This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: AbstractBasicAuthHandler does not support the following scheme: 'Bearer'
Type: behavior Stage:
Components: Library (Lib) Versions: Python 3.8, Python 3.7, Python 3.6
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Paul Stoner
Priority: normal Keywords:

Created on 2020-04-22 13:29 by Paul Stoner, last changed 2022-04-11 14:59 by admin.

Files
File name Uploaded Description Edit
linktest_clean.py Paul Stoner, 2020-04-22 13:29 Test program for stated issue
Messages (2)
msg367002 - (view) Author: Paul Stoner (Paul Stoner) Date: 2020-04-22 13:29
I found this issue when running an ansible playbook. In the playbook we go out to Azure Artifacts to download a customer jar to be deploy with a web application.

After some digging, I found the error comes from the request class in the urllib library. Knowing this I wrote a small program to test and try to decipher what is happening.

I've attached a scrubbed version of my test code. I've stripped all sensitive information. You may need to have an azure DevOps account with an artifact repository set up. I have not tested this against any other type of repository, such as GitHub.

Additional information:
1) I also use CNTLM in order to avoid authentication through our corporate firewall. I have tested this with and without CNTLM active

2) My organization utilizes ADFS Federated authentication. I am assuming this is where the Bearer token is coming from. I will try and test this on a private network to see if ADFS is the issue. I'll augment this bug with my findings

The debug output is shown below

3.8.2 (tags/v3.8.2:7b3ab59, Feb 25 2020, 23:03:10) [MSC v.1916 64 bit (AMD64)]
send: b'GET /.../_packaging/artifacts/maven/v1/custom.jar HTTP/1.1\r\nAccept-Encoding: identity\r\nHost: pkgs.dev.azure.com\r\nUser-Agent: Python-urllib/3.8\r\nConnection: close\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Cache-Control: no-cache
header: Pragma: no-cache
header: Content-Length: 307
header: Content-Type: application/json; charset=utf-8
header: Expires: -1
header: P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
header: WWW-Authenticate: Bearer authorization_uri=https://login.windows.net/...
header: WWW-Authenticate: Basic realm="https://pkgsprodcus1.pkgs.visualstudio.com/"
header: WWW-Authenticate: TFS-Federated
header: X-TFS-ProcessId: ...
header: Strict-Transport-Security: max-age=31536000; includeSubDomains
header: ActivityId: ...
header: X-TFS-Session: ...
header: X-VSS-E2EID: ...
header: X-FRAME-OPTIONS: SAMEORIGIN
header: X-TFS-FedAuthRealm: https://pkgsprodcus1.pkgs.visualstudio.com/
header: X-TFS-FedAuthIssuer: https://www.visualstudio.com/
header: X-VSS-AuthorizationEndpoint: https://vssps.dev.azure.com/.../
header: X-VSS-ResourceTenant: ...
header: X-VSS-S2STargetService: 00000030-0000-8888-8000-000000000000/visualstudio.com
header: X-TFS-FedAuthRedirect: https://spsprodcus2.vssps.visualstudio.com/...
header: Request-Context: appId=cid-v1:540f64bd-7388-47ab-bdf2-a94451f9dd55
header: Access-Control-Expose-Headers: Request-Context
header: X-Content-Type-Options: nosniff
header: X-MSEdge-Ref: Ref A: ... Ref B: CHGEDGE1216 Ref C: 2020-04-22T13:01:32Z
header: Date: Wed, 22 Apr 2020 13:01:32 GMT
header: Connection: close
AbstractBasicAuthHandler does not support the following scheme: 'Bearer'
msg367003 - (view) Author: Paul Stoner (Paul Stoner) Date: 2020-04-22 13:37
--4/22/2020 09:36
I disconnected from my corporate vpn and ran the script over my private network with the same result
History
Date User Action Args
2022-04-11 14:59:29adminsetgithub: 84542
2020-04-22 13:37:19Paul Stonersetmessages: + msg367003
2020-04-22 13:29:04Paul Stonercreate