As followup, here is what I came up with as a long-term solution. If NTLM is available, Kerberos is probably also available and more secure, hence it's probably better to use "Negotiate" style authentication instead of just NTLM. The option code for "Negotiate" is 4. This is kind of documented in the internal httr2::auth_flags() (httr2/req-options.R at 2584361c1853e2ecf4d1728f80def74c351b1b59 · r-lib/httr2 · GitHub). That's only used for proxy request setting, so if we're making requests w/o proxies we need to set the curl option directly.
I created two little helper utilities that I use in my standard set of scripts so my httr2 requests are a bit more succinct. Maybe some day I'll submit a pull request to see if they want to include them in httr2; it's a really simple fix.
req_auth_negotiate <- function(req) {
httr2::check_request(req)
httr2::req_options(req, httpauth = 4L, userpwd = ":::")
}
req_auth_ntlm <- function(req) {
httr2::check_request(req)
httr2::req_options(req, httpauth = 8L, userpwd = ":::")
}
This lets me build requests that look just like normal httr2 requests:
library(httr2)
req_auth_negotiate <- function(req) {
httr2::check_request(req)
httr2::req_options(req, httpauth = 4L, userpwd = ":::")
}
response <- request("https://www.example.com") |>
req_auth_negotiate |>
req_perform()
response