WWW-Authenticate Header Parser

0.9.2 · abandoned · verified Sun Apr 12

This is a tiny Python library designed specifically for parsing complex `WWW-Authenticate` HTTP headers. It simplifies the extraction of authentication scheme names and their parameters, returning them in a `collections.OrderedDict`. The library's last release was in August 2015, indicating it is no longer actively developed or maintained.

Warnings

breaking The library has not been updated since August 2015 (version 0.9.2). This means it likely does not incorporate modern HTTP authentication standards, security best practices, or bug fixes for issues discovered in the last nine years. It might be incompatible with newer Python versions or produce incorrect results for contemporary authentication schemes.
Fix: Consider migrating to actively maintained HTTP client libraries (e.g., `requests`, `httpx`) that have built-in authentication handling or dedicated authentication libraries (`requests-auth`, `Authlib`) which are more robust and secure for parsing and managing authentication flows.
gotcha This library only parses the `WWW-Authenticate` header. It does not handle the full authentication handshake, generate `Authorization` headers, or manage credentials. It is purely a parsing utility.
Fix: Understand that `www-authenticate` is a low-level parsing tool. For complete client-side authentication, you will need to implement the logic for constructing and sending `Authorization` headers based on the parsed challenges, typically using a separate HTTP client library.
gotcha The parsing logic might be brittle for malformed or non-standard compliant `WWW-Authenticate` headers, which can occur in the wild. Some newer or less common authentication schemes might not be parsed correctly or fully.
Fix: Thoroughly test the library's parsing capabilities against the specific `WWW-Authenticate` headers you expect to encounter. For critical applications, consider using more actively maintained libraries that are regularly updated to handle evolving and diverse header formats.

Install

pip install www-authenticate Install with pip

Imports

parse
```
import www_authenticate
parsed_header = www_authenticate.parse(header_string)
```
The primary function `parse` is accessed directly via the imported module.

Quickstart

This quickstart demonstrates how to parse a `WWW-Authenticate` header string using the `www_authenticate.parse` function. It simulates a typical header containing multiple authentication challenges (Basic and Digest) and then prints the extracted schemes and their associated parameters.

import www_authenticate

# Simulate a WWW-Authenticate header from a server response
www_authenticate_header = 'Basic realm="Restricted Area", charset="UTF-8", Digest realm="api", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"'

parsed_challenges = www_authenticate.parse(www_authenticate_header)

print("Parsed WWW-Authenticate Challenges:")
for scheme, params in parsed_challenges.items():
    print(f"  Scheme: {scheme}")
    print(f"    Parameters: {params}")

# Accessing specific parameters
if 'Basic' in parsed_challenges:
    basic_params = parsed_challenges['Basic']
    print(f"\nBasic Realm: {basic_params.get('realm')}")

if 'Digest' in parsed_challenges:
    digest_params = parsed_challenges['Digest']
    print(f"Digest Nonce: {digest_params.get('nonce')}")

view raw JSON →