Unable to authenticate with private index when providing username and credentials in keyring with SecretService

[EpicWink]

I am unable to use a private index using credentials stored in my keyring if I explicitly provide the username in the index URL. This seems to be an issue specifically with SecretService keyring back-end, and with keyring v19.2 and above (Ubuntu 20.04 ships with keyring 18.0.1). In addition, everything works fine if I don't specify the username in the index URL (and of course, it works fine if I pass username and password in the index URL).

It seems as if keyring returns a credentials object regardless of whether it found a matching entry and a truthy password, as opposed to the default behaviour of returning a falsy if the password is falsy, in keyring.get_credential.

Environment

• pip version: 20.1.1
• Python version: 3.8.2
• OS: Ubuntu 20.04.1
• keyring: 21.2.1

$ keyring --list-backends

keyring.backends.chainer.ChainerBackend (priority: -10)
keyring.backends.fail.Keyring (priority: 0)
keyring.backends.SecretService.Keyring (priority: 5)

Reproduction

Store username and password in keyring for index hostname

echo pass | keyring set pypi.myorg.com user

Attempt to download a package, providing the username in the index URL

pip3 install myorg-mypackage --extra-index-url https://user@pypi.myorg.com/

Output

ERROR: Could not find a version that satisfies the requirement myorg-mypackage (from versions: none)
ERROR: No matching distribution found for myorg-mypackage

[jaraco]

Can you write up a reproducer for this issue with keyring in isolation - show where the true/false expectation is missed - and file what with the keyring project?

[pradyunsg]

The fix for this issue might be bumping the version of keyring we have vendored in pip.

[uranusjr]

Does pip vendor keyring?

[pfmoore]

No, that's sort of the whole point of what's wrong with the keyring integration, IMO.