NSMutableURLRequest setting authorization header

Question

When setting the “Authorization” header of a NSMutableURLRequest, my server’s response of headers does not include that header:

[Host] => myhost.com
[Content-Type] => application/x-www-form-urlencoded
[Connection] => keep-alive
[Accept] => */*
[User-Agent] => MyApp/1 CFNetwork/758.3.15 Darwin/15.4.0
[Content-Length] => 327
[Accept-Language] => en-gb
[Accept-Encoding] => gzip, deflate

I read the documentation suggest not setting this here, so where should I set the authorisation header on the client side?

The purpose of my Authorization header is to send along my Oauth signature and other Oauth related information

Carlos Parada · Answer 1 · 2016-04-26T20:49:54.867

You have user and password API

 // Create the request
 NSMutableURLRequest* request = [NSMutableURLRequest requestWithURL:url cachePolicy:NSURLRequestReloadIgnoringLocalAndRemoteCacheData timeoutInterval:0];

// New Create the connection
NSURLSessionConfiguration *defaultConfigObject = [NSURLSessionConfiguration defaultSessionConfiguration];

NSURLSession *session = [NSURLSession sharedSession];//sessionWithConfiguration:defaultConfigObject delegate:self delegateQueue:[NSOperationQueue mainQueue]];

NSURLCredential *creds = [NSURLCredential credentialWithUser:self.username password:self.password persistence:NSURLCredentialPersistenceForSession];

NSString *authStr = [NSString stringWithFormat:@"%@:%@",self.username,self.password];// @"username:password";

NSData *authData = [authStr dataUsingEncoding:NSUTF8StringEncoding];

NSString *authValue = [NSString stringWithFormat: @"Basic %@",[authData base64EncodedStringWithOptions:0]];

// Part Important
[request setValue:authValue forHTTPHeaderField:@"Authorization"];

// Or Token
 NSString *authValueToken = @"OAuth UElJRFER1A5zcGkyW16T0";
 [request setValue:authValueToken forHTTPHeaderField:@"AuthenticatedToken"];// Authenticated API


NSString *postLength = [NSString stringWithFormat:@"327"];
[request setValue:postLength forHTTPHeaderField:@"Content-Length"];

NSString *postLength = [NSString stringWithFormat:@"application/x-www-form-urlencoded"];
[request setValue:postLength forHTTPHeaderField:@"Content-Type"];

NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request     
    completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
           receivedData = [NSMutableData data];
           NSString* responseData = [[NSString alloc] initWithData:data encoding: NSUTF8StringEncoding];
           NSLog(@"%@",responseData);
           if (error) {
                   [self handleError: error];
           }
 }];

[dataTask resume]; // <- important

NSLog(@"Header Fields Request--->> %@",request.allHTTPHeaderFields);

I need to send an Authorization header to send Oauth data to my server — Adam Carter, Apr 26 '16 at 18:43
@AdamCarter Please update your question to include that this is specific to OAuth. — quellish, Apr 26 '16 at 20:38

score 2 · Answer 2 · answered May 08 '16 at 01:49

The documentation recommends not setting it because it is usually the wrong way to do it. For most authentication, you should be creating an actual NSURLCredential object in an authentication completion handler, and you should be doing that only after an initial attempt to access the resource fails.

Unfortunately, AFAIK, there's no support for OAuth in the OS, so the only thing you can do is specify the header to begin with, and make certain that you never accidentally add any other credential for that hostname (because then there's a decent chance that your Authorization header would get stomped on if you do).

NSMutableURLRequest setting authorization header

2 Answers2