Impl: authenticate with HTTP header

fioan89 · fioan89 · commit a8ccb01dd031 · 2022-11-23T00:57:24.000+02:00
- previously done with the help of session cookies
- session token is now sent as a HTTP header
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,11 +5,11 @@
 ## [Unreleased]
 ### Added
 
-- upgraded support to the latest Coder platform
+- upgraded support for the latest Coder REST API
 
 ### Fixed
 
-- support for the new Coder auth cookies
+- authentication flow is now done using HTTP headers
 
 ## [2.1.1]
 
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -26,7 +26,6 @@ dependencies {
     implementation(platform("com.squareup.okhttp3:okhttp-bom:4.10.0"))
     implementation("com.squareup.retrofit2:converter-gson:2.9.0")
     implementation("com.squareup.okhttp3:okhttp")
-    implementation("com.squareup.okhttp3:okhttp-urlconnection")
     implementation("com.squareup.okhttp3:logging-interceptor")
 
     implementation("org.zeroturnaround:zt-exec:1.12") {
diff --git a/src/main/kotlin/com/coder/gateway/sdk/CoderRestClientService.kt b/src/main/kotlin/com/coder/gateway/sdk/CoderRestClientService.kt
@@ -17,14 +17,10 @@ import com.coder.gateway.sdk.v2.models.WorkspaceTransition
 import com.google.gson.Gson
 import com.google.gson.GsonBuilder
 import com.intellij.openapi.components.Service
-import okhttp3.Cookie
-import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
-import okhttp3.JavaNetCookieJar
 import okhttp3.OkHttpClient
 import okhttp3.logging.HttpLoggingInterceptor
 import retrofit2.Retrofit
 import retrofit2.converter.gson.GsonConverterFactory
-import java.net.CookieManager
 import java.net.HttpURLConnection.HTTP_CREATED
 import java.net.URL
 import java.time.Instant
@@ -43,26 +39,17 @@ class CoderRestClientService {
      * @throws [AuthenticationResponseException] if authentication failed.
      */
     fun initClientSession(url: URL, token: String): User {
-        val cookieUrl = url.toHttpUrlOrNull()!!
-        val cookieJar = JavaNetCookieJar(CookieManager()).apply {
-            saveFromResponse(
-                cookieUrl,
-                listOf(Cookie.parse(cookieUrl, "coder_session_token=$token")!!)
-            )
-        }
         val gson: Gson = GsonBuilder()
             .registerTypeAdapter(Instant::class.java, InstantConverter())
             .setPrettyPrinting()
             .create()
 
-        val interceptor = HttpLoggingInterceptor()
-        interceptor.setLevel(HttpLoggingInterceptor.Level.BASIC)
         retroRestClient = Retrofit.Builder()
             .baseUrl(url.toString())
             .client(
                 OkHttpClient.Builder()
-                    .addInterceptor(interceptor)
-                    .cookieJar(cookieJar)
+                    .addInterceptor { it.proceed(it.request().newBuilder().addHeader("Coder-Session-Token", token).build()) }
+                    .addInterceptor(HttpLoggingInterceptor().apply { setLevel(HttpLoggingInterceptor.Level.BASIC) })
                     .build()
             )
             .addConverterFactory(GsonConverterFactory.create(gson))
