New submission from Paul Stoner :
I found this issue when running an ansible playbook. In the playbook we go out
to Azure Artifacts to download a customer jar to be deploy with a web
application.
After some digging, I found the error comes from the request class in the
urllib library. Knowing this I wrote a small program to test and try to
decipher what is happening.
I've attached a scrubbed version of my test code. I've stripped all sensitive
information. You may need to have an azure DevOps account with an artifact
repository set up. I have not tested this against any other type of repository,
such as GitHub.
Additional information:
1) I also use CNTLM in order to avoid authentication through our corporate
firewall. I have tested this with and without CNTLM active
2) My organization utilizes ADFS Federated authentication. I am assuming this
is where the Bearer token is coming from. I will try and test this on a private
network to see if ADFS is the issue. I'll augment this bug with my findings
The debug output is shown below
3.8.2 (tags/v3.8.2:7b3ab59, Feb 25 2020, 23:03:10) [MSC v.1916 64 bit (AMD64)]
send: b'GET /.../_packaging/artifacts/maven/v1/custom.jar
HTTP/1.1\r\nAccept-Encoding: identity\r\nHost:
pkgs.dev.azure.com\r\nUser-Agent: Python-urllib/3.8\r\nConnection:
close\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Cache-Control: no-cache
header: Pragma: no-cache
header: Content-Length: 307
header: Content-Type: application/json; charset=utf-8
header: Expires: -1
header: P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi
BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
header: WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/...
header: WWW-Authenticate: Basic
realm="https://pkgsprodcus1.pkgs.visualstudio.com/";
header: WWW-Authenticate: TFS-Federated
header: X-TFS-ProcessId: ...
header: Strict-Transport-Security: max-age=31536000; includeSubDomains
header: ActivityId: ...
header: X-TFS-Session: ...
header: X-VSS-E2EID: ...
header: X-FRAME-OPTIONS: SAMEORIGIN
header: X-TFS-FedAuthRealm: https://pkgsprodcus1.pkgs.visualstudio.com/
header: X-TFS-FedAuthIssuer: https://www.visualstudio.com/
header: X-VSS-AuthorizationEndpoint: https://vssps.dev.azure.com/.../
header: X-VSS-ResourceTenant: ...
header: X-VSS-S2STargetService:
0030---8000-/visualstudio.com
header: X-TFS-FedAuthRedirect: https://spsprodcus2.vssps.visualstudio.com/...
header: Request-Context: appId=cid-v1:540f64bd-7388-47ab-bdf2-a94451f9dd55
header: Access-Control-Expose-Headers: Request-Context
header: X-Content-Type-Options: nosniff
header: X-MSEdge-Ref: Ref A: ... Ref B: CHGEDGE1216 Ref C: 2020-04-22T13:01:32Z
header: Date: Wed, 22 Apr 2020 13:01:32 GMT
header: Connection: close
AbstractBasicAuthHandler does not support the following scheme: 'Bearer'
--
components: Library (Lib)
files: linktest_clean.py
messages: 367002
nosy: Paul Stoner
priority: normal
severity: normal
status: open
title: AbstractBasicAuthHandler does not support the following scheme: 'Bearer'
type: behavior
versions: Python 3.6, Python 3.7, Python 3.8
Added file: https://bugs.python.org/file49085/linktest_clean.py
___
Python tracker
<https://bugs.python.org/issue40362>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
