https://kotlinlang.org logo
#ktor
Title
# ktor
t

Travis Griggs

03/27/2024, 11:45 PM
I'm using ktor to make requests in my Android app. I have a request that uses basicAuth for additional obfuscation:
Copy code
HttpClient(CIO).get {
    url {
       protocol = URLProtocol.HTTPS
       host = MQTTDefaultBroker.hostname
       basicAuth(username, password)
       path("binaries/$subdir/twigmc-core.deb.container")
    }
}
After a successful fetch, I grab the url, and pass it to an IoT device to use as a fast fetch path if it can. Unfortunately, the basicAuth is in a header. Is there a way to get it in the url itself? (e.g. https://username:password@domain/binaries/twigmc/t[…]ore.deb.container)
a

Aleksei Tirman [JB]

03/28/2024, 6:09 AM
To do that you can use the
user
and the
password
properties instead of the
basicAuth
method:
Copy code
HttpClient(CIO).get {
    url {
        user = "username"
        password = "password"
        // ...
    }
}
t

Travis Griggs

03/28/2024, 5:37 PM
Thank you. I tried this. It made sense to me. Weirdly, it doesn't work. The behavior is weird. I log the url created by the request and it's legit. I can use curl from the command line to fetch the url with no extra arguments. But nginx returns a 401 to this. Weirdly, my iOS app uses the exact same url and works fine. Is there something that iOS/curl libraries are magically adding as a header or something that makes this work? If I use BOTH baseAuth(...) builder and the direct setters then it works, it fetches fine, and the URL has the user:pass embedded
a

Aleksei Tirman [JB]

03/28/2024, 6:22 PM
Can you share an example of the curl command?
t

Travis Griggs

03/28/2024, 9:17 PM
curl <https://7da0c415af5c3ae96f01ffe9bd449c0:069258996ba84861b8f372ef0e32b2b36@abc.xyz.com/binaries/product/firmware.file> --output foo
(I've changed the url)
a

Aleksei Tirman [JB]

03/28/2024, 9:21 PM
Are the user and the password in the URL Base64 encoded?
t

Travis Griggs

03/28/2024, 9:43 PM
nope
but if you run it with curl -vvv, you can see where it basically turns into the analagous header with B64 encoding
a

Aleksei Tirman [JB]

03/29/2024, 8:48 AM
I suggest analyzing the network traffic (for example, with WireShark) in both cases to determine the difference.