The Fix
Upgrade to version 0.13.0 or later.
Based on closed encode/httpx issue #802 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -421,6 +421,41 @@ class MyCustomAuth(httpx.Auth):
```
+Similarly, if you are implementing a scheme that requires access to the response body, then use the `requires_response_body` property. You will then be able to access response body properties and methods such as `response.content`, `response.text`, `response.json()`, etc.
+
+```python
Option A — Upgrade to fixed release\nUpgrade to version 0.13.0 or later.\nWhen NOT to use: This fix should not be used if the response body is not needed for authentication.\n\n
Why This Fix Works in Production
- Trigger: Can't read response in Auth.auth_flow
- Mechanism: The Auth class did not allow access to the response body in the auth flow
- Why the fix works: Added the Auth.requires_response_body attribute to allow reading the response body in the auth flow. (first fixed release: 0.13.0).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- The Auth class did not allow access to the response body in the auth flow
- Production symptom (often without a traceback): Can't read response in Auth.auth_flow
Proof / Evidence
- GitHub issue: #802
- Fix PR: https://github.com/encode/httpx/pull/803
- First fixed release: 0.13.0
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.71
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Hi! I assume you’d like to access the response body because the server returns an auth token as a JSON payload, eg {"token": "123abc"}, right?…”
“Indeed, adding a requires_response_body attribute would make sense.”
Failure Signature (Search String)
- Can't read response in Auth.auth_flow
Copy-friendly signature
Failure Signature
-----------------
Can't read response in Auth.auth_flow
Error Message
Signature-only (no traceback captured)
Error Message
-------------
Can't read response in Auth.auth_flow
What Broke
Users could not retrieve authentication tokens from server responses, causing failed authentication.
Why It Broke
The Auth class did not allow access to the response body in the auth flow
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
Upgrade to version 0.13.0 or later.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/encode/httpx/pull/803
First fixed release: 0.13.0
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix should not be used if the response body is not needed for authentication.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
Version Compatibility Table
| Version | Status |
|---|---|
| 0.13.0 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.