Ktor: Client Auth Feature doesn't send header on Android target
Ktor Version
1.2.0
Ktor Engine Used(client or server and name)
client
JVM Version, Operating System and Relevant Context
Android Studio 3.4.1, java version "1.8.0_191", macOS 10.14.5
I already had a little discussion and help in the kotlin slack channel but couldn't get it working https://kotlinlang.slack.com/archives/C0A974TJ9/p1558546141272000 . So I decided to download the official ktor client-mpp sample to see if the same issue happens.
Feedback
Steps to reproduce:
- I downloaded the https://github.com/ktorio/ktor-samples (Latest commit 57fb025), synced gradle and succesfully build the client-mpp android app.
- Added
commonMainImplementation "io.ktor:ktor-client-auth:$ktor_version"to gradle - Changed the HttpClient in the Android Api class to
private val client = HttpClient {
install(Auth) {
basic {
username = "test"
password = "pw"
}
}
}
and added
import io.ktor.client.features.auth.Auth
import io.ktor.client.features.auth.providers.basic
Now the Api class doesn't show any warning or error but when I try to build the project it fails with the following output:
e: /ktor-samples-master/mpp/client-mpp/src/commonMain/kotlin/io/ktor/samples/mpp/client/Api.kt: (4, 37): Unresolved reference: Auth
e: /ktor-samples-master/mpp/client-mpp/src/commonMain/kotlin/io/ktor/samples/mpp/client/Api.kt: (5, 47): Unresolved reference: basic
.....
- After adding
androidMainImplementation "io.ktor:ktor-client-auth-jvm:$ktor_version"to gradle, the Android project builds successfully. But the calls do not include any Authorization header.
SimonSchubert
All 4 comments
Hi @SimonSchubert, thanks for the report.
The client sends auth header after AuthRequired response from the server for security reasons.
Could you clarify the use case and provide the endpoint you want to use?
e5l
on 24 May 2019
@e5l for specific cases when contract between client and server is clear, it might be beneficial to send Authorization header right away without waiting for 401.
Also in some interactions I'm observing that auth header is not sent after 401, looks like basic provider is not matching for some reason.
zeldigas
on 24 May 2019
Thanks @e5l for formatting my post and the clarification about the AuthRequired , I didn't know that.
I'm using the Nextcloud News App Api https://github.com/nextcloud/news/blob/master/docs/externalapi/Legacy.md#authentication--basics Particularly the login/getFeeds/getItems calls.
My implementation: https://github.com/SimonSchubert/Newsout/blob/master/shared/src/commonMain/kotlin/com/inspiredandroid/newsout/Api.kt works find when I send the Authorization header manually. I tried to add the Auth feature in the following branch https://github.com/SimonSchubert/Newsout/blob/feature/ktor_auth_feature/shared/src/commonMain/kotlin/com/inspiredandroid/newsout/Api.kt
Just in case if it is not possbile to get a AuthRequired response from the server. Like @zeldigas suggested, I would like to be able to send the Authorization header straight away.
SimonSchubert
on 24 May 2019
Thank you for adding the feature to version 1.2.3 馃檱 After adding sendWithoutRequest = true to the BasicAuthConfig the authentication works.
install(Auth) {
basic {
....
sendWithoutRequest = true
}
}
I will close this issue.
SimonSchubert
on 2 Aug 2019
Related issues
shinriyo
路
4Comments
gabin8
路
3Comments
gabin8
路
4Comments
guenhter
路
4Comments
ManifoldFR
路
4Comments
Most helpful comment
@e5l for specific cases when contract between client and server is clear, it might be beneficial to send
Authorizationheader right away without waiting for 401.Also in some interactions I'm observing that auth header is not sent after 401, looks like basic provider is not matching for some reason.