Issue
Myget uses basic authentication for the repository but hands back CDN download links that include the authentication as part of the URL.
When poetry attempts to download the file it's still using the same session it used to hit myget in the first place, which includes the basic auth headers. This causes the CDN to return a 403 error, similar to the below:
403 Client Error: Forbidden for url: https://az774065.vo.msecnd.net/redacted/redacted-2.0.6-py3-none-any.whl?sv=2015-12-11&sr=b&sig=5xCEJnyQXzUqK0ECzoABMH1vdVxPRCW0Yqzv7VqE8Yg%3D&st=2022-05-20T03%3A55%3A00Z&se=2022-05-20T05%3A05%3A00Z&sp=r&rscc=max-age%3D3600&rsct=binary%2Foctet-stream&rscd=filename%3Dredacted-2.0.6-py3-none-any.whl
The same repository works just fine with pip so it should be working in poetry.
I can think of two solutions to this:
- Have poetry transparently catch the first 403 and re-try without the auth headers. This is hacky but works (I tried it locally). The downside being that it may cause undesired behaviour for other repos.
- Add a flag to the repo in the
pyproject.toml file that instructs poetry to not use the basic auth headers to download the packages. (I had a crack at this one, but the semantics of how poetry parses the pyproject.toml file is a bit beyond me)
I am on the latest Poetry version.
I am on the most recent pre-release version 1.2.0b1
I have searched the issues of this repo and believe that this is not a duplicate.
If an exception occurs when executing a command, I executed it again in debug mode (
-vvvoption).OS version and name: Fedora Workstation 35
Poetry version: 1.2.0b1
Link of a Gist with the contents of your pyproject.toml file: pyproject.toml
Issue
Myget uses basic authentication for the repository but hands back CDN download links that include the authentication as part of the URL.
When poetry attempts to download the file it's still using the same session it used to hit myget in the first place, which includes the basic auth headers. This causes the CDN to return a 403 error, similar to the below:
The same repository works just fine with pip so it should be working in poetry.
I can think of two solutions to this:
pyproject.tomlfile that instructs poetry to not use the basic auth headers to download the packages. (I had a crack at this one, but the semantics of how poetry parses thepyproject.tomlfile is a bit beyond me)