Manage digest authentication with Retrofit

[grena]

Hi everyone,

Do somebody have any idea on how to implement a digest authentication solution with Retrofit ? When the server answers with a 401 Unauthorized responses, the Callback object calls its failure() method..

Is it possible with retrofit ? Thanks in advance.

[Freyskeyd]

looking for it too

[Anndressa]

When the server returns with the 401 status, the RetrofitError response object is null, and the networkError flag is set to true, making it impossible for the app to check error.getResponse().getStatus()
I believe the error lies on the http client.
When using OkClient I get this error:
java.io.IOException: No authentication challenges found
When using ApacheClient, everything works fine.

[Freyskeyd]

In my case the challenge is empty but i get a challenge.
I use a php server to serve the REST api. This server return 401 when user is unauthenticated.

But when i add challengeResponse to the request it's like the request is send a second time.
And the request is rejected a second time.

[codefromthecrypt]

Wild guess that implementing a custom client could do the trick.

class ChallengeResponseClient implements Client{
  Client delegate;

  public Response execute(Request request) throws IOException {
    Response response = delegate.execute(request);
    if (response.getStatus() == 401){
      // authenticate, etc.

[thihamin]

Had the same issue as @Anndressa. After I included Okhttp library, the correct response status, 401, is returning now instead of IOException. Retrofit uses OkClient if there is Okhttp library.

    <dependency>
        <groupId>com.squareup.okhttp</groupId>
        <artifactId>okhttp</artifactId>
        <version>1.2.1</version>
    </dependency>

Edit:
had to remove Okhttp because it crashes the http client used by facebook sdk.
square/okhttp#184

The other possible solution is to include WWW-Authenticate header field with 401 response if you can modify the server. See discussion here. http://stackoverflow.com/questions/1357372/ioexception-received-authentication-challenge-is-null-apache-harmony-android

[dslounge]

I'm having a really weird issue related to this. I'm testing incorrect logins, where the server returns a 401 with an error message. Running on a Nexus 5 (api level 19) I get a retrofiterror and I have access to the server's response and error message, so it's fine. Testing on an api level 16 device, I get a retrofiterror where isNetworkError() is true, caused by "java.io.IOException: No authentication challenges found". Besides the exception message, there's nothing distinguishing this from an actual network error.

I searched around a lot, but there isn't a lot of documentation about this issue. I tried adding WWW-Authenticate: none to the server's 401 response, as suggested by various posts, but that doesn't seem to work. I'll have to add an ugly fix to this for the moment, but I'd like to understand why there's a difference, and how I can properly fix this. I'd appreciate any help :D

[JakeWharton]

We will not be implementing this at the Retrofit level. Tracked at square/okhttp#205.

[petroski77]

@dslounge
I'm experiencing the exact same problem. Did you ever find a solution to this problem?

Best regards
Christian

[dslounge]

It's been a while, so I don't remember if this was exactly the solution, but I added OkHttp to my project and it was fixed. Took me forever to figure that out, and there wasn't much documentation on this issue. Seems like the problem was caused by the default Android HTTP library doing things to a certain spec.

[Prashant6001]

Retrofit error: 401 Unauthorized. Previously it was working fine for me but now i am geting this error.