How to Respond to an Authentication Challenge | iOS

How to Respond to an Authentication Challenge

If a session requires authentication it creates authentication challenge

 URLSession:task:didReceiveChallenge:completionHandler: 

in order for the connection to continue, the delegate has three options.

  • Provide authentication credentials
  • Attempt to continue without credentails
  • Cancel the authentication request.

NSURLProtectionSpace will give all information about the authentication type and failure if any attempts failed earlier.

Providing Credentials

To attempt to authenticate, the application should create an NSURLCredential object with authentication information of the form expected by the server. You can determine the server’s authentication method by calling authenticationMethod on the protection space.

  • HTTP basic authentication (NSURLAuthenticationMethodHTTPBasic) requires a user name and password. P
  • HTTP digest authentication (NSURLAuthenticationMethodHTTPDigest), like basic authentication, requires a user name and password.withcredentialWithUser:password:persistence:.
  • Client certificate authentication (NSURLAuthenticationMethodClientCertificate) requires the system identity and all certificates needed to authenticate with the server. Create an NSURLCredential object.
  • Server trust authentication (NSURLAuthenticationMethodServerTrust) requires a trust provided by the protection space of the authentication challenge.

Continuing Without Credentials

If the delegate chooses not to provide a credential for the authentication challenge, it can attempt to continue without one.

NSURLSessionAuthChallengePerformDefaultHandling processes the request as though the delegate did not provide a delegate method to handle the challenge.

  • NSURLSessionAuthChallengeRejectProtectionSpace rejects the challenge. Depending on the authentication types allowed by the server’s response, the URL loading class may call this delegate method more than once, for additional protection spaces.

Canceling the Connection

The delegate may also choose to cancel the authentication challenge, by passing NSURLSessionAuthChallengeCancelAuthenticationChallenge to the provided completion handler block.

Serverless Architecture| Tech Shorts | Quick Look

Serverless architecture, refer to the application that significantly depends on third party services or custom code that’s run with in ephemeral containers, AWS Lambda is the best-known example.

As the name suggests it not like that code is running without servers, here the code written in traditional server style such as micro services so pricing the based on the actual amount of resources consumed by application rather than on pre-purchased units of capacity.

Advantages:

Cost, effective because it not like renting or purchasing fixed quality of servers even it’s more cost effective than provisioning an autoscaling group.

Operations, as developers and operators do not need to spend time for setting up and tuning auto scaling policies.

Productivity, the units of code exposed to the outside world are simple functions. means programmer does not need to worry about multithreading or HTTP directly requests.

Disadvantages:

Performance, Infrequently used serverless code may suffer from greater response latency than a dedicated server.

Monitoring and debugging, diagnosing performance or resource usage problem may be more difficult here, attaching profilers or debuggers little difficult. furthermore, the environment in which the code runs is typically not open source so its performance characteristics cannot be precisely replicated in the local environment.

Serverless Frameworks

AWS Lambda, Azure functions with node.js, Kubernetes etc.