Skip to content

KTOR-9198: Ignore WWW-Authenticate header when only a single AuthProvider is available #5264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zackman0010 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

KTOR-9198: Ignore WWW-Authenticate header when only a single AuthProvider is available #5264

zackman0010 wants to merge 2 commits into from
+4 −2

Conversation

@zackman0010
Copy link

@zackman0010 zackman0010 commented Dec 29, 2025

Subsystem
KTOR Client - Auth plugin

Motivation
As described in KTOR-9198, multiple large cloud services do not return WWW-Authenticate headers for every possible auth type that could potentially be used. This causes issues when a user tries to use an auth type that is not specified in the header. KTOR Client runs the isApplicable function, which returns false due to the non-matching header.

Solution
My solution is to have the findProvider function ignore the presence of the WWW-Authenticate header if only a single AuthProvider implementation is available. In my opinion, it can be assumed that a user who provides only a single auth provider would want that auth provider to be used for all calls being made through that client instance.

@zackman0010
HttpClient Auth: Use single provider regardless of auth header
53ef449 
When only a single AuthProvider is available, it should be used regardless of the WWW-Authenticate header
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 29, 2025
edited
Loading

Walkthrough

When exactly one AuthProvider is configured, selection now finds the first WWW-Authenticate header for which the provider's isApplicable returns true and returns that header with the provider; previous behavior returned the provider with a null header.

Changes

Cohort / File(s) Change Summary
Auth provider selection logic
ktor-client/ktor-client-plugins/ktor-client-auth/common/src/io/ktor/client/plugins/auth/Auth.kt		 Single-provider branch updated to compute and return an applicable WWW-Authenticate header by evaluating the provider's isApplicable against headers; previously returned the sole provider with a null header. Review header-matching and token refresh paths.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: ignoring WWW-Authenticate headers when a single AuthProvider is available.
Description check ✅ Passed The description follows the template with all required sections (Subsystem, Motivation, Solution) properly filled out with specific context.
✨ Finishing touches
  • 📝 Generate docstrings
📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 53ef449 and 23011e8.

📒 Files selected for processing (1)
  • ktor-client/ktor-client-plugins/ktor-client-auth/common/src/io/ktor/client/plugins/auth/Auth.kt
🚧 Files skipped from review as they are similar to previous changes (1)
  • ktor-client/ktor-client-plugins/ktor-client-auth/common/src/io/ktor/client/plugins/auth/Auth.kt

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Dec 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 259b1f4 and 53ef449.

📒 Files selected for processing (1)
  • ktor-client/ktor-client-plugins/ktor-client-auth/common/src/io/ktor/client/plugins/auth/Auth.kt
🧰 Additional context used
📓 Path-based instructions (1)
**/*.kt

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.kt: Follow Kotlin official style guide (https://kotlinlang.org/docs/coding-conventions.html)
Use star imports for io.ktor.* packages
Document all public APIs including parameters, return types, and exceptions
Mark internal APIs with @InternalAPI annotation
Run ./gradlew lintKotlin and fix all linting issues before giving control back to the user
Use ./gradlew formatKotlin to automatically fix formatting issues
Run ./gradlew updateLegacyAbi after making ABI changes to update ABI signature files
Binary compatibility is enforced - all public API changes must be tracked in the /api/ directories
Validate ABI with ./gradlew checkLegacyAbi and update with ./gradlew updateLegacyAbi
API changes must be intentional and well-documented
Error handling follows Kotlin conventions with specific Ktor exceptions

Files:

  • ktor-client/ktor-client-plugins/ktor-client-auth/common/src/io/ktor/client/plugins/auth/Auth.kt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zackman0010