Merge pull request #20 from stanwood/feature/FEM-1900-add-authenticator

ubuntudroid · web-flow · commit 63dd15bc747e · 2018-03-02T16:29:17.000+01:00
Feature/fem 1900 add authenticator
diff --git a/README.md b/README.md
@@ -101,8 +101,15 @@ issue you won't get a 401 propagated to `Callback.onSuccess()` as in case of suc
 after receiving a 401 for the initial request your callback will get the response code of the following
 originally intended request).
 
-Additionally/alternatively you can always subclass the `Authenticator` class and override
+If you're having problems retrieving a token in the `AuthenticationProvider` (e.g. due to an invalid
+refresh token) always try to resolve those issues there as well if possible. Throwing an
+`AuthenticationException` should just be a last resort.
+
+Alternatively you can also subclass the `Authenticator` class and override
 `onAuthenticationFailed()` if you want to trigger special handling for failed authentication from
-which we couldn't recover with our default handling.
+which we couldn't recover with our default handling. This usually tends to be a bit harder to get
+right as it expects you to modify the failed request directly without any means of intercepting the
+response. Thus handling token retrieval issues should preferably handled in the `AuthenticationProvider`
+as explained above.
 
 We're looking forward to streamlining this as soon as the okhttp bug has been resolved.
diff --git a/network/src/main/java/io/stanwood/framework/network/auth/Authenticator.java b/network/src/main/java/io/stanwood/framework/network/auth/Authenticator.java
@@ -44,6 +44,11 @@ public Request authenticate(@NonNull Route route, @NonNull Response response) {
                         // Authentication failed. Try to re-authenticate with fresh token
                         String token;
                         try {
+                            /*
+                            do not force refresh the token as we might already have gotten a new
+                            one due to another request having triggered a 401 and re-authenticating
+                            before us getting here
+                            */
                             token = authenticationProvider.getToken(false);
                         } catch (AuthenticationException e) {
                             /*
@@ -57,8 +62,7 @@ public Request authenticate(@NonNull Route route, @NonNull Response response) {
                         if (oldToken.equals(token)) {
                             /*
                             if the token we receive from the AuthenticationProvider hasn't changed in
-                            the meantime (e.g. due to another request having triggered a 401 and
-                            re-authenticating before us getting here), try to get a new one
+                            the meantime, try to get a new one
                             */
                             try {
                                 token = authenticationProvider.getToken(true);
@@ -71,7 +75,7 @@ the meantime (e.g. due to another request having triggered a 401 and
                                 return retryOrFail(route, response);
                             }
 
-                            if (token == null) {
+                            if (token == null || oldToken.equals(token)) {
                                 return retryOrFail(route, response);
                             }
 
