlab
object should authenticate using the OAuth token provided by the user when initializing the client. It should use theAuthorization
header containing the OAuth token as a bearer.Actual Behavior
Instead of using the bearer token from the passed
headers
kwarg,requests
falls back to basic authentication using credentials from thenetrc
file.Troubleshooting
So far, I've found out the following:
481
, sincerequest.auth
is empty, auth is filled usingget_netrc_auth()
494
, theauth
containing netrc values is passed to the prepared request490
, the python-gitlab authorization header get overridden by requests' basic auth oneSee also this relevant quote from Requests netrc documentation:
This might be fixed by explicitly passing an
auth
kwarg when usingrequests
to make requests.Specifications
3.12.0
2.28.1
v4
15.6.2-ee
The text was updated successfully, but these errors were encountered: