Extracting the username:password from the host

Christophe Pettus

unread,

Sep 12, 2016, 3:35:41 PM9/12/16

to django-users@googlegroups.com users

I've encountered a service that does postbacks as part of its API. The only authentication mechanism is putting the username and password in the POST URL in the form:

https://user:pa...@example.com/api/endpoint

Is there a portable way of extracting that information from the request object?

--
-- Christophe Pettus
x...@thebuild.com

Carl Meyer

unread,

Sep 12, 2016, 3:40:30 PM9/12/16

to django...@googlegroups.com

Hi Christophe,

On 09/12/2016 03:35 PM, Christophe Pettus wrote:
> I've encountered a service that does postbacks as part of its API.
> The only authentication mechanism is putting the username and
> password in the POST URL in the form:
>
> https://user:pa...@example.com/api/endpoint
>
> Is there a portable way of extracting that information from the
> request object?

Yes, it should be in `request.META['HTTP_AUTHORIZATION']`; see
https://www.djangosnippets.org/snippets/243/ for an example.

The user:pass@host URL syntax is just a way of expressing credentials
for HTTP Basic Authentication; the values should end up in the
Authorization header.

Carl

signature.asc

Christophe Pettus

unread,

Sep 12, 2016, 4:15:56 PM9/12/16

to django...@googlegroups.com

On Sep 12, 2016, at 12:40 PM, Carl Meyer <ca...@oddbird.net> wrote:

> Yes, it should be in `request.META['HTTP_AUTHORIZATION']`; see
> https://www.djangosnippets.org/snippets/243/ for an example.

... and now it works. OK, clearly, either me or the server need more coffee. Thank you!

Reply all

Reply to author

Forward