Hi Yann,
Sorry for the late reply. For some reason your email wasn't
delivered until now :-(
Do you know which headers is sent back to the client with the
401 response?
The client expects either WWW-Authenticate with 401 or
Proxy-Authenticate with 407 - and will throw an
IOException: Invalid auth header
if the header expected for the unauthorized code is
not found.
I have logged https://bugs.openjdk.java.net/browse/JDK-8203882
to try and improve this behavior, but it would be helpful
to know what headers the server sends back with its 401
response.
best regards,
-- daniel
On 15/04/2018 22:01, Yann Le Moigne wrote:
Hello,
I tried to use the incubator/httpclient to use a rest API. This API use non
standard header and a json web token for authentication. This API return 401
status when the token is missing.
Currently ( java version "10" 2018-03-20 ) the response processing end with :
```
java.io.IOException: Invalid auth header
at
jdk.incubator.httpclient/jdk.incubator.http.AuthenticationFilter.lambda$response$1(AuthenticationFilter.java:211)
```
I did not find a way to disable this filter or workaround the issue, and the
current code block my use case.
Is it intended ? (I believe that 401 is agnostic about the way the auth must be
performed, but I’m not sure)
Any workaround to suggest ?
Regards,
Yann.
