I'm using ktor to make requests in my Android app. I have a request that uses basicAuth for additional obfuscation:

HttpClient(CIO).get {
    url {
       protocol = URLProtocol.HTTPS
       host = MQTTDefaultBroker.hostname
       basicAuth(username, password)
       path("binaries/$subdir/twigmc-core.deb.container")
    }
}

After a successful fetch, I grab the url, and pass it to an IoT device to use as a fast fetch path if it can. Unfortunately, the basicAuth is in a header. Is there a way to get it in the url itself? (e.g. https://username:password@domain/binaries/twigmc/t[…]ore.deb.container)

To do that you can use the

user

and the

password

properties instead of the

basicAuth

method:

HttpClient(CIO).get {
    url {
        user = "username"
        password = "password"
        // ...
    }
}

Thank you. I tried this. It made sense to me. Weirdly, it doesn't work. The behavior is weird. I log the url created by the request and it's legit. I can use curl from the command line to fetch the url with no extra arguments. But nginx returns a 401 to this. Weirdly, my iOS app uses the exact same url and works fine. Is there something that iOS/curl libraries are magically adding as a header or something that makes this work? If I use BOTH baseAuth(...) builder and the direct setters then it works, it fetches fine, and the URL has the user:pass embedded

Can you share an example of the curl command?

Are the user and the password in the URL Base64 encoded?

nope

I suggest analyzing the network traffic (for example, with WireShark) in both cases to determine the difference.