Retrofit unable to set new Token to Header of Requests

Question

I have a retrofit Client that helps me set a header for any requests i make to my REST APIs. On user login i get the token from the server and set this token to the header of the requests. I save this token to SharedPreferences so that i can get it anytime i need to make requests to my REST APIs. The problem is that anytime i set a new token to my SharedPreferences file when a new user signs in, it still gets the old token instead of saving this new token to use for future requests.

This is my Retrofit Client below:

public class RetrofitClient {

    private static Retrofit retrofit = null;

    public static Retrofit getClient(String token) {

        HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
        logging.setLevel(HttpLoggingInterceptor.Level.BODY);
        OkHttpClient okClient = new OkHttpClient();

        Gson gson = new GsonBuilder()
                .setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
                .create();

        okClient.interceptors().add(chain -> chain.proceed(chain.request()));

        okClient.interceptors().add(chain -> {
            Request original = chain.request();
            Request request = original.newBuilder()
                    .header(Config.X_AUTH_TOKEN, "Bearer" + " " + token)
                    .method(original.method(), original.body())
                    .build();
            Log.d("Authorization", token);

            return chain.proceed(request);
        });

        okClient.interceptors().add(logging);

        if (retrofit==null) {
            retrofit = new Retrofit.Builder()
                    .baseUrl(Config.BASE_URL1)
                    .client(okClient)
                    .addCallAdapterFactory(RxJavaCallAdapterFactory.create())
                    .addConverterFactory(GsonConverterFactory.create(gson))
                    .build();
        }
        return retrofit;
    }

}

this is my codes for setting and getting the token

public String getToken() {
    return prefs.getString(AuthUser.USER_TOKEN, "");
}

public void setToken(String token) {
    SharedPreferences.Editor editor = prefs.edit();
    editor.putString(AuthUser.USER_TOKEN, token);
    editor.apply();
}

this is where i call my set token method to save the new token to SharedPreference

 authUser.setToken(token);

Answer 1

You can write intercepter to execute each time before network request happen.Create new file as HeaderIntercepter

public class HeaderIntercepter implements Interceptor {
@Override
public Response intercept(Chain chain) throws IOException {
    Request request = chain.request();
    String token = context.getSharedPreferences(FILENAME, MODE_PRIVATE).getString("TOKEN","");

    Request tokenRequest = request.newBuilder()
            .addHeader("Authorization", "Bearer " + token)
            .addHeader("Content-Type", "application/json")
            .build();

    return chain
            .proceed(tokenRequest);
}
}

Add intercepter to okHttpclient

 OkHttpClient.Builder builder = new OkHttpClient.Builder()
            .addInterceptor(new HeaderIntercepter());

Answer 2

I completely don't see how this is surprising. Your RetrofitClient is a confusingly (and arguably badly written) singleton. Let's go through a typical situation where this will fail.

You launch your app with a previously saved token. At first everything works fine. At some point you call RetrofitClient.getClient(token) and all requests succeed. After some time the server invalidates the token. You probably get a 403 response from your server, lauch the login screen again and update your token in your SharedPreferences. Here is where your problems begin. Although you saved your new token correctly, your RetrofitClient will do what singletons do and continue to return the first instantiation of itself stored in the private static Retrofit retrofit filed.

A quick workaround would be to add an invalidate method to your RetrofitClient. Something like.

public static void invalidate() {
  this.retrofit = null;
}

Call it when you get your 403 response, or when you logout.

PS: Please move the following line if (retrofit==null) { at the beginning of your getClient method. Creating a new okHttp client, for nothing, every time someone calls getClient is just wasteful.