Use aiohttp.encode_basic_auth() instead of deprecated BasicAuth#407
Conversation
aiohttp 3.14.0 deprecates aiohttp.BasicAuth and the auth= parameter on ClientSession, both slated for removal in aiohttp 4.0. Build the Authorization header explicitly with aiohttp.encode_basic_auth() in the async client instead. encode_basic_auth() defaults to utf-8 where BasicAuth defaulted to latin1. This is irrelevant here since account IDs are numeric and license keys are ASCII, but is worth noting. The aiohttp floor was already raised to >=3.14.0 (where encode_basic_auth is available) by a prior dependency bump. STF-604 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the async client to build its 'Authorization' header using 'aiohttp.encode_basic_auth()' instead of the deprecated 'aiohttp.BasicAuth' / 'auth=' parameter, and updates the changelog accordingly. Feedback was provided to address a potential issue where 'self._account_id' might be a 'bytes' object, which would lead to incorrect header formatting and authentication failures; a fix was suggested to decode it to a string if necessary.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "Authorization": aiohttp.encode_basic_auth( | ||
| self._account_id, | ||
| self._license_key, | ||
| ), |
There was a problem hiding this comment.
If account_id is passed as bytes to the client, self._account_id will be stored as bytes (as seen in BaseClient.__init__). Passing a bytes object to aiohttp.encode_basic_auth will result in an incorrect Authorization header because the f-string formatting inside aiohttp.encode_basic_auth will format it as b'...' (e.g., b'12345':license_key), leading to authentication failures.
We should decode self._account_id to a string if it is a bytes object before passing it to aiohttp.encode_basic_auth.
"Authorization": aiohttp.encode_basic_auth(
self._account_id.decode("utf-8")
if isinstance(self._account_id, bytes)
else self._account_id,
self._license_key,
),
2 participants
STF-604
As of aiohttp 3.14.0,
aiohttp.BasicAuthand theauth=parameter onClientSessionare deprecated and will be removed in aiohttp 4.0, emittingDeprecationWarnings in CI. This builds theAuthorizationheader explicitly withaiohttp.encode_basic_auth()in the async client instead.Only the async (aiohttp) client is affected; the sync client uses
requests(.auth), which is not deprecated.Notes
encode_basic_auth()defaults to utf-8 whereBasicAuthdefaulted to latin1. Irrelevant here (numeric account IDs, ASCII license keys), but worth noting.>=3.14.0(raised by a prior dependency bump), soencode_basic_authis guaranteed available.webservice_test.py::test_requestalready asserts theAuthorizationheader value, and passes unchanged (the header bytes are identical to the oldBasicAuthoutput).🤖 Generated with Claude Code