HTTP Digest authentication #784
Comments
|
If I remember correctly Digest Authentication requires two HTTP requests: one to get the challenge from the server, one to send the response and open the websocket connection. If I had to do this, here's what I'd try:
It would be interesting to build this into websockets. Since we already handle basic auth and http redirects, I think we have all the pieces we need. |
|
It's a little more complex than that. The I don't know how that fits into websockets. It may be that we can do it just once and then after the upgrade there's no need. I'll do some experiments on Monday. |
|
In a WebSocket connection you send HTTP headers only once. After you've upgraded from a HTTP to a HTTP connection you're fine. |
|
Two options have been discussed for adding digest authentication support:
Option 1 is disfavored by the maintainer because it adds a dependency to websockets which currently has none. @Nicolas-Feude has done some great work in #1111 toward option 2. However, looking at the code in #1111, it would seem to add a lot of complexity to this package, and duplicates code from requests which may diverge over time. It also seems fraught to re-implement security-related code. I'm wondering if another option would be to use a library for the digest authentication but as an optional dependency. When digest authentication is required, websockets could output a message saying that the dependency needs to be installed. Digest authentication is an uncommon need, so it may be reasonable for the user to have to install an extra package to support it. (Not an experienced Python developer so unsure whether this is a good idea, but wanted to suggest it just in case.) |
Hi folks,
How can I create a websocket client where the server requires digest authentication?
The text was updated successfully, but these errors were encountered: