First off, there are a few issues with authentication in general in RB
1.5.1. I'm planning to put out the 1.5.2 release in the next few days
(depending on other circumstances). Specifically, that'll address
issues such as some Permission Denied errors appearing for anonymous
users when it should be Not Authenticated errors instead, and some
issues in forcing authentication.
You can play around with this using the RB 1.5.2 and Djblets
nightlies. To install them, do:
easy_install -f http://downloads.reviewboard.org/nightlies/ -U
After that, from the client end, to force authentication you need only
send the HTTP_AUTHORIZATION header in any request to the API, with a
realm of Basic and the typical user:pass encoded in base64.
post-review in Git does this now to force it.
So if you want to try upgrading that and playing with it now, you can.
One other thing, which may impact anyone who's currently using
mod_wsgi, is that by default mod_wsgi strips out any
HTTP_AUTHORIZATION headers. In this case, you'd need to add the
following to your web server config:
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
On Sun, Jan 9, 2011 at 5:18 PM, Michael De Wildt
> Gday All,
> I am currently writing a GUI application that uses the Reviewboard API
> 2.0 and am having trouble authenticating users on demand.
> The API uses http basic authentication that only validates my password
> when a make a request to something that requires authentication.
> The only API requests i can see that require authentication are ones
> that send data to Reviewboard for example new request. In order to
> authenticate my user I don't really want to invoke a new request.
> Is there an api call I can use to authenticate my user on demand?
> Want to help the Review Board project? Donate today at
> Happy user? Let us know at http://www.reviewboard.org/users/
> To unsubscribe from this group, send email to
> For more options, visit this group at
Want to help the Review Board project? Donate today at
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to
For more options, visit this group at