Jeroen van Splunder

I'm running into the same issue. It seems the web server sometimes responds with 'www-authenticate' and other times with 'WWW-Authenticate'. Function response_hook uses a safe get on the headers dictionary...

It seems my web server issue is NOT due to case sensitivity. The requests package uses a case insensitive dictionary, which handles this just fine. However, there is an assumption...

A workaround I've found, which might or not conform to what you expect or what you might want - is to return `response`, with the 401 unauthorised, when `response2` does...