You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I run into problems with the AuthenticationCacheInterceptor: The CachingAuthenticator seems to cache a successful digest authentication (which is of course correct so far) and tries to reuse it on subsequent request (also correct).
The problem is that the request might be several seconds later than the original request thus invalidating the nonce.
In previous versions, this was fine as the authenticator just tried again until OkHttp's request limit (20) was reached. As the authentication itself was correct, the next request worked fine.
But the following code in DigestAuthenticator prevents any request after an unsuccessful authentication to be executed:
// prevent infinite loops when the password is wrong final String authorizationHeader = request.header("Authorization"); if (authorizationHeader != null && authorizationHeader.startsWith("Digest")) { Log.w(TAG, "previous digest authentication failed, returning null"); return null; }
It does prevent infinite loops (well 'infinite' as in a maximum of 20 requests) on invalid passwords but it doesn't take into consideration that something else (e. g. the previously cached nonce) was wrong.
Is there a simple way to fix this? I've removed the code and my authentication works fine again.
Thanks!
The text was updated successfully, but these errors were encountered:
Hi,
sure I'll do that as soon as I'm in the office on monday.
I basically send and successfully authenticate a request which has a nonce that's valid for five seconds. The cache saves the authentication and tries to reuse it when I issue another request ten seconds later. The nonce isn't valid anymore as ten seconds have passed and thus the authentication fails. The Authenticator treats this as wrong password and aborts authentication completely even though password and user name were correct, only the saved nonce had timed out.
Greetings :)
Hi,
I run into problems with the AuthenticationCacheInterceptor: The CachingAuthenticator seems to cache a successful digest authentication (which is of course correct so far) and tries to reuse it on subsequent request (also correct).
The problem is that the request might be several seconds later than the original request thus invalidating the nonce.
In previous versions, this was fine as the authenticator just tried again until OkHttp's request limit (20) was reached. As the authentication itself was correct, the next request worked fine.
But the following code in DigestAuthenticator prevents any request after an unsuccessful authentication to be executed:
// prevent infinite loops when the password is wrong
final String authorizationHeader = request.header("Authorization");
if (authorizationHeader != null && authorizationHeader.startsWith("Digest")) {
Log.w(TAG, "previous digest authentication failed, returning null");
return null;
}
It does prevent infinite loops (well 'infinite' as in a maximum of 20 requests) on invalid passwords but it doesn't take into consideration that something else (e. g. the previously cached nonce) was wrong.
Is there a simple way to fix this? I've removed the code and my authentication works fine again.
Thanks!
The text was updated successfully, but these errors were encountered: