in reply to HTTP::Request - authorization_basic

I agree with davido - there is no evidence which I can find of any LWP::Authen::Session module publicly available anywhere. You (or your programmers) have likely written this module and plugged it into the existing HTTP client framework. This is therefore a problem for you and your organisation to solve internally.

Here is an SSCCE which shows how HTTP Basic Auth failures are properly handled in the modules available on CPAN:

#!/usr/bin/env perl 
use strict;
use warnings;

use LWP::UserAgent;
use Test::More tests => 1;

my $ua = LWP::UserAgent->new ();
my $res = $ua->get ('https://pause.perl.org/pause/authenquery');
is ($res->status_line, '401 Unauthorized', 'Request returns a valid 40
+1');

[download]

Replies are listed 'Best First'.
Re^2: HTTP::Request - authorization_basic
by demichi (Beadle) on Nov 16, 2016 at 12:03 UTC
    All,

    I found the code example for authorization_basic somewhere on perlmonks ...

    http://www.perlmonks.org/?node_id=148451

    or

    http://www.perlmonks.org/bare/?node_id=313478

    and also on stackoverflow.

    http://stackoverflow.com/questions/8203964/lwpuseragent-http-basic-authentication

    or here https://perlmaven.com/basic-authentication-with-lwp-useragent-and-http-request-common

    So this is nothing internally.

    regards, de michi
[reply]

      There is a lot of misinformation going on in this thread. Looking at the source of LWP::UserAgent, I see the following code:

      sub request {
...
    {
    my $proxy = ($code == &HTTP::Status::RC_PROXY_AUTHENTICATION_REQUI
+RED);
    my $ch_header = $proxy || $request->method eq 'CONNECT'
        ?  "Proxy-Authenticate" : "WWW-Authenticate";
    my @challenge = $response->header($ch_header);
    unless (@challenge) {
        $response->header("Client-Warning" => 
                  "Missing Authenticate header");
        return $response;
    }

    require HTTP::Headers::Util;

CHALLENGE: for my $challenge (@challenge) {
        $challenge =~ tr/,/;/;  # "," is used to separate auth-params!
+!
        ($challenge) = HTTP::Headers::Util::split_header_words($challe
+nge);
        my $scheme = shift(@$challenge);
        shift(@$challenge); # no value
        $challenge = { @$challenge };  # make rest into a hash

        unless ($scheme =~ /^([a-z]+(?:-[a-z]+)*)$/) {
        $response->header("Client-Warning" => 
                  "Bad authentication scheme '$scheme'");
        return $response;
        }
        $scheme = $1;  # untainted now
        my $class = "LWP::Authen::\u$scheme";
        $class =~ s/-/_/g;

        no strict 'refs';
        unless (%{"$class\::"}) {
        # try to load it
        eval "require $class";
        if ($@) {
            if ($@ =~ /^Can\'t locate/) {
            $response->header("Client-Warning" =>
                      "Unsupported authentication scheme '$scheme'");
            }
            else {
            $response->header("Client-Warning" => $@);
            }
            next CHALLENGE;
        }
        }
...

      [download]

      So, HTTP::Request will attempt to load a module LWP::Authen::$scheme when the server responds with a WWW-Authenticate header, which it does if your credentials are wrong.

      Contrary to your expectation, it doesn't seem to respond with WWW-Authenticate: Basic but with WWW-Authenticate: Session, which makes LWP::UserAgent fail with the above error message. Maybe consider looking at what actually goes over the wire, what the actual response of the server is in your case, and maybe then decide to either fake LWP::Authen::Session as identical to LWP::Authen::Basic or to implement it yourself or to raise a bug against LWP::UserAgent.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom