Still getting 401 after Authentication Challenge
Closed this issue · 8 comments
I'm trying to do Digest Authentication using okhttp-digest 2.2 and okhttp 4.4.0 to a server on the local network. After making the initial request without the Authentication header, the server replies with a Challenge. The initial request is resend with the generated Digest Authentication header, but I still get a 401 with an Authentication Challenge.
I'm not exactly sure what's the issue, but I compared the requests made on Android with okhttp-digest/okhttp with iOS (using Alamofire). It is working on iOS.
The generated Authorization header on Android:
| key | value |
|---|---|
| username | 85szSUFQF2jJzRAY_eQpsA== |
| realm | XTV |
| nonce | MTU4Mjk5MjkzMjUwMzphZDFhMWExZmE3Nzg5NmZkZjlhZTM4ODA2ZjkzNjUyOQ== |
| uri | 192.168.1.6:1926 |
| response | 42a83bebf69d0c1c16a8b643e44ecef6 |
| qop | auth |
| nc | 00000001 |
| cnonce | 4f6a4ad6ee010e00 |
| algorithm | MD5 |
And on iOS:
| key | value |
|---|---|
| username | G5hXS1YdTIDMKc81Nr3YEQ== |
| realm | XTV |
| nonce | MTU4Mjk5Mjk3NTUzMjpiNzdiZTJiMTRmNWRjOTJmMDQ2OWQzNmE5NTliOWFkNg== |
| uri | /6/channeldb/tv/channelLists/all |
| response | 25d1976209a214d64b5033638bf9532f |
| algorithm | MD5 |
| cnonce | 7fc19177939316b80ff5b49a56b90dfc |
| nc | 00000001 |
| qop | auth |
A striking difference is the uri.
| platform | uri |
|---|---|
| Android | 192.168.1.6:1926 |
| iOS | /6/channeldb/tv/channelLists/all |
While on Android the host with port is used, on iOS it's the path component. Could this be the issue?
can you see if this problem also persists with 2.1?
Ok, so it looks like it works for all subsequent requests (with 2.2 as well), just not with the first one (the first one that's sent with the Authentication header). It is correctly using the path component for the uri after that.
Could you create a unit test that simulates the problem? There are already a couple of tests that you can use as a basis.
I can try. I forked the project, opened with Android studio and tried to run a test to see if everything's ok (by clicking the play icon next to the unit test method), but I always get No tests were found and Class not found: "com.burgstaller.okhttp.digest.DigestAuthenticatorTest". I'm unfortunately not that familiar with Android projects and Android Studio.
Upon further debugging, it looks like the issue exists only when using Charles Proxy. In that case route.requiresTunnel() returns true (proxy.type() == Proxy.Type.HTTP), so it enters the else case, where the host and port is used.
DigestAuthenticator:232
// Add method name and request-URI to the parameter map
if (route == null || !route.requiresTunnel()) {
final String method = request.method();
final String uri = RequestLine.INSTANCE.requestPath(request.url());
parameters.put("methodname", method);
parameters.put("uri", uri);
} else {
final String method = "CONNECT";
final String uri = request.url().host() + ':' + request.url().port();
parameters.put("methodname", method);
parameters.put("uri", uri);
}
I'm not actually sure if there is an issue with this library, if this is expected behaviour or not.
I will need to double check this with a proxy setup, I will need to check #64 anyway.
can you double check with the latest version, I fixed proxy authentication there.
any news? can I close this?