How to Respond to an Authentication Challenge
If a session requires authentication it creates authentication challenge
URLSession:task:didReceiveChallenge:completionHandler:
in order for the connection to continue, the delegate has three options.
- Provide authentication credentials
- Attempt to continue without credentails
- Cancel the authentication request.
NSURLProtectionSpace will give all information about the authentication type and failure if any attempts failed earlier.
Providing Credentials
To attempt to authenticate, the application should create an NSURLCredential object with authentication information of the form expected by the server. You can determine the server’s authentication method by calling authenticationMethod on the protection space.
- HTTP basic authentication (NSURLAuthenticationMethodHTTPBasic) requires a user name and password. P
- HTTP digest authentication (NSURLAuthenticationMethodHTTPDigest), like basic authentication, requires a user name and password.withcredentialWithUser:password:persistence:.
- Client certificate authentication (NSURLAuthenticationMethodClientCertificate) requires the system identity and all certificates needed to authenticate with the server. Create an NSURLCredential object.
- Server trust authentication (NSURLAuthenticationMethodServerTrust) requires a trust provided by the protection space of the authentication challenge.
Continuing Without Credentials
If the delegate chooses not to provide a credential for the authentication challenge, it can attempt to continue without one.
• NSURLSessionAuthChallengePerformDefaultHandling processes the request as though the delegate did not provide a delegate method to handle the challenge.
- NSURLSessionAuthChallengeRejectProtectionSpace rejects the challenge. Depending on the authentication types allowed by the server’s response, the URL loading class may call this delegate method more than once, for additional protection spaces.
Canceling the Connection
The delegate may also choose to cancel the authentication challenge, by passing NSURLSessionAuthChallengeCancelAuthenticationChallenge to the provided completion handler block.