urlConnection and request headers

This is more of a question about Xojo functionality than a bug question, since I have got a work-around to my issue. But here goes.

I have been using urlConnection for a while in several of my programs in order to retrieve data from a RESTful api. Everything was working fine until the server behind the api was “upgraded”. Then my programs stopped working - reported 401 errors for accounts that were unchanged and previously working fine.

After a lot of messing about I found an earlier forum post (Unable to access a password protected page - #5 by Brian_Lillard) that gave me a work-around. It looks like the authentication attempt fails unless I manually set the authorization request header to Basic with something like this:

Authenticator.RequestHeader("Authorization") = "Basic " + EncodeBase64(txtAuthName.text + ":" + txtAuthPassword.text)

The new version of the server software now expects OAuth authentication unless I specify Basic, which is presumably the reason that my programs work if I add that line of code above. It leaves me with a question, though. If I don’t specify Basic authentication, what does urlConnect use? Does it concatenate and encode the username and password anyway, but just not set the request header? Or something different? I couldn’t see anything in the documentation for urlConnection.

If the server requests Basic HTTP Authentication, the AuthenticationRequested event is supposed to occur where you would handle it. Any other type of authentication you’ll have to set up yourself.

If I recall correctly, at one point there was an issue with the event being raised and one would have to form the URL to do the authentication instead. I do not know if that is still true.