35

I am trying to send a GET via Android's HttpURLConnection (imported from org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnection), and upon receiving the response, an IOException is thrown:

in doRequestInternal(): "Received authentication challenge is null"

What does this error mean, and what is causing this? I am writing OAuth parameters to the Authorization header, but I do this on other occasions, too, without problems.

    if (connection == null) {
        connection = (HttpURLConnection) new URL(endpointUrl).openConnection();
        connection.setRequestMethod("GET");
    }

    //... do some OAuth message signing

    connection.connect();

    int statusCode = connection.getResponseCode(); // throws IOException
Rahul Sharma
  • 2,867
  • 2
  • 27
  • 40
mxk
  • 43,056
  • 28
  • 105
  • 132

4 Answers4

50

I found out the reason.

First of all, to all who aren't aware of what this error means (I sure wasn't): This exception is thrown if the server replies with a 401. Very intuitive, considering that it was thrown in getResponseCode() (i.o.w. you are never able to check for 401s yourself, but have to catch this IOException instead...).

The actual cause for the 401 was that I didn't send an OAuth verifier code where it was expected at this point.

mxk
  • 43,056
  • 28
  • 105
  • 132
  • Hi Matthias, were you using the twitter api? – MounirReg Jul 19 '10 at 08:49
  • 1
    no I ran into this problem as part of the DefaultOAuthProvider implementation for Signpost, which uses HTTPUrlConnection instead of Apache HttpClient. – mxk Jul 20 '10 at 14:15
  • And did you stick to Signpost? I'm having a lot of trouble with it on android. – Horia Dragomir Jul 30 '10 at 13:17
  • 1
    yes -- I developed it! This question is about a year old, meanwhile I added a CommonsHttpOAuthProvider which doesn't suffer from this issue. i.o.w. you can now use Signpost without any of the java.net classes, which are buggy in Harmony/Android. – mxk Jul 31 '10 at 07:21
  • I've seen the same issue with the Readitlaterlist.com api. – Heiko Rupp Apr 01 '11 at 19:51
  • 4
    I just experienced this and found the cause in my case was the system time on the phone was two days behind. – Jeremy Haberman Nov 28 '11 at 15:59
  • hey! I am trying to send c2dm message from my code but get this exception. Although earlier I am getting auth token with 200 code and use this token in send message request but I don't understand why I getting this exception if token was got properly – Georgy Gobozov Feb 05 '12 at 19:54
  • Strange that there is no better exception class to describe that specific case. – Snicolas Sep 13 '13 at 14:45
13

Maybe will be useful for somebody...

This exception just means malformed answer headers: the "WWW-Authenticate" header was not found. Also, chunked answers with 401 code are not supported, so you'll need "Content-Length" header (can be zero).

Vladimir
  • 1,532
  • 1
  • 13
  • 13
  • 4
    Client needs to send "Authorization" header and if server didn't like credentials it needs to send back `WWW-Authenticate`. In my case it's our server and it was sending `WWW-Authenticate` only when `Authorization` header was missing. To fix error in subject we made a change on server-side to send `WWW-Authenticate` when Authorization fails. – katit Jun 09 '12 at 18:39
4

Just add this header to the request (in server side):

WWW-Authenticate: None
Corbella
  • 1,791
  • 14
  • 24
2

Please note that there are two authentication approaches: HTTP Authentication and token-based authentication. If you are using HTTP Authentication then you have to follow referenced specification: include WWW-Authenticate header field on server side, use java.net.Authenticator locally, etc. If you are using token-based authentication then obviously you have to use cookies to store the token and make able to keep long lived sessions alive. In such case put the next code into android.app.Application.onCreate()

CookieManager cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);

and you won't have troubles when receiving HTTP 401 from the server without WWW-Authenticate header field.

Grigori A.
  • 2,628
  • 1
  • 21
  • 19