Find a handle or token in the Authorization header.

Supports either Bearer or Basic authorization types. Rebinds the logging context to include the source of the token, if one is found.


context (RequestContext) – The context of the incoming request.


The handle or token if one was found, otherwise None.

Return type:

str or None


InvalidRequestError – If the Authorization header is malformed.


A Basic Auth authentication string is normally a username and a password separated by colon and then base64-encoded. Support a username of the token (or session handle) and a password of x-oauth-basic, or a username of x-oauth-basic and a password of the token (or session handle). If neither is the case, assume the token or session handle is the username.