0

I have a HTTP Basic server where i sometimes need a user to make a selection before logging in. I thought i'd do this by sending a HTTP response 401 with json contents in the HTTP body to provide the data the client needs to show to the user.

However, i cannot for the world understand how i get the response body content in the willSendRequestForAuthenticationChallenge method. Since i use Basic Auth and provide the usr/pwd directly as a http "Authorization" header, this method gets called whenever the user cannot login, or when he/she needs to make the selection i am talking about.

So... i have the NSURLAuthenticationChallenge, but i cannot see any way of reading the body from that object.

If anybody could help out i'd really appreciate it!

Mathias
  • 3,879
  • 5
  • 36
  • 48
  • See the RFC (https://tools.ietf.org/html/rfc2617) second to last paragraph in section 1.2. It doesn't look as if the spec calls for anything beyond a couple explicit headers in the response, and it looks like the SDK abstracts that (and only that) for you in NSURLAuthenticationChallenge. Can you just handle the 401 in your request error logic, check the response body there, prompt user, then start over on with a new request? – danh Jun 28 '16 at 23:22

1 Answers1

0

You cannot get the body data at that point in the request process, because the URL request potentially asks you to make a decision about whether to cancel and retry with authentication before it even downloads the body data. It's a timing issue.

What you can do is:

  • Allow the request to complete without a credential. This will cause the URL connection to download the response body (error message). Your support code can then recognize the 401 response, parse the body, and provide credentials in a retry.
  • Optionally wrap the above logic in a custom NSURLProtocol class so that it becomes transparent to the rest of your app

Alternatively:

  • Provide the additional data in a custom HTTP header. I think you can probably get an NSURLResponse object from the protection spaces's failureResponse method, and get the headers from there.

I'm not 100% certain that it is possible to get the header fields at that point, though. For sure, you can do it with an NSURLProtocol or with custom wrapper code as described earlier.

dgatwood
  • 10,129
  • 1
  • 28
  • 49
  • Hey thanks for responding. From what i understand, responses with an error code can still have a body. If i run it in a restclient in firefox, i can see the body even if i get prompted for a login again. But i'll guess i'll put it in the header... – Mathias Jun 29 '16 at 06:54
  • They absolutely can have a body. The point I was trying to make is that at the point in the loading process when NSURLConnection/NSURLSession ask you about authentication, it hasn't downloaded the body yet, but it has already received the headers (I think). – dgatwood Jun 30 '16 at 23:16