Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
okhttp3.internal.http.HttpHeaders#parseChallenges does not handle authentication header with only scheme
See original GitHub issue~If you e. g. have Proxy-Authenticate: Basic which is a valid value, the method will not work properly, because of int index = header.indexOf(' '); if (index == -1) continue;, which means the method only works properly if there is a space in the header value.~ (For Basic auth realm indeed is required)
This also breaks okhttp3.Response#challenges and okhttp3.JavaNetAuthenticator#authenticate.
Issue Analytics
- State:
- Created 5 years ago
- Comments:9 (9 by maintainers)
Top Results From Across the Web
Android OkHttp with Basic Authentication - Stack Overflow
The aforementioned solution has one drawback: httpClient adds authorization headers only after receiving 401 response.
Read more >Authenticator - OkHttp
It doesn't include the motivating request's HTTP headers or even its full URL; only the target server's hostname is sent to the proxy....
Read more >HTTP authentication - MDN Web Docs - Mozilla
A client that wants to authenticate itself with the server can then do so by including an Authorization request header with the credentials....
Read more >Authentication and Authorization - Apache HTTP Server
The module mod_authz_host provides authorization and access control based on hostname, IP address or characteristics of the request, but is not part of...
Read more >HTTP/1.1: Header Field Definitions
If no Accept header field is present, then it is assumed that the client ... Note that HTTP/1.0 caches might not implement Cache-Control...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
76 lines of code and 18
private static finalfields, so actually not even one hundred. 😄 And it works fully compliant to RFC 7235 for any auth scheme. Well, for the PR I probably have to rewrite it a tiny bit to become 1.7-compatible as it is currently written in 1.8 and throws away anything non-Basic. But as hundreds would imply at least 200, I think I’ll stay below that. 😄Great!