Home/ Questions/Q 8986915
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T21:39:56+00:00

Is it possible to use Basic and OAuth authorization headers in the same request

  • 0

Is it possible to use Basic and OAuth authorization headers in the same request with AFNetworking (avoiding the overwriting) ?

I have this code: 

NSURL *url = [NSURL URLWithString:@"https://www.infojobs.net/"];
AFOAuth2Client *OAuthClient = [[AFOAuth2Client alloc] initWithBaseURL:url clientID:kClientID secret:kClientSecret];

[OAuthClient registerHTTPOperationClass:[AFJSONRequestOperation class]];

[OAuthClient authenticateUsingOAuthWithPath:@"oauth/authorize" code:self.authorizationCode redirectURI:kInfoJobsRedirectURLString success:^(AFOAuthCredential *credential) {
    NSLog(@"Credentials: %@", credential.accessToken);
    if (![credential.accessToken isEqualToString:@""]) {
        self.isAuthenticated = YES;

        [AFOAuthCredential storeCredential:credential withIdentifier:@"kInfoJobsAccessToken"];


        [[InfoJobsAPI sharedClient] setAuthorizationHeaderWithToken:credential.accessToken];

        // (!) This overwrites the Authorization header set with the accessToken
        [[InfoJobsAPI sharedClient] setAuthorizationHeaderWithUsername:kClientID password:kClientSecret];   

        success(credential);

    }
} failure:^(NSError *error) {
    NSLog(@"Error: %@", error.localizedDescription);

}];

And I need a request like this:

GET /api/1/application HTTP/1.1
Host: api.infojobs.net
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Authorization: OAuth 07d18fac-77ea-461f-9bfe-a5e9d98deb3d
....

But I can’t set the “Basic” and “OAuth” Authorization headers in the same request because AFNetworking seems to overwrite this header as seen in documentation

It’s possible to use “Basic” and “OAuth” in a same Authorization header, maybe splitting both with a “\n” ?

Thanks, and sorry for my poor english

Edit

Finally, I can use the “Basic” and “Oauth” authentications in the same header, this is the code:

[[InfoJobsAPI sharedClient] setAuthorizationHeaderWithUsername:kClientID password:kClientSecret];

AFOAuthCredential *credential = [AFOAuthCredential retrieveCredentialWithIdentifier:@"kInfoJobsAccessToken"];

NSMutableURLRequest *request = [self requestWithMethod:@"GET" path:@"/api/2/candidate" parameters:nil];

[request addValue:[NSString stringWithFormat:@"OAuth %@", credential.accessToken] forHTTPHeaderField:@"Authorization"];

AFJSONRequestOperation *operation = [AFJSONRequestOperation JSONRequestOperationWithRequest:request success:^(NSURLRequest *request, NSHTTPURLResponse *response, id JSON) {
    DLog(@"Response : %@",JSON);
}failure:^(NSURLRequest *request, NSHTTPURLResponse *response, NSError *error, id JSON) {
    DLog(@"Error : %@",error);
}];

[operation start];
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    According to the HTTP specification there can be only one Authorization header in a request. So the behavior the library is showing is correct according to that specification: the second call to setAuthorizationHeader... overwrites the previous one.

    What you’ll typically see in HTTP is that there is a handshaking phase, where the server tells the client what authorization protocols it can accept. The client can then choose from those protocols, which one it wants to use.

    • 0