java.util.concurrent.ExecutionException: org.eclipse.jetty.client.HttpResponseException: HTTP protocol violation: Authentication challenge without WWW-Authenticate header

[majones713]

Jetty version

Gradle Dependency
implementation 'org.eclipse.jetty:jetty-reactive-httpclient:3.0.0'

Java version
1.11

OS type/version
macOS High Sierra/10.13.6

Other
Using Springs WebFlux (2.4.0) WebClient with Jetty

Description
When executing request I'm getting 401 status code from response. Because of that 401 status code Jetty is throwing this exception:

java.util.concurrent.ExecutionException: org.eclipse.jetty.client.HttpResponseException: HTTP protocol violation: Authentication challenge without WWW-Authenticate header
	at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
	at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
	at com.company.test.css.api.security.clients.tests.authn.AuthnTests.verifyAuthnHelper(AuthnTests.java:261)
	at com.company.test.css.api.security.clients.tests.authn.AuthnTests.verifyAuthn(AuthnTests.java:66)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:132)
	at org.testng.internal.MethodInvocationHelper$1.runTestMethod(MethodInvocationHelper.java:238)
	at org.springframework.test.context.testng.AbstractTestNGSpringContextTests.run(AbstractTestNGSpringContextTests.java:181)
	at org.testng.internal.MethodInvocationHelper.invokeHookable(MethodInvocationHelper.java:252)
	at org.testng.internal.TestInvoker.invokeMethod(TestInvoker.java:595)
	at org.testng.internal.TestInvoker.invokeTestMethod(TestInvoker.java:174)
	at org.testng.internal.MethodRunner.runInSequence(MethodRunner.java:46)
	at org.testng.internal.TestInvoker$MethodInvocationAgent.invoke(TestInvoker.java:822)
	at org.testng.internal.TestInvoker.invokeTestMethods(TestInvoker.java:147)
	at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:146)
	at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:128)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.eclipse.jetty.client.HttpResponseException: HTTP protocol violation: Authentication challenge without WWW-Authenticate header
	at org.eclipse.jetty.client.AuthenticationProtocolHandler$AuthenticationListener.onComplete(AuthenticationProtocolHandler.java:163)
	Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Error has been observed at the following site(s):
	|_ checkpoint ⇢ Body from POST https://hostname/v1/authn [DefaultClientResponse]
Stack trace:
		at org.eclipse.jetty.client.AuthenticationProtocolHandler$AuthenticationListener.onComplete(AuthenticationProtocolHandler.java:163)
		at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:218)
		at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:210)
		at org.eclipse.jetty.client.HttpReceiver.terminateResponse(HttpReceiver.java:481)
		at org.eclipse.jetty.client.HttpReceiver.terminateResponse(HttpReceiver.java:461)
		at org.eclipse.jetty.client.HttpReceiver.responseSuccess(HttpReceiver.java:424)
		at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.messageComplete(HttpReceiverOverHTTP.java:365)
		at org.eclipse.jetty.http.HttpParser.handleContentMessage(HttpParser.java:585)
		at org.eclipse.jetty.http.HttpParser.parseContent(HttpParser.java:1702)
		at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1531)
		at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.parse(HttpReceiverOverHTTP.java:204)
		at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:144)
		at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:79)
		at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:131)
		at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:169)
		at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
		at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
		at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540)
		at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395)
		at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
		at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
		at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
		at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
		at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
		at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
		at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
		at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
		at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
		at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
		at java.base/java.lang.Thread.run(Thread.java:834)

The request looks like this:

URI: https://company.com/v1/authn
Method: POST
Request Headers =>
		Accept-Encoding : gzip
		User-Agent : Jetty/9.4.34.v20201102
		Content-Type : application/json
		Accept : application/json
		Content-Length : 155
		Host : company.com

When I use another type of client like RestTemplate it doesn't happen but here is RestTemplates request/response so you can see what actual response headers/etc look like using different httpclient:

===============================request begin=================================
 URI         : https://company.com/v1/authn
Method      : POST
Headers     : [Accept:"text/plain, */*", Content-Type:"application/json", Content-Length:"155"]
Request body: {"context":"field1":"blahblah"},"field2":"blah","field3":"blah","field4":"blah"}
================================request end==================================
================================response begin================================
Status code  : 401 UNAUTHORIZED
Status text  : Unauthorized
Headers      : [Access-Control-Allow-Origin:"*", Content-Length:"177", Content-Type:"application/json; charset=utf-8", Strict-Transport-Security:"max-age=15552000; includeSubDomains", Vary:"Accept-Encoding", X-Content-Type-Options:"nosniff", X-Dns-Prefetch-Control:"off", X-Download-Options:"noopen", X-Frame-Options:"SAMEORIGIN", X-Xss-Protection:"1; mode=block", Date:"Sat, 19 Dec 2020 00:03:44 GMT", Connection:"close", Set-Cookie:"ADRUM_BT=R:0|i:131751|g:3c8c635d-a65f-4bba-944a-e9ed94b3639096|e:571|s:f|h:e|n:fig_f08e7d36-53bd-409c-a070-91e6f5d79d0f; Path=/; Expires=Sat, 19 Dec 2020 00:04:14 GMT", Server-Timing:"cdn-cache; desc=MISS", "edge; dur=118", "origin; dur=671"]
Response body: {"code":"12345","description":"The password you entered is incorrect, Please try again","x-request-id":"b71adb1a-652e","debug":"Authentication failed"}
=================================response end=================================

Another thing to note is the service I'm calling calls a downstream Okta service. All we are doing is bubbling up the response body and response status from them. Also, there is no WWW-Authenticate header returned from them.

Why is this happening with Jetty? Seems like a defect/issue?

[sbordet]

Answered in jetty/jetty.project#5829.