python · orsenthil · Nov 22, 2019 · Nov 4, 2019 · Nov 6, 2019 · Nov 22, 2019
diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py
@@ -1136,15 +1136,17 @@ def get_authorization(self, req, chal):
         A2 = "%s:%s" % (req.get_method(),
                         # XXX selector: what about proxies and full urls
                         req.selector)
-        if qop == 'auth':
+        # NOTE: As per  RFC 2617, when server sends "auth,auth-int", the client could use either `auth`
+        #     or `auth-int` to the response back. we use `auth` to send the response back.
+        if 'auth' in qop.split(','):
             if nonce == self.last_nonce:
                 self.nonce_count += 1
             else:
                 self.nonce_count = 1
                 self.last_nonce = nonce
             ncvalue = '%08x' % self.nonce_count
             cnonce = self.get_cnonce(nonce)
-            noncebit = "%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, qop, H(A2))
+            noncebit = "%s:%s:%s:%s:%s" % (nonce, ncvalue, cnonce, 'auth', H(A2))
             respdig = KD(H(A1), noncebit)
         elif qop is None:
             respdig = KD(H(A1), "%s:%s" % (nonce, H(A2)))

diff --git a/Misc/NEWS.d/next/Library/2019-11-06-15-26-15.bpo-38686.HNFBce.rst b/Misc/NEWS.d/next/Library/2019-11-06-15-26-15.bpo-38686.HNFBce.rst
@@ -0,0 +1 @@
+Added support for multiple ``qop`` values in :class:`urllib.request.AbstractDigestAuthHandler`.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Added support for multiple ``qop`` values in :class:`urllib.request.AbstractDigestAuthHandler`.