Authentication ## Business Purpose

Provide built-in authentication mechanisms (Basic and Digest) that automatically set the required authorization headers, as well as an extensible base class for custom auth handlers. ## Current Behaviors - _basic_auth_str() creates a Base64-encoded Basic auth header from username and password, with deprecation warnings for non-string inputs src/requests/auth.py:34. - HTTPBasicAuth sets the Authorization header in its __call__ method src/requests/auth.py:321. - HTTPDigestAuth handles the challenge-response protocol, supports MD5, SHA, SHA-256, SHA-512 algorithms, and tracks per-thread state for nonce counts src/requests/auth.py:124. - digest auth sends credentials only in response to 401, and limits retries to 2 src/requests/auth.py:273. - AuthBase provides an abstract __call__ that takes a request and returns it with added headers src/requests/auth.py:321. ## Technical Implementation Authentication objects are callables that accept a PreparedRequest and return it modified. They are passed via the auth parameter in request() or session, and applied during PreparedRequest.prepare() src/requests/models.py:422. ## Definition of Done - requests.get(url, auth=('user', 'pass')) sends an Authorization: Basic ... header. - Digest authentication correctly handles nonce, realm, and qop and increments nonce count on each request. - Digest auth stops after two consecutive 401 responses. - Custom auth class inheriting AuthBase works when passed to requests.get. - Non-string username or password in Basic auth issues a deprecation warning.