Is it possible to use authentication?

Question

Is it possible to use authentication?

Closed this issue 9 years ago · 8 comments

I have an RSS feed that's generated by an issue tracker that I want to track with Krill. However the RSS feed in question requires authentication.

I didn't see any information in the docs about authentication. Is this possible, maybe via an opml file?

Answer 1 · 2015-08-19T16:58:36.000Z

Authentication (I assume you are talking about basic HTTP AUTH) is currently not supported as urllib does not support specifying credentials as part of the URL. I've been trying to find a Python library that allows this but without success, so this would have to be added either through an AbstractBasicAuthHandler or by switching to a more powerful library (suggestions welcome!).

Answer 2 · 2015-08-21T13:14:52.000Z

Have you considered either urllib3 and/or requests?

Answer 3 · 2015-08-23T08:11:29.000Z

requests and urllib3 are both powerful, but they don't seem to allow one to specify credentials in the URL directly. How should credentials for a URL be encoded the the sources file?

Answer 4 · 2015-08-27T17:16:22.000Z

I think I need to go back and try this, because http://user:password@example.com should actually work. Didn't think about that...

Answer 5 · 2015-09-12T07:28:14.000Z

@waynew: Did it work?

Answer 6 · 2015-09-12T12:59:46.000Z

Apparently my life got busy and this fell to the back burner 😝

It looks like this does not work with the default krill, however it does work with requests (i.e. I did

import requests

r = requests.get('https://myuser:my password@example.com/some/rss/feed')

And r.status_code was 200 and r.text contained the rss feed 👍.

From a design perspective, if you were to include requests this way potentially one would be putting their passwords in plain text on their disk. For some feeds that's probably just like eh, whatever... but if your feed uses a password for an account that gives you write access to that page that would be problematic.

I don't know enough about good encryption and Python to know what would be secure, but I know that plain text ain't ;)

Answer 7 · 2015-10-03T10:30:29.000Z

Switched to Requests in a1031ea. Could you give it a try and confirm that authentication works now?

Answer 8 · 2015-10-05T21:17:46.000Z

Sweet success!

A slight bit of strangeness, though, is that if the authentication is not present it doesn't have any kind of feedback. Not sure if there's an exception being raised or a different status_code, but it just kinda... sits there.