Http proxy with digest auth, error when server sends HTTP-301 redirect

Question

Http proxy with digest auth, error when server sends HTTP-301 redirect

bdruemen opened this issue 5 years ago · 2 comments

Tested with okhttp-digest 2.1 and okhttp 4.4.0
Using a squid as proxy on ubuntu-server (the docker image)
configured as in this howto: https://blog.mafr.de/2013/06/16/setting-up-a-web-proxy-with-squid/

Digest Authentication at the web proxy is working well, but after the remote server was sending an http-301 redirect, the client wants to call the new URL.
The session is keep-alive, so another authentication is not needed.
But the DigestAuthenticator still sees the 407 response code, and then looks for the digest header, and crashes because the value is "OkHttp-Preemptive" then.

The following is a helpful workaround:
`
DigestAuthenticator authenticator = new DigestAuthenticator(new Credentials(username, password));

Authenticator correctedAuthenticator = new Authenticator() {
@OverRide
public Request authenticate(Route route, Response response) throws IOException {
// workaround problem on HTTP-301 redirect
if ("OkHttp-Preemptive".equals(response.header("Proxy-Authenticate"))) {
return null;
}
return authenticator.authenticate(route, response);
}
};
builder = builder.proxyAuthenticator(correctedAuthenticator);`

Answer 1 · 2020-03-12T09:21:07.000Z

hey, I am currently on vacation, will try this on squid when I come home. If you need it more quickly, you can try and create a PR.

Answer 2 · 2020-03-17T06:38:28.000Z

I can replicate the problem with ProxyAuthenticationManualTest and the described setup.