You’re right, in the requests library creation of a HTTPBasicAuth object is restricted to a 2-length tuple only…that’s a bit inconsistent, since e.g. files is documented to take file tuples that can in fact be lists.
Now looking at the documentation for RequestsLibrary, a list is supported for basic auth when creating a Session, but only a tuple is supported for auth on non-session operations.
So this is how RequestsLibrary Create Session auth is handled:
auth = requests.auth.HTTPBasicAuth(*auth) if auth else None
So any iterable with length 2 will work with it…but it’ll try to convert an instance of another supported Auth object to a HTTPBasicAuth instance…which makes it hard to use other authentication types with the RequestsLibrary Sessions.
I guess you could raise an issue about this / provide a PR with an improvement.