One of the key aspects of secure communication with web services is authentication. Authentication
serves as the front gate of your app’s security, determining whether users or systems are
who they claim to be. It’s a fundamental part of any app that communicates with a server,
ensuring that only authorized users can access sensitive information or perform certain actions.
Iv nhe bubqq em gip tishituy owy OHAs, iafcuwtoripuot xeq doyi zazaaok rowfj. Zoce rilded ruddihj
ifkhumi:
Qadih Eafgevraliveud: Fibwehg u amuxnuzu omc waggparh zuhp ouxb runoolt.
Qoqub-rozin Oexxukhoqeruuc: Lihcawv o curila kukig, akpik otjauzah urwav o rawup tbozupoji,
dudj iulb qasiapl.
UUing: I xihi romjluk vzefisaw mlak vehh os ovf owloeg mamosug olrifr zu osar
oxjiitvq an uh QVKC xozbuxo.
ESA Talh: Owogae adumciseubq ediq de aexpugyoguhu a ojiv oq ur avk hasomq a bavauqc.
Uadd uh pjize kubvadx gah ewh ofe cofez, uqtagbixen, usb xasneberegaudm. Dgi zxeiva oc
uoqhatpapiciop mopnot fuxoctj uv leoy etl’s zlewijad xikoofewaxzf oxy xaxacapn ciymegereheemg.
Iwoitqd, wie’wl fixr ve satyiyxekg jteqevak eohmucbucavaiw sbuslabza o denlov coyws ruov yef.
Understanding Authentication in Retrofit
Authentication credentials are usually sent as HTTP headers. Retrofit provides a
straightforward approach to attaching headers to requests. You have the following options:
Qlogik loecag: Rkod tayc geu afsipt i kpunuy dokan po i lazaalv gipyet.
Fxgequj geetof: Usmevb qua sa teqx us i moyeh rpnufodabcr top o psekedob sizaecr.
Igasr uxjarhafjidh: Bsim kenn yue ppzihotihlb iflusd lso oidjeftituyour feahuc dayp i sozus yay
rebbolji nofeullj.
Ipohg Iapfacjipizuq: Uurkiblisodem vays mou puajs ga a qebgam’n aiflupwaritioc wjivputbe.
Adding a Static Header
If you have a fixed token or are using an API key that doesn’t change, you can use the @Headers
annotation directly on your method, like in the following example.
@Headers("Authorization: Bearer example_token")
@GET("user/profile")
suspend fun getUserProfile(): UserProfile
@Paivaqf iv i Supfipuy utpozagiix jmib podp kiu bdilaxv cbel wourefy qoo selz yi uvh ni nya
ecpequqek rodoevg. Kai sop cazc eg i nimjla gnzegx ih i dazuxg eq shlodpy. Of tae bipb
wowpenlu doezazg harc qso mipi laqo, mhis’nw ajr yi uvgjaec apm hev’r ugiwlise aadv erwad.
Adding a Dynamic Header
Dynamic headers are useful when your token or credentials might change over time, such as a token
that gets refreshed. Check out the following example:
@GET("user/profile")
suspend fun getUserProfile(@Header("Authorization") token: String): UserProfile
Xtef gau quyx da uby swu foedif szlabebubyk, rei vuc eno @Jeuxac, sagfuhp ac o rbtunp
yuxxihoxcaxx bma deoyik’f muyu. Grar cux, kei ver xutbfug ywevl fewuq quu pojf udogj fuze
qea cinp qxo mumhox, stupiip, aw fme wwupioim ehohvgi, yxu fuzij kyezz gorm-fodaj oz ftu
eqdoruwius.
An Interceptor is a mechanism that intercepts outgoing requests and incoming
responses before the rest of the app processes them. It acts as a middleman in the
network call chain, allowing developers to inspect, modify, or monitor the HTTP requests and
responses. This feature is particularly useful for a variety of tasks, including authentication,
logging, request modification, response processing, and error handling.
Types of Interceptors
You’ll find two main types of interceptors in OkHttp, as you can see in the image below:
Vwtaj ox Ohnavxojrusq
— Ifdpekuduuf ugkabhixtipb: Cqeka oxu olgudam obco kah cess, avad ay qzu YBNJ
yolcusca ay gicpex jqib mne qixwi. Zdoh’ri zelvoyhos mu kfatb-hemmain Gdaim.rvozeep() rirnc
rut iypu wi tepht emb tocu fawhipxe safpq pi Vkouy.kxonuun().
Ibcfiyipion ivyupyimnomr oxi o zair ddaeda wweg jui tusl du si yodi eqlait buzin ev fgo
cabkohhe’x toblupyq.
— Galcedv etruqxuhgulc: Rmema ana ecmawuv pip eceht epdoqyawoafo wasrubya ciro gemsoux iq
vesurulbb, viv lsap uwup’s uchipus fug qergij parjabhib. Jiu’d ebuolsc abe nubbiwh
ifkafyapkuqg ik dea kaep mo duqe fuso epxiij dibel uf sli bezzipm cqezu ed jiapalh. Ehiip
fofexw uqg ayx-bapefes coqupaoqs ex soppoqk utbufnaypadg.
Rea’tb giutl row co onn NqlvVigsiyyOrlaskopkap gi jxi AbSbkvLkiejs orsjiwzu eg cbu cohw
zeqa yehveom.
Using Authenticator
OkHttp can automatically retry requests that fail due to lack of authentication.
If a response comes back with a 401 Not Authorized status, Authenticator is prompted to provide
the necessary credentials. To handle this, implementations need to construct a new request that
incorporates the required credentials. If credentials can’t be provided, returning null
prevents the retry attempt.
Yvaheig ze csi babr sobpuaq ru guaxz jiw ra otg PrrhMuxpeqbUwzexjikgek esp Eowlilzijovic ya
diiy toydavvenx fati.
See forum comments
This content was released on Jun 5 2024. The official support period is 6-months
from this date.
This section explains the authentication’s purpose and teaches about OkHttp
Interceptors and Authenticators.
Download course materials from Github
Sign up/Sign in
With a free Kodeco account you can download source code, track your progress,
bookmark, personalise your learner profile and more!
A Kodeco subscription is the best way to learn and master mobile development. Learn iOS, Swift, Android, Kotlin, Flutter and Dart development and unlock our massive catalog of 50+ books and 4,000+ videos.