Use `Response.challenges()` to get the schemes and realms of any authentication challenges. When fulfilling a `Basic` challenge, use `Credentials.basic(username, password)` to encode the request header.

=== ":material-language-kotlin: Kotlin"
    ```kotlin

 4. If it's a new route, it connects by building either a direct socket connection, a TLS tunnel (for HTTPS over an HTTP proxy), or a direct TLS connection. It does TLS handshakes as necessary. This step may be retried for tunnel challenges and TLS handshake failures.
 5. It sends the HTTP request and reads the response.

A single HTTP call may require follow-up requests to be made to handle authentication challenges, redirects, and HTTP-layer timeouts. In such cases multiple connections, requests, and responses may be attempted. Follow-ups are another reason a single call may trigger multiple events of the same type.

     * extracts the user principal from successful authentication.
     *
     * @return The login credential containing the authenticated username,
     *         an ActionResponseCredential for authentication challenges,
     *         or null if no authentication information is available
     * @throws SsoLoginException if SPNEGO authentication fails
     */
    @Override
    public LoginCredential getLoginCredential() {

  }

  @Test
  fun challenge() {
    var challenge = Challenge("", mapOf("" to ""))
    challenge = Challenge("", "")
    val scheme: String = challenge.scheme
    val authParams: Map<String?, String> = challenge.authParams
    val realm: String? = challenge.realm
    val charset: Charset = challenge.charset
    val utf8: Challenge = challenge.withCharset(Charsets.UTF_8)
  }

  @Test

          assertThat(response.code).isEqualTo(HttpURLConnection.HTTP_PROXY_AUTH)
          assertThat(response.request.url.host).isEqualTo("android.com")
          val challenges = response.challenges()
          assertThat(challenges[0].scheme).isEqualTo("OkHttp-Preemptive")
          response.request
            .newBuilder()
            .header("Proxy-Authorization", credential)
            .build()

	public final fun body ()Lokhttp3/ResponseBody;
	public final fun cacheControl ()Lokhttp3/CacheControl;
	public final fun cacheResponse ()Lokhttp3/Response;
	public final fun challenges ()Ljava/util/List;
	public fun close ()V
	public final fun code ()I
	public final fun handshake ()Lokhttp3/Handshake;
	public final fun header (Ljava/lang/String;)Ljava/lang/String;

	public final fun body ()Lokhttp3/ResponseBody;
	public final fun cacheControl ()Lokhttp3/CacheControl;
	public final fun cacheResponse ()Lokhttp3/Response;
	public final fun challenges ()Ljava/util/List;
	public fun close ()V
	public final fun code ()I
	public final fun handshake ()Lokhttp3/Handshake;
	public final fun header (Ljava/lang/String;)Ljava/lang/String;

If the response issues an authorization challenge, OkHttp will ask the [`Authenticator`](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-authenticator/) (if one is configured) to satisfy the challenge. If the authenticator supplies a credential, the request is retried with that credential included.

## Retrying Requests

        """
        The OAuth 2 specification doesn't define the challenge that should be used,
        because a `Bearer` token is not really the only option to authenticate.

        But declaring any other authentication challenge would be application-specific
        as it's not defined in the specification.

        For practical reasons, this method uses the `Bearer` challenge by default, as
        it's probably the most common one.