I'm trying to call Github APIs to the Github Enterprise Server in the company that I work for. The API calls works when I use personal access token, but every time I used user name and password, I'm getting an HTTP 401 error message "Must authenticate to use this API".
I tried using the following tools:
curl
Sample call:
curl --proxy $PROXY -i --user "xx-xx" https://github.xxx.xxx.com/api/v3/users
PyGithub
Sample code:
gh = Github('my-user', password='....', base_url='https://github.xxx.xxx.com/api/v3/users')
Python requests API
Sample code
r = requests.get('https://github.xxx.xxx.com', auth=('my-user','....'), proxies=proxyDict)
Doesn't work if I use either HTTPBasicAuth or HTTPDigestAuth
The company github website is authenticated via SAML, so I'm wondering if this is SAML related issue.
Github does not allow http/https authentications. (same for bitbucket and gitlab). I learnt it hard-way.
You may want to use ssh public key based authentication.
Github API supports Basic Authentication as defined in RFC2617 with a few small differences.
cURL example:
curl -u username https://api.github.com/user
cURL will prompt you to enter the password.
PyGitHub example:
g = Github("user", "password")
for repo in g.get_user().get_repos():
print(repo.name)
Requests example:
response = requests.get('https://api.github.com/user', auth=('username', 'password'))
I would suggest using PyGitHub instead of Requests. And also Postman which is a nice cURL alternative to try things out.
Related
I'm trying to learn the requests library in python and I'm following a guide. I'm sending a get request to api.github.com/user but I keep on getting a Status Code of 401. For username, I was using my email at first, but I thought that was what was making it fail so I changed it to my GitHub username and it still doesn't work. Is there anything I'm doing wrong or are there solutions?
import requests
from getpass import getpass
response = requests.get(
"https://api.github.com/user",
auth=('username', getpass())
)
print(response)
You can no longer authenticate to the GitHub API using Basic authentication (a username and password). That ability has been removed. This API endpoint requires authentication because it tells you the current user, and when you're not logged in, there is no current user.
You'll need to generate a personal access token with the appropriate scopes and use it to authenticate to the API instead. You can also use an OAuth token if you're using an OAuth app, but it doesn't sound like you need that in this case.
I was calling github api from my python scripts. if run successfully, it would have made around 3000 calls. However, after 50-60 successful calls, it shows the below message-
{'message': "API rate limit exceeded for 108.169.151.47. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)", 'documentation_url': 'https://developer.github.com/v3/#rate-limiting'}
I have read the documentation. I don't have any application to register with to get a client id and client secret.
From my github account, I generated a token. I'm wondering if I can use that to send authenticated requests.
I tried some curl command to log in through my github profile in the git bash, and then run the python script, but it still shows the same message.
Can you suggest a way how can I make use of the good news in the message?
You might want to consider just using basic authentication with your GitHub username and password. The response received should be converted to JSON.
req = requests.get(url, auth=(USERNAME, PASSWORD))
req_json = req.json()
I want to send the credentials for the #auth.login_required to access my
other methods in my Flask Webapp with a browser.
I know with Curl is:
curl -u username:password -i http://localhost:5000/method
Some example ?
i send like this username:password#localhost:5000/method but didnĀ“t work
On method GET:
http://localhost:5000/method?login='mylogin'&password=123
Typically, browsers will present you with a prompt to enter your credentials. Try simply navigating to the endpoint and see if your browser allows you to enter your credentials.
How can I use automatic NTLM authentication from python on Windows?
I want to be able to access the TFS REST API from windows without hardcoding my password, the same as I do from the web browser (firefox's network.automatic-ntlm-auth.trusted-uris, for example).
I found this answer which works great for me because:
I'm only going to run it from Windows, so portability isn't a problem
The response is a simple json document, so no need to store an open session
It's using the WinHTTP.WinHTTPRequest.5.1 COM object to handle authentication natively:
import win32com.client
URL = 'http://bigcorp/tfs/page.aspx'
COM_OBJ = win32com.client.Dispatch('WinHTTP.WinHTTPRequest.5.1')
COM_OBJ.SetAutoLogonPolicy(0)
COM_OBJ.Open('GET', URL, False)
COM_OBJ.Send()
print(COM_OBJ.ResponseText)
You can do that with https://github.com/requests/requests-kerberos. Under the hood it's using https://github.com/mongodb-labs/winkerberos. The latter is marked as Beta, I'm not sure how stable it is. But I have requests-kerberos in use for a while without any issue.
Maybe a more stable solution would be https://github.com/brandond/requests-negotiate-sspi, which is using pywin32's SSPI implementation.
I found solution here https://github.com/mullender/python-ntlm/issues/21
pip install requests
pip install requests_negotiate_sspi
import requests
from requests_negotiate_sspi import HttpNegotiateAuth
GetUrl = "http://servername/api/controller/Methodname" # Here you need to set your get Web api url
response = requests.get(GetUrl, auth=HttpNegotiateAuth())
print("Get Request Outpot:")
print("--------------------")
print(response.content)
for request by https:
import requests
from requests_negotiate_sspi import HttpNegotiateAuth
import urllib3
urllib3.disable_warnings()
GetUrl = "https://servername/api/controller/Methodname" # Here you need to set your get Web api url
response = requests.get(GetUrl, auth=HttpNegotiateAuth(), verify=False)
print("Get Request Outpot:")
print("--------------------")
print(response.content)
NTLM credentials are based on data obtained during the interactive logon process, and include a one-way hash of the password. You have to provide the credential.
Python has requests_ntlm library that allows for HTTP NTLM authentication.
You can reference this article to access the TFS REST API :
Python Script to Access Team Foundation Server (TFS) Rest API
If you are using TFS 2017 or VSTS, you can try to use Personal Access Token in a Basic Auth HTTP Header along with your REST request.
I am struggling with Jira REST API authentication via kerberos. Basic authentication works as expected.
If I access the login page with the web browser (after I did kinit) and then use the generated JSESSIONID in my python script, I can use REST without getting 401. But I have no ide how to do that with my python script, I tried to use requests_kerberos, but when I request the login page, it simply returns the basic login form instead of automatic login.
Do you know how to use JIRA REST API with kerberos authentication?
Thanks for you answers.
After a day of struggle I finally figured it out.
First you have to send an HTTP GET request to ${jira-url}/step-auth-gss:
r = requests.get("https://example-jira.com/step-auth-gss", auth=requests_kerberos.HTTPKerberosAuth())
Then you get the JSESSIONID from the cookie header and you can REST away:
rd = requests.get(url, headers={"Cookie": "JSESSIONID=%s" % r.cookies['JSESSIONID']})
As explained by VaclavDedik, the first step is to get a valid JSESSIONID cookie (along with atlassian.xsrf.token and crowd.token_key cookies if you use Crowd for user management and SSO) upon successful Kerberos authentication on a private Jira resource / URL.
In Python, the PycURL package makes it very easy to authenticate with Kerberos. You can install it on Windows/Mac OS/Linux either with easy_install or pip. The PycURL package relies on libcurl. You will need to check that your libcurl version is >=7.38.0 as the HTTPAUTH_NEGOTIATE directive was introduced in that very version.
Then, it is as simple as:
import pycurl
curl = pycurl.Curl()
# GET JSESSIONID
curl.setopt(pycurl.COOKIEFILE, "")
curl.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_NEGOTIATE)
curl.setopt(pycurl.USERPWD, ':')
curl.setopt(pycurl.URL, <ANY_JIRA_PRIVATE_URL>)
curl.perform()
# Then REST request
curl.setopt(pycurl.URL, <YOUR_JIRA_REST_URL>)
curl.perform()
curl.close()
Please, check out the following page for detailed examples in Python, PowerShell and Groovy: https://www.cleito.com/products/iwaac/documentation/integrated-windows-authentication-for-non-browser-clients/
Though this is the official documentation of the Cleito IWAAC plugin mentioned by Xabs, this will work with any server-side Kerberos plugin for Jira