Proxy authenticator questions

While working on implementing the CBL 3.2 API for my Kotlin Multiplatform library, I ran into some questions about the new ProxyAuthenticator class. It seems this class can be used to configure a proxy for a replicator configuration, but the API availability varies between platforms.

The C SDK has the most options with type, hostname, port, username, and password.

The Java SDK only has username and password credentials.

The .NET SDK has username and password on the master branch, but not on the 3.2 release branch.

The Objective-C/Swift SDK doesn’t have any proxy configuration settings I can find, at least not in the public API.

Are these additions meant to supplement the proxy support at the platform/OS level? Is this intended to differ between platform SDKs? I’m trying to figure out how best to unify the APIs across the Java, Objective-C, and C SDKs.

Also, in the Java SDK the ProxyAuthenticator class extends BaseAuthenticator, which implements the Authenticator interface. This has the side effect of allowing a ProxyAuthenticator to be set to the ReplicatorConfiguration’s target authenticator property. I tested doing this, and just got a 401 error, but it otherwise allowed me to execute the code. Seems like the Authenticator and ProxyAuthenticator shouldn’t be the same type.

val config = ReplicatorConfiguration(URLEndpoint(URI("ws://localhost:4984/test")))
val proxyAuth = ProxyAuthenticator("user", "pass".toCharArray())
config.proxyAuthenticator = proxyAuth
config.authenticator = proxyAuth // also allowed

I can speak a bit to why things look so different. This is one of those features that was added for a specific use case asked for by an enterprise customer and since we decided that the use case was probably not very widespread we initially brought it only to Java android. Now as a second step it is coming to all platforms that run on android (c and .net).

The use case is for a client side proxy set by a network administrator which also requires authentication (e.g. corporate proxy on LAN for all outgoing requests that is set via administrator in system settings). The more “normal” use case is some kind of server side proxy that sits actually in front of the remote and thus can accept credentials in the standard way.

The reason C has more options than the other is simply because we couldn’t figure out quite how to retrieve system proxy settings in C for all the platforms it supports.

My recommendation is honestly to just ignore it. It’s such a niche use case that I don’t think many people will complain about it being missing.

1 Like

Thanks, that makes sense. I’ll probably leave the API out for now, or maybe just open it up at the individual platform level. It would probably only make sense to commonize it if there were support on iOS as well, and since C needs the rest of the proxy configured, it wouldn’t make sense to configure only the credentials there.

@blake.meike what are your thoughts on the last part regarding the Java Authenticator API?

I was really glad to see Jim’s recommendation: I completely agree.

1 Like

@blake.meike what about this question regarding the ProxyAuthenticator sharing the Authenticator interface?

Huh… Looking at the code, I would have guessed that that would work.
It is certainly confusing, though. I will make a ticket to fix it.

1 Like