using HTTP Digest auth with arbitrary HTTP methods?
jtr at ofb.net
Mon Jan 3 02:19:17 CET 2005
Hello there. I've run into some missing functionality with HTTP Digest
authentication in the 2.3 library and I was wondering if I'm just
Missing functionality the first: urllib2
1a. You can add "handlers" to your opener indicating that you want to
use HTTP Digest auth. This is nice way to handle it, but I don't
see any way to use a custom verb in your URLOpener -- it always
uses either GET or POST depending on whether you provided data.
Is there any way to specify an arbitrary method? This would allow
urllib2 to be used to write WebDAV clients.
1b. HTTPDigestAuthHandler is initialized with an HTTPPasswordMgr
object, which unfortunately deals in cleartext passwords. Digest
authentication can be computed using only a hash of username,
password, and realm; it would be nice if there was an alternate
version of HTTPPasswordMgr that let you deal in hashes instead of
or in addition to plaintext passwords.
Missing functionality the second: httplib.
2a. httplib.HTTPConnection lets you execute arbitrary HTTP methods
with arbitrary headers and data; this is the missing functionality
in 1a above. However, you have to deal with following redirects
and authentication and so forth yourself. Is there any way to use
the flexibility of
HTTPConnection.request(method, url[, body[, headers]])
with the convenience of the chains of urllib2 handlers?
The upshot is what I'm trying to do is write a WebDAV-using DAV client
library, and I almost have everything I need to do it; the problem is I
can't find an easy way to do digest authentication for arbitrary HTTP
methods. WebDAV (RFC 2518), for those not familiar, is an extension to
HTTP that defines some new methods and settles the semantics of some
existing but rarely implemented HTTP methods (PUT and DELETE, for
example) to define something similar to a file system. It's intended
for things like letting a group of people author a web site.
More information about the Python-list