{"id":5097,"library":"www-authenticate","title":"WWW-Authenticate Header Parser","description":"This is a tiny Python library designed specifically for parsing complex `WWW-Authenticate` HTTP headers. It simplifies the extraction of authentication scheme names and their parameters, returning them in a `collections.OrderedDict`. The library's last release was in August 2015, indicating it is no longer actively developed or maintained.","status":"abandoned","version":"0.9.2","language":"en","source_language":"en","source_url":"https://github.com/alexsdutton/www-authenticate","tags":["http","authentication","header","parsing","www-authenticate"],"install":[{"cmd":"pip install www-authenticate","lang":"bash","label":"Install with pip"}],"dependencies":[],"imports":[{"note":"The primary function `parse` is accessed directly via the imported module.","symbol":"parse","correct":"import www_authenticate\nparsed_header = www_authenticate.parse(header_string)"}],"quickstart":{"code":"import www_authenticate\n\n# Simulate a WWW-Authenticate header from a server response\nwww_authenticate_header = 'Basic realm=\"Restricted Area\", charset=\"UTF-8\", Digest realm=\"api\", nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"'\n\nparsed_challenges = www_authenticate.parse(www_authenticate_header)\n\nprint(\"Parsed WWW-Authenticate Challenges:\")\nfor scheme, params in parsed_challenges.items():\n    print(f\"  Scheme: {scheme}\")\n    print(f\"    Parameters: {params}\")\n\n# Accessing specific parameters\nif 'Basic' in parsed_challenges:\n    basic_params = parsed_challenges['Basic']\n    print(f\"\\nBasic Realm: {basic_params.get('realm')}\")\n\nif 'Digest' in parsed_challenges:\n    digest_params = parsed_challenges['Digest']\n    print(f\"Digest Nonce: {digest_params.get('nonce')}\")","lang":"python","description":"This quickstart demonstrates how to parse a `WWW-Authenticate` header string using the `www_authenticate.parse` function. It simulates a typical header containing multiple authentication challenges (Basic and Digest) and then prints the extracted schemes and their associated parameters."},"warnings":[{"fix":"Consider migrating to actively maintained HTTP client libraries (e.g., `requests`, `httpx`) that have built-in authentication handling or dedicated authentication libraries (`requests-auth`, `Authlib`) which are more robust and secure for parsing and managing authentication flows.","message":"The library has not been updated since August 2015 (version 0.9.2). This means it likely does not incorporate modern HTTP authentication standards, security best practices, or bug fixes for issues discovered in the last nine years. It might be incompatible with newer Python versions or produce incorrect results for contemporary authentication schemes.","severity":"breaking","affected_versions":"<=0.9.2"},{"fix":"Understand that `www-authenticate` is a low-level parsing tool. For complete client-side authentication, you will need to implement the logic for constructing and sending `Authorization` headers based on the parsed challenges, typically using a separate HTTP client library.","message":"This library only parses the `WWW-Authenticate` header. It does not handle the full authentication handshake, generate `Authorization` headers, or manage credentials. It is purely a parsing utility.","severity":"gotcha","affected_versions":"<=0.9.2"},{"fix":"Thoroughly test the library's parsing capabilities against the specific `WWW-Authenticate` headers you expect to encounter. For critical applications, consider using more actively maintained libraries that are regularly updated to handle evolving and diverse header formats.","message":"The parsing logic might be brittle for malformed or non-standard compliant `WWW-Authenticate` headers, which can occur in the wild. Some newer or less common authentication schemes might not be parsed correctly or fully.","severity":"gotcha","affected_versions":"<=0.9.2"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}