Handling with NSURLProtocol authentication challenges

Question

Created Jul ’15

Replies 3

Boosts 0

Views 1.4k

Participants 2

Hi,

I uses OHHTTPStubs for Unit- and UI Testing. Since this project didn't handled authentication stuff I forked the project to add this special behavoir. This did worked fine for me aslong I used NSURLConnection and/or AFNetworking (which used in the end also NSURLConnection). Now we move our code to use the NSURLSession API's and our solution for handling the authentication challenge doesn't work anymore.

What happens:

1) I created a NSURLSession with a custom NSURLSessionConfiguration

2) I created a NSURLSessionDataTask loading some JOSN data from a protected web page (Basic Auth)

3) I've a NSURLProtocol implementation in place which identify the HTTP StatusCode 401 which I mocked in -startLoading

4) I manually call on the client variable -URLProtocol:didReceiveAuthenticationChallenge: with a custom created NSURLAuthenticationChallange object

=> my delegate for the NSURLSession (-URLSession:task:didReceiveChallenge:completionHandler:) get called with an valid looking completionHandler

5) I provide credentials to the completionHandler

=> nothing happens, none of the NSURLProtocl methods get called while calling the completionHandler

6) After some seconds the -stopLoading method of NSURLProtocol get called

Does somebody have solved or seen this problem and an idea to solve or way to investigate into this?

Kind Regards,

Thomas

GitHub-Forked project: http://github.com/ThomWee/OHHTTPStubs

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’15

You should be able to get simple challenge handling working in this way but I doubt you'll be able to handle all the interesting cases. The problem is that the NSURLProtocol mechanism assumes the original NSURLConnection authentication challenge model, and at least three major revisions to the model have been applied since then.

Which makes me wonder why you're stubbing at this level rather than stubbing the NSURLSession API itself. That seems like a much more direct solution to this problem.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

T.Weese OP

Jul ’15

For me would it be enough to handle an 401 and use provided credentials to get into an 200 state of my request. Can you provide me some informations which calls to the NSURLProtocol client needs to be made to get the request passing through like in the real world?

Thomas

0

Answer 3

DTS Engineer OP

Apple

Jul ’15

There are NSURLProtocolClient callbacks for related to challenges, namely

-URLProtocol:didReceiveAuthenticationChallenge:

and

-URLProtocol:didCancelAuthenticationChallenge:

. The read me in the CustomHTTPProtocol sample code describes the sequence that you should call them in.

Admittedly, I've never tried this with an NSURLSession client; NSURLProtocol support is suffering from serious bit rot these days, so I wouldn't be totally surprised to see this not work in specific circumstances.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0