Python requests PUT

Question

I need to send a PUT request with authentication in one time. When I use Postman for that and input

 headers = {'Authorization': 'Basic Token', 'Content-Type': 'application/json'}
 Authorization = Basic Auth Username = 'login' Password = 'pass'
 Body = data

everything goes well. If I try to write request in python:

req = r.put(url, headers={'Authorization': 'Basic Token', 'Content-Type': 'application/json'}, auth=HTTPBasicAuth('login','password'), data=data)

I get response 400 Bad Request

Whats wrong with my request?

Answer 1

You are setting authorization information twice, and different HTTP libraries will handle this conflict in different ways.

HTTP Basic Authorization uses the Authorization header, encoding the username and password (separated by :) as base64 and setting the header to the value Basic plus space plus the base64 encoded string. You are telling both POSTman and requests to set the Authorization header to the string Basic Token and to use a username and password for Basic Auth, so the clients will have to make a choice between these two options.

Trying this out in requests version 2.25.1 I see that the auth information will win here:

>>> from requests import Session, Request
>>> from requests.auth import HTTPBasicAuth
>>> req = Request(
...     "PUT",
...     "http://example.com",
...     headers={
...         'Authorization': 'Basic Token',
...         'Content-Type': 'application/json'
...     },
...     auth=HTTPBasicAuth('login','password'),
...     data=b"{}"
... )
>>> session = Session()
>>> prepped = session.prepare_request(req)
>>> from pprint import pp
>>> pp(dict(prepped.headers))
{'User-Agent': 'python-requests/2.25.1',
 'Accept-Encoding': 'gzip, deflate',
 'Accept': '*/*',
 'Connection': 'keep-alive',
 'Authorization': 'Basic bG9naW46cGFzc3dvcmQ=',
 'Content-Type': 'application/json',
 'Content-Length': '2'}

The above session creates a prepared request so I can inspect the effect of the auth argument on the headers given to the request, and as you can see the Authorization header has been set to a base64 value created from the login and password pair.

It looks like Postman will do the same, the UI even tells you so:

You didn't share any details about what web service you are using or what expectations that service has for headers or request contents. If this a OAuth2-protected service, then you should not confuse obtaining a token with using that token for subsequent requests to protected URLs. For a grant_type="password" token request, it could be that the server expects you to use the username and password in a Basic Auth header, but it may also expect you to use client_id and client_secret values for that purpose and put the username and password in the POST body. You'll need to carefully read the documentation.

Other than that, you could replace your destination URL with an online HTTP echo service such as httpbin. The URL https://httpbin.org/put will give you a JSON response with the headers that the service received as well as the body of your request.

Further things you probably should be aware of:

• requests can encode JSON data for you if you use the json argument, and if you do, the Content-Type header is generated for you.
• You don't need to import the HTTPBasicAuth object, as auth=(username, password) (as a tuple) works too.

Answer 2

I don't know if this works for your case, but I did use Basic authentication a while ago to authenticate with the Reddit API.

Here's my code:

import requests

client_auth = requests.auth.HTTPBasicAuth("put something here","put something here")

headers = {"User-Agent": "manage your reddit easily by u/0xff"}

code = "ajkldjfalkdjflajfd;lakdjfa"

data = {
    "code":code,
    "grant_type":"authorization_code",
    "redirect_uri":"http://127.0.0.1:3000/authorize_callback"
}

r = requests.post("https://www.reddit.com/api/v1/access_token", auth=client_auth, data=data, headers=headers);

print(r.content)

Just make the appropriate changes for your case and try it.