IOS - Token Authentication in HTTP headers with NSURLRequest

Question

I am having some trouble using HTTP token authentication with a NSMutableURLRequest. I have done some research and have used the following question: ios managing authentication tokens from NSURLRequest / HTTP request to learn how to set the token in the HTTP header. However the token I need to set isn't just a simple header field with a value. I need to set an http header field (or multiple) to look like this: Authorization: Token token="tokenHere", nonce="def". The following code snippets are examples of things I have tried that have failed:

//failed to authenticate with server
[request setValue:@"tokenHere" forHTTPHeaderField:@"token"];
[request setValue:@"def" forHTTPHeaderField:@"nonce"];

//failed as well
NSDictionary *authToken = [NSDictionary dictionaryWithObjectsAndKeys:
                           @"tokenHere", @"token",
                           @"def", @"nonce",
                           nil];

[request setValue:[NSString stringWithFormat:@"Token %@", authToken] forHTTPHeaderField:@"Authorization"];

//failed again
[request setValue:@"Authorization: Token token='tokenHere', nonce='def'" forHTTPHeaderField:@"Authorization"];

The back end server is programmed in ruby, and is expecting a single header that looks just like the example above. I need some help crafting the value so that it works with the back end.

Answer 1

It's just a guess, since the right answer depends entirely on what the server expects; but, using other auth schemes as a model, the header would look something like this:

NSString *authHeader = [NSString stringWithFormat:@"token=\"%@\", nonce=\"%@\"", @"tokenHere", @"def"];
[myMutableRequest setValue:authHeader forHTTPHeaderField:@"Authorization"];

In other words, the name of the header field is "Authorization" and it's value is comma separated name=value pairs. The only part of your spec that doesn't make sense is the extra mention of 'token', as in

... Token token=...