Webservice 在 Android Retrofit 中不工作，但在 Postman 和 Swift/iOS 中工作，得到 401 Unauthorized [英] Webservice not working in Android Retrofit , but works in Postman and Swift / iOS, Getting 401 Unauthorized

问题描述

技术资料"之前的简报
与 Retrofit 合作并不陌生，但遇到了这种奇怪的行为，我很难理解和修复，我有两个 Web 服务，在 Postman 和 iOS 中都可以正常工作，但只有一个在 Retrofit 中工作，而另一个不能，
在我的辩护中，我可以说我收到了(未经授权的)响应，这意味着我能够访问服务器并获得结果
在 API 开发人员的辩护中，他说它适用于 Postman 和其他设备，因此不是服务问题

BRIEFING BEFORE 'technical stuff'
Not new to working with Retrofit but came across this strange behaviour which I am having very hard time to understand and fix, I have two web service, both work fine as expected in Postman and iOS but only one works in Retrofit and not the other,
In my defence I can say I am getting (Unauthorized) response,which means I was able to hit the server and get a result
In API developer's defence he says it works in Postman and other devices so not a service issue

如果有任何改造专家告诉我，为了得到这个错误，我可能在背后做什么改造?

If any Retrofit expert out there tell me what retrofit may be doing behind my back in order to get this error?

技术资料
谈到服务的类型，它包含 Authorization Bearer token 作为标头，每 6 小时过期一次，并且根本不包含任何参数(所以应该很容易，对吧?)和一个简单的网址http://hashchuna.nn-assets.com/api/locations
不幸的是，标头令牌无法与有效密钥共享，因为它会在任何人尝试之前就过期，但无论如何Authorization Bearer 3d44626a55dbb024725984e0d37868336fd7e48a

我的尝试
我正在使用 okhttp 拦截来使用 addHeader/header 方法向请求添加授权标头，url 中没有空格，因为没有参数
在改造中遇到 401 未授权错误?
Java:Android:改造 - 使用调用但响应{代码 = 401,message=unauthorized}
https://github.com/square/retrofit/issues/1290
但他们都没有帮助

WHAT I'VE TRIED
I am using okhttp intercept to add Authorization Header to request using both addHeader/header method, no spaces in the url cos there r no params
Getting 401 unauthorized error in retrofit?
Java: Android: Retrofit - using Call but, Response{code = 401,message=unauthorized}
https://github.com/square/retrofit/issues/1290
But non of them helped

警告
现在要记住的棘手部分是，过期的令牌必须给出预期的 401 错误，但问题是即使是新创建的令牌我也会得到 401 ，这是我的核心问题

WARNING
Now the tricky part to keep in mind, the token when expired must give 401 error which is expected, but the problem is even for freshly created token I get 401 , which is my core problem

日志

D/OkHttp: --> GET http://hashchuna.nn-assets.com/api/locations http/1.1
D/OkHttp: Authorization: Bearer 7c0d53de006b6de931f7d8747b22442354cecef9
D/OkHttp: --> END GET
D/OkHttp: <-- 401 Unauthorized http://hashchuna.nn-assets.com/api/locations (773ms)
D/OkHttp: Date: Mon, 20 Feb 2017 10:44:11 GMT
D/OkHttp: Server: Apache
D/OkHttp: X-Powered-By: PHP/7.0.15
D/OkHttp: Access-Control-Allow-Origin: *
D/OkHttp: Access-Control-Allow-Credentials: true
D/OkHttp: Access-Control-Max-Age: 1000
D/OkHttp: Access-Control-Allow-Headers: X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding
D/OkHttp: Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
D/OkHttp: Expires: Thu, 19 Nov 1981 08:52:00 GMT
D/OkHttp: Cache-Control: no-store, no-cache, must-revalidate
D/OkHttp: Pragma: no-cache
D/OkHttp: Set-Cookie: PHPSESSID=u477o8g0q387t92hms4nhc14n1; path=/
D/OkHttp: Vary: Authorization
D/OkHttp: X-Powered-By: PleskLin
D/OkHttp: Keep-Alive: timeout=5
D/OkHttp: Connection: Keep-Alive
D/OkHttp: Transfer-Encoding: chunked
D/OkHttp: Content-Type: application/json;charset=utf-8
D/OkHttp: <-- END HTTP

代码
拦截

Request request = chain
                        .request()
                        .newBuilder()
                        //.header("Authorization","Bearer "+ SharedPrefsUtils.getSPinstance().getAccessToken(context))
                        .addHeader("Authorization","Bearer 1ed6b7c1839e02bbf7a1b4a8dbca84d23127c68e")
                        //.addHeader("cache-control", "no-cache")
                        //.cacheControl(CacheControl.FORCE_NETWORK)
                        .build();

改造实例

private Api getApiInstance(Context context) {
        HttpLoggingInterceptor logInter = new HttpLoggingInterceptor();
        logInter.setLevel(HttpLoggingInterceptor.Level.BODY);
        OkHttpClient mIntercepter = new OkHttpClient.Builder()
                .addInterceptor(new RequestResponseInterseptor(context))
                .addInterceptor(logInter)
                .build();

        Retrofit retrofitInstance = new Retrofit.Builder()
                //.addConverterFactory(new NullOnEmptyConverterFactory())
                .addConverterFactory(GsonConverterFactory.create())
                .baseUrl(BASE_URL)
                .client(mIntercepter)
                .build();
        return retrofitInstance.create(Api.class);
    }

推荐答案

解决方案(它的 COOKIE)
感谢一些提示，服务不兼容的实际原因是，假设POSTMAN和iOS客户端在发出请求时自行存储和重用COOKIE，无需任何显式处理，Postman中的Cookie可以使用 Postman Intercepter 进行测试，但无法编辑，因为chrome 不允许通过插件编辑 cookie

SOLUTION (its the COOKIE)
Thanks to some of the tips, the actual reason for Incompatibility of service is , Supposedly POSTMAN and iOS client store and reuse COOKIE all by itself when requests are made without any need for explicit handling, Cookie in Postman can be tested using Postman Intercepter ,but cant be edited because chrome does not allow editing cookie by plugins

但是，除非指定，否则 Retrofit/OkHttp 将认为它已禁用(可能出于安全原因)，
Cookie 被添加到 Interseptor 作为标头之一 addHeader("Cookie","KEY-VALUE")
或
使用 cookieJar 添加到

However Retrofit/OkHttp unless specified will consider it disabled(for security reason maybe) ,
Cookie is added either inside Interseptor as one of the header addHeader("Cookie","KEY-VALUE")
or
Use cookieJar to add into

OkHttpClient mIntercepter = new OkHttpClient.Builder()
                .cookieJar(mCookieJar)
                .addInterceptor(new RequestResponseInterseptor(context))
                .addInterceptor(logInter)
                .build();

根据您的需要和 cookie 类型

based on your need and cookie type

这篇关于Webservice 在 Android Retrofit 中不工作，但在 Postman 和 Swift/iOS 中工作，得到 401 Unauthorized的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！