Alamofire: Adapting and Retrying Requests for Basic Authentication System

Hi @markandshare,

Could you please provide more info as to what doesn't work? Without quite a bit more information, we won't be able to help you.

Thanks @cnoon for your reply.

We are developing an app that uses API services to get and post the data to our server. Currently, we are tackling with the session timeout of our implemented authentication system (basic auth), and we think of using the adapt and retry mechanism to handle the session expiry problem for inactivity.

However, I'm not quite familiar with Swift and I tried to follow the guidelines to setup my handler function for the adapt and retry part but it doesn't work. I'm not sure where I should initialise the adapter and retrier to my session manager.

The workflow is as the following:

1. Sign in to system (SignInViewController) and the controller has delegation functions to handle other view's requests to server via API.
2. After user authentication, it brings to Home screen (MainViewController) of our app, which is a master-details view. The home controller has all the delegations to hand over the API requests from other views to SignInViewController.
3. There are remaining subsequent view controllers for the functions of our app.
4. All the data in master and details view controller, as well as the subsequent views, has to retrieve from the server by API, through MainViewController and passing back to SignInViewController to perform the API requests.

The problem is actually the handling of expiring a session due to user's inactivity. So we tried to use your mechanism to re-perform the requests, once the session is invalid. But somehow I can't figure out how to implement it correctly.

Many thanks if you could help me to solve the issue.

Can you post how you are setting up the session? Your adapter seems fine more or less, so I'm guessing it's how you set up the session and are using it.

I 'm not sure if in this site you could find something helpful there are examples that use basic auth but I'm not sure if is this that you want to do

btw https://github.com/Alamofire/Alamofire/blob/master/Documentation/AdvancedUsage.md#adapting-and-retrying-requests docs is out of date.
func retry(_ request: Request, for session: Session, dueTo error: Error, completion: @escaping (RetryResult) -> Void)

@cnoon, Thanks for your reply.

Here's the sample code for initialising the session in the SignInViewController:

class SignInViewController: UIViewController, MainPageDelegate, UIScrollViewDelegate, UITextFieldDelegate {

    // Session Manager
    var sessionManager = Alamofire.SessionManager()
    var headers: HTTPHeaders = [:]

    var username = ""
    var password = ""

    @IBOutlet weak var textFieldUsername: UITextField!
    @IBOutlet weak var textFieldPassword: UITextField!
    @IBOutlet weak var loginButton: UIButton!
    @IBOutlet weak var scrollView: UIScrollView!

    // Login function
    @IBAction func buttonLogin(_sender: UIButton) {
        // Authentication API
        let URL_USER_LOGIN = serverConstant.BASE_API_URL + "/loginProcessRest"

        username = textFieldUsername.text!
        password = textFieldPassword.text!

        // API parameters for user authentication
        let parameters: Parameters=["j_username": user,
                                    "j_password": password,
                                    "json": "true"]


        if let authorizationHeader = Request.authorizationHeader(user: user, password: password){
            headers[authorizationHeader.key] = authorizationHeader.value
        }

        if !isConnectedToInternet() {
            /* Some action for no network connection */
        }
        else {
            sessionManager = Alamofire.SessionManager(serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverConstant.serverTrustPolicies))
            sessionManager.request(URL_USER_LOGIN, method: .post, parameters: parameters, headers: headers).responseJSON {
                //making a post request
                loginResponse in

                if loginResponse.response?.statusCode == nil {
                    /* Action of Error handling for server error */
                }

                if let result = loginResponse.result.value {
                    /* Store user's profile data to local storage */
                }

                // Check for user's role privilege
                self.getUserPriviliege(userId: String(self.userId)) { returnUserAuthList, error in

                    if returnUserAuthList!.contains("<UNAUTHORIZED_ROLE_NAME>") {
                        /* Action of Error handling for role authentication error */
                    }
                    else {
                        if loginResponse.result.value != nil {
                            /* Some actions for Keychain services */
                            /* Another actions for getting user's other profile data and store locally */
                        }
                        else {
                            /* Action of Error handling for invalid username and password */
                        }
                    }
                }
            }
        }
    }

    func getSomeUserData(completionHandler: @escaping (SomeDataType?, [SomeDataList]?, Error?) -> Void) {
        let URL_GET_SOMEUSERDATA = serverConstant.BASE_API_URL + "/v1/someUserData"
        /* Some variables declaration */

        self.sessionManager.request(URL_GET_SOMEUSERDATA, method: .get, parameters: nil, headers: self.headers).responseJSON {
            //making a get request
            response in            
            do {
                someDataList = try JSONDecoder().decode(Array<SomeDataList>.self, from: response.data!)
                completionHandler(someData, someDataList, nil)
            } catch {
                print ("[Error] Error in decode JSON - ", error)
                completionHandler(nil, nil, error)
            }
        }
    }
}

The function getSomeUserData is a sample API request handling function for my app to get data from the server via API. These kind of requesting functions will be called when the data is needed to grab down from server.

Recently, I also had another problem of handling another type session expiry. This expiry problem is because the app was not be terminated (still working in background and using other apps) after the user successfully signed in before. I was trying to check this type of inactivity by determining whether the API returns 401 status and ask the user signing in again. May I know whether there is mechanism to achieve this by the library?

Sorry for my late reply and many thanks for your help in advance.

@SandraMarcelaHerreraArriaga, Thanks for your help.

The site seems to discuss the problem when the authentication system adopted the token approach. However, our app simply authenticates the user by the username and password only with a simple session management (handled by session IDs) without token generation.

@NikKovIos, Thanks for your help.

So does that mean the retrier support the mechanism of session ID management, for my case?

@markandshare There are several issues with the code you posted, some of which will impact your ability to retry request requiring authorization, especially if you have other requests needing to retry at the same time.

First and foremost, you're recreating your SessionManager every time you make a request. This has both a performance impact, as you're recreating quite a bit of state every time, as well as preventing you from using a common retrier for all requests. Your SessionManager should be a singleton, and the logic that builds your requests and issues them to the SessionManager instance should not be part of a view controller. This will be more performant and allow you to take advantage of Alamofire's retry features.

Second, you're not adding a retrier to the SessionManager when you initialize it, so there is nothing attempting to retry. You need to add the retrier when you create the SessionManager or update to Alamofire 5 and add it when you make the request.

Third, you should not be doing any sort of connection precheck when making requests. You should make the request and let it fail, using the error you receive to take any next steps, or to trigger retry. Alamofire 5's RetryPolicy type can do this sort of retry for you automatically.

If there are no additional questions, I'm closing this issue.