validate_basic_auth | SignalWire

Validate a username/password pair against the agent’s configured Basic Auth credentials. The comparison uses constant-time hmac.compare_digest to prevent timing attacks.

This method is an override point. Subclasses can replace it with custom authentication logic (e.g., database lookups, external identity providers) while the rest of the auth pipeline (_check_basic_auth, _check_cgi_auth, etc.) continues to call it transparently.

Parameters

username

strRequired

Username extracted from the incoming request’s Authorization header.

password

strRequired

Password extracted from the incoming request’s Authorization header.

Returns

bool — True if the credentials are valid, False otherwise. Returns False when no credentials have been configured on the agent.

Examples

Default behavior

1 from signalwire import AgentBase
2 
3 agent = AgentBase(name="assistant", route="/assistant")
4 is_valid = agent.validate_basic_auth("admin", "secret123")

Custom validation in a subclass

1 from signalwire import AgentBase
2 
3 class SecureAgent(AgentBase):
4     def validate_basic_auth(self, username: str, password: str) -> bool:
5         """Look up credentials in an external user store."""
6         from myapp.auth import verify_user
7         return verify_user(username, password)