How to use LWP::UserAgent with HTTP Basic Authentication in Perl?

LWP::UserAgent is a great module for HTTP requests in Perl, and it supports HTTP Basic Authentication through the credentials method. However, the example using httpbin.org depends on network access, which is disallowed in a sandbox environment. To demonstrate how to use Basic Authentication with LWP::UserAgent in a sandbox-friendly way, we can simulate a request by manually adding the Authorization header instead of actually making a network call.

This approach shows how to construct the header correctly, which is the core of HTTP Basic Auth, without requiring external host availability. Here’s a runnable example that prints the HTTP request headers including the Base64-encoded credentials.

Using LWP::UserAgent with Basic Auth - Sandbox-Friendly Example

Since we can’t make real HTTP calls in the sandbox, we manually create the Authorization header by Base64 encoding the username and password, then make a request to a dummy local URL. We'll print the headers to demonstrate the authorization header is set correctly.

use strict;
use warnings;
use LWP::UserAgent;
use MIME::Base64;

# Credentials
my $username = 'user';
my $password = 'passwd';

# Base64 encode "username:password"
my $auth = encode_base64("$username:$password", '');

# Create UserAgent object
my $ua = LWP::UserAgent->new;

# Prepare a dummy request (example.com is just a placeholder)
my $req = HTTP::Request->new(GET => 'http://example.com/protected');

# Add Authorization header manually
$req->header('Authorization' => "Basic $auth");

# Instead of sending the request (which fails in sandbox), print the headers to verify
print "Request Headers with Basic Auth:\n";
print $req->as_string;

Explanation of Key Points

• LWP::UserAgent->credentials automates adding the Authorization header but requires a real network call and known realm.
• In a sandbox without network, you can construct the header manually by Base64 encoding username:password.
• MIME::Base64 is a core Perl module, safe to use in core environments.
• HTTP::Request objects hold request data and headers, which LWP::UserAgent sends when performing requests.
• This example uses print $req->as_string to show the full raw HTTP request, including headers.

Common Pitfalls

• Do not manually build the Base64 string without proper encoding — always use encode_base64 to avoid extra whitespace.
• The realm string required by credentials must exactly match the server’s challenge; otherwise, auth fails silently.
• Remember to specify the hostname and port accurately when using credentials.

Summary

In a real environment, use $ua->credentials($host_port, $realm, $user, $pass) to transparently handle HTTP Basic Auth. In restricted environments, manually add the Authorization header with Base64 encoded credentials to your HTTP::Request object before sending. This example prints out the headers so you can verify the correct authentication header format.