5

I meet this error when send a request and get back response with code 401:

com.android.volley.NoConnectionError: java.io.IOException: No authentication challenges found

Some people say that:
This error happens beause the server sends a 401 (Unauthorized) but does not give a "WWW-Authenticate" which is a hint for the client what to do next. The "WWW-Authenticate" Header tells the client which kind of authentication is needed (either Basic or Digest). This is usually not very useful in headless http clients, but thats how the standard is defined. The error occurs because the lib tries to parse the "WWW-Authenticate" header but can't. ( android - volley error No authentication challenges found )

But it's quite weird for me because I don't want to use WWW-authenticate things, I just want to get the code 401, but I always get the exception.

How can I bypass this problem? Any suggestion is really appreciated.

Community
  • 1
  • 1
imrhung
  • 824
  • 1
  • 10
  • 20
  • can you deactivate the WWW-authentification in server side? – arthur_gg May 27 '15 at 08:09
  • I cannot make change to the server. I just want to find some simple way to handle that in the client side. :) – imrhung May 27 '15 at 10:37
  • why not sending the headers with WWW-authentification? try with basic digest maybe (username + password) ? http://www.httpwatch.com/httpgallery/authentication/ – arthur_gg May 27 '15 at 10:45
  • Do you expect 401 from the server? If yes, why? As you pointed out 401 is and Unauthorized header reply. Maybe you have to provide some auth credentials when making the api request. – Andrei Catinean May 27 '15 at 12:46
  • Yes, for an invalid login the server send back 401 (without any WWW-authenticate header), I should show the user "incorrect login" message. But the response is com.android.volley.NoConnectionError, it make me difficult to detect the error to user. – imrhung May 28 '15 at 02:42

1 Answers1

6

I have do some research and come to conclusion that, this is a server issue, that did not follow the convention. From wiki:

401 Unauthorized (RFC 7235) Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication.

I think the best way to solve this problem is to solve in the server by add the header (something like:

WWW-Authenticate: xBasic realm=""

For me, I cannot change the server, so I have to check the error message to detect that a 401 error:

if (error.getMessage().equalsIgnoreCase("java.io.IOException: No authentication challenges found")){
    showLoginError();
}

Not very elegant solution but work for now.

imrhung
  • 824
  • 1
  • 10
  • 20