cherrypy.lib.auth_basic module

HTTP Basic Authentication tool.

This module provides a CherryPy 3.x tool which implements the server-side of HTTP Basic Access Authentication, as described in RFC 2617.

Example usage, using the built-in checkpassword_dict function which uses a dict as the credentials store:

userpassdict = {'bird' : 'bebop', 'ornette' : 'wayout'}
checkpassword = cherrypy.lib.auth_basic.checkpassword_dict(userpassdict)
basic_auth = {'tools.auth_basic.on': True,
              'tools.auth_basic.realm': 'earth',
              'tools.auth_basic.checkpassword': checkpassword,
              'tools.auth_basic.accept_charset': 'UTF-8',
app_config = { '/' : basic_auth }
cherrypy.lib.auth_basic._try_decode(subject, charsets)[source]
cherrypy.lib.auth_basic.basic_auth(realm, checkpassword, debug=False, accept_charset='utf-8')[source]

A CherryPy tool which hooks at before_handler to perform HTTP Basic Access Authentication, as specified in RFC 2617 and RFC 7617.

If the request has an ‘authorization’ header with a ‘Basic’ scheme, this tool attempts to authenticate the credentials supplied in that header. If the request has no ‘authorization’ header, or if it does but the scheme is not ‘Basic’, or if authentication fails, the tool sends a 401 response with a ‘WWW-Authenticate’ Basic header.


A string containing the authentication realm.


A callable which checks the authentication credentials. Its signature is checkpassword(realm, username, password). where username and password are the values obtained from the request’s ‘authorization’ header. If authentication succeeds, checkpassword returns True, else it returns False.


Returns a checkpassword function which checks credentials against a dictionary of the form: {username : password}.

If you want a simple dictionary-based authentication scheme, use checkpassword_dict(my_credentials_dict) as the value for the checkpassword argument to basic_auth().