1

I'm trying to use Basic Authentication in GitHub API. I wrote something like this:

reqURL = "https://api.github.com/repos/user/repo"
pullreqsURL = urllib.request.Request(reqURL)
pullreqsURL.add_header("Authorization", "Basic " + str(base64.urlsafe_b64encode(b'Username:myAuthTokenORpass')) )
pullreqsURL.add_header("Content-Type", "application/json")
pullreqsURL.add_header("Accept", "application/json")
urllib.request.urlopen(pullreqsURL)

However, it keeps throwing HTTPError.
With commented 3rd line it goes well.

Well. I've solved it using personal token instead of user:pass

pullreqsURL.add_header("Authorization", "token >mytoken<" )
Christian Specht
  • 35,843
  • 15
  • 128
  • 182
user1902193
  • 31
  • 4
  • 1
    There is a mistake in quoting in the 3rd line, is that present in your code? – vascowhite May 26 '17 at 16:49
  • oh, sorry. Ofc, no. I've edit the question. – user1902193 May 26 '17 at 16:52
  • Have you actually put "Username:" there, or have you used your actual username? – Daniel Roseman May 26 '17 at 16:53
  • This question: https://stackoverflow.com/questions/6371032/how-to-get-github-token-using-username-and-password Yes! Of course my actual params, i've tested with curl before put them into code. – user1902193 May 26 '17 at 16:56
  • 2
    What HTTP error code is being returned? – Christopher Su May 26 '17 at 18:15
  • Are you replacing `myAuthTokenORpass` with an OAuth2 token or your password? [The API docs](https://developer.github.com/v3/#authentication) seem to imply that you can only use your password there; using an OAuth2 token requires a different header format. – jwodder May 26 '17 at 23:29

1 Answers1

0

It should be possible to authenticate via Basic Authentication with username/password.
Quote from the link:

Via Username and Password

To use Basic Authentication with the GitHub API, simply send the username and password associated with the account.

However, I don't know Python, so I don't know whether str(base64.urlsafe_b64encode(b'Username:myAuthTokenORpass')) is the proper way to Base64 encode username/password.

As you mentioned personal access tokens, it's also possible to authenticate via Basic Authentication, but with an access token instead of your real password.

This is explained in my first link as well.
Quote:

Via OAuth Tokens

Alternatively, you can use personal access tokens or OAuth tokens instead of your password.

curl -u username:token https://api.github.com/user

This approach is useful if your tools only support Basic Authentication but you want to take advantage of OAuth access token security features.

I'm using this approach with success in a project of mine.

Christian Specht
  • 35,843
  • 15
  • 128
  • 182