Authentication and Authentication Header in OkHTTP

Question

I am facing a rather simple situation but I cannot wrap my head around it. Maybe the OkHttp gurus could light my path.

I am using Picasso, Retrofit and OkHttp for multiple purposes on my android app. yay!. As I read properly, the developer should make an effort in keeping on OkHttpClient (as read here ).

With the approach in mind, I want any of my HTTP calls (be it an API call, an Image loading, a resource download) to :

1. Send the request
2. If HTTP401 is received, then Send another HTTP Request that sends a token back
3. When that token is received, the call is re-emitted with that token included in the headers
4. Any subsequent call (be it an API, a resource or image call) should use that token until the next HTTP401 is received (invalid token).

Of course, I would reuse the same client for Retrofit and Picasso.

One route I am considering is to use a mix of Authenticator and an application Interceptor. Authenticator should catch HTTP401, but can I make it make another sync request in the meantime, store the token and activate the new interceptor ?

Answer 1

Looks like I found the solution myself to that problem so let's share the knowledge to everyone.

In order to this, OkHttp already gives all the necessary hooks.

1. Make sure to use Authenticator
2. Install an interceptor once the authenticator succeed
3. Return a request with the good token.

This also imply that the Authenticator handles an HTTP to set your token back (done in another android service).

okHttpClient.setAuthenticator(new Authenticator() {
            @Override
            public Request authenticate(Proxy proxy, Response response) {

                AccountManager accountManager = AccountManager.get(context);
                Account[] accounts = accountManager.getAccountsByType(Authenticator.ACCOUNT_TYPE);
                // No account, do not even try to authenticate
                if (accounts.length == 0) {
                    Log.i(TAG, "... But we dont have any account yet, so I will just back off for now.");
                    return null;
                }

                Account account = accounts[0];

                try {
                    final String mCurrentToken = accountManager.blockingGetAuthToken(account, "", false);

                    // For now, we just re-install blindly an interceptor
                    okHttpClient.interceptors().clear();
                    Log.i(TAG, "... Installing interceptor after authentication");
                    okHttpClient.interceptors().add(new Interceptor() {
                            @Override public Response intercept(Chain chain) throws IOException {
                                Request request = chain.request();
                                Request newReq = request.newBuilder()
                                    .addHeader("Authorization", mCurrentToken)
                                    .build();
                                Response response = chain.proceed(newReq);

                                return response;
                            }
                        });
                    Log.i(TAG, "Install temporary auth token in request");
                    return response.request().newBuilder()
                        .addHeader("Authorization", mCurrentToken)
                        .build();

                } catch (OperationCanceledException e) {
                    Log.e(TAG, "Interrupted exception");
                    return null;
                } catch (AuthenticatorException e) {
                    Log.e(TAG, "Authentication error");
                    return null;
                } catch (IOException e) {
                    Log.e(TAG, "IO Error");
                    return null;                        
                }
            }


            @Override
            public Request authenticateProxy(Proxy proxy, Response response) {
                return null; // Null indicates no attempt to authenticate.
            }
        })

With this, just use this OkClient in Picasso and Retrofit.