I'm trying to use OkHttp on Android to connect to an API that uses Basic Http authentication, and even though I appear to be doing everything right, I'm getting a 401 Unauthorized error.
The API is configured a little strangely in that it apparently requires the username (Base64 encoded) to be included in the url; it will not accept a properly formatted "Authorization: Basic " header. So the request has to be formatted like this:
https://<username>:<password>#www.api.com/api/ver/1/method
Where "username" and "password" are the Base64 encoded username and password entered by the user.
When I take the URL being sent by OkHttp and try it directly with curl, it works. So I know that the username and password are correct, they are being encoded correctly, and the url is being constructed correctly. But when I try it in my app, I get a 401 Unauthorized error with a "Www-Authenticate" header. Which is exactly what it sends if I try it in Postman with the "Authorization" header instead of the username and password in the url.
Is it possible that OkHttp is trying to be smart here, and pulling the username and password out of the url and automatically generating an "Authorization" header before sending the request? If so, I'd like to stop it from doing that.
Related
I have an app that makes request to a wcf service. Usually I authenticate all of the requests using a hash value that is sent in the body of the request and then authenticated on the server. All most all of the request are sent via json and it is easy for me to add the hash value to the body of the request. The issue I am facing is that when I send a file stream I cannot add the hash to the body of the request so I am wondering how I can authenticate that the request came from my app and not from some where else. All suggestions are greatly appreciated.
Adding an authorization item in the header is a possible solution. So, if anyone is interested, read this and this.
I'm trying to make an application that needs authentication :- when user type username and pw in the text boxes it should check with the DB in the server and authenticate.
how can i do this in the android?
can please any one help me??
thank you,
If you are a web developer you can do this authentication very easily. You can follow the following steps,
First, get the username and password from the user and put in the variables.
Create the HTTP connection to the web server (Your data posting URL).
Post the data to the URL with specified data using HTTP Get or Post method(Post is preferable for authentication)
Get the posted value using server side script and do the authentication.
send the response status to the client by using JSON encoding or some other format whether the authentication is succeeded of failure.
Get the response in android and create the InputStream and decode the JSON or some specified encoding format which you done in the server side and shown the response in mobile.
Thats it.
I have 2 textboxes and a button how do I log into a website? If the user and password are wrong then it should give an error.
It depends on how the webserver is set up, but as a simple approach, you can make and HTTP POST request, and based on either the http code returned or a message you can tell the user success or fail.
For a code snippet on how to do a POST request you can look at
http://www.androidsnippets.com/executing-a-http-post-request-with-httpclient.
You should also be doing this over HTTPS since you are sending a password.
You can use SOAP request for this purpose.
Send your soap request with user-name and password parameters.
In response, you will get the acknowledgment true of false, on basis of which you can show any user friendly message in your android login screen.
I'm building an Android app that runs off of a rails server. At first, when I tried to post simple String data to the server, I ran into an InvalidAuthenticityToken issue, but realized that I can bypass the authentication by setting the content type to "json"
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost(Constants.REST_HOST + "/add_comment");
post.addHeader("Content-Type", "application/json");
The next step was trying to get upload profile picture working. However, when I tried uploading a photo via a MultipartEntity post, setting the content type to "json" causes the following error
StandardError (Invalid JSON string):
but not setting the content type brings back the InvalidAuthenticityToken exception. What's the correct way to post an image to a rails server from a foreign Java client?
ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken):
Based on Jesse's suggestion, I ended up using
protect_from_forgery :except => :upload_avatar_pic
to disable authenticity check, but only for a specific function, so checks for browser requests are still validated.
You can disable authenticity checking on API non-get calls from non-web clients. You can do this in a before filter
class ApiController < ApplicationController
skip_before_filter :verify_authenticity_token
def create
#or whatever
end
end
The problem solved by Jesse Wolgamott said, but the page show "You are being redirected" message when I submit the form (Update,create,show). In before that the page redirected correctly. I am using rails 2.3.8.how to resolve this?
this Android code worked fine before, but i'm having problems for some reason. here is the request i'm trying to make:
https://www.google.com/reader/api/0/token
i'm getting 400:Bad Request as a response, and i'm not sure why. isn't this the correct URL for requesting a token? the auth token is being passed as a header in all requests now, and i can request feed list, and it works just fine, so there's nothing wrong with the auth code. what gives?
in addition, i can request a token in a normal browser, like Chrome, and get a token as a response body. so the request itself is not the problem. i just can't figure out what is wrong with my requests in code...
the answer is to use http rather than https. if anyone else is having trouble getting tokens from the unofficial google reader api, check whether you are using secure http or not.