/**
   * Returns the RFC 7235 authorization challenges appropriate for this response's code. If the
   * response code is 401 unauthorized, this returns the "WWW-Authenticate" challenges. If the
   * response code is 407 proxy unauthorized, this returns the "Proxy-Authenticate" challenges.
   * Otherwise this returns an empty list of challenges.
   *
   * If a challenge uses the `token68` variant instead of auth params, there is exactly one

Use `Response.challenges()` to get the schemes and realms of any authentication challenges. When fulfilling a `Basic` challenge, use `Credentials.basic(username, password)` to encode the request header.

=== ":material-language-kotlin: Kotlin"
    ```kotlin

  }

  @Test
  fun challenge() {
    var challenge = Challenge("", mapOf("" to ""))
    challenge = Challenge("", "")
    val scheme: String = challenge.scheme
    val authParams: Map<String?, String> = challenge.authParams
    val realm: String? = challenge.realm
    val charset: Charset = challenge.charset
    val utf8: Challenge = challenge.withCharset(Charsets.UTF_8)
  }

  @Test

 *
 *  * [TCP handshake][connectSocket]
 *  * Optional [CONNECT tunnels][connectTunnel]. When using an HTTP proxy to reach an HTTPS server
 *    we must send a `CONNECT` request, and handle authorization challenges from the proxy.
 *  * Optional [TLS handshake][connectTls].
 *
 * Each step may fail. If a retry is possible, a new instance is created with the next plan, which
 * will be configured differently.
 */
class ConnectPlan(

     * extracts the user principal from successful authentication.
     *
     * @return The login credential containing the authenticated username,
     *         an ActionResponseCredential for authentication challenges,
     *         or null if no authentication information is available
     * @throws SsoLoginException if SPNEGO authentication fails
     */
    @Override
    public LoginCredential getLoginCredential() {

          assertThat(response.code).isEqualTo(HttpURLConnection.HTTP_PROXY_AUTH)
          assertThat(response.request.url.host).isEqualTo("android.com")
          val challenges = response.challenges()
          assertThat(challenges[0].scheme).isEqualTo("OkHttp-Preemptive")
          response.request
            .newBuilder()
            .header("Proxy-Authorization", credential)
            .build()

 *  New: `EventListener.followUpDecision()` is called each time a response is received. It notifies
    your listener if OkHttp has decided to make a follow-up request. Some common follow-ups are
    authentication challenges and redirects.

 *  New: Handy constants for `Headers.EMPTY`, `RequestBody.EMPTY`, and `ResponseBody.EMPTY`.

 *  New: OkHttp now calls `StrictMode.noteSlowCall()` when initializing TLS on Android. Use

	public final fun body ()Lokhttp3/ResponseBody;
	public final fun cacheControl ()Lokhttp3/CacheControl;
	public final fun cacheResponse ()Lokhttp3/Response;
	public final fun challenges ()Ljava/util/List;
	public fun close ()V
	public final fun code ()I
	public final fun handshake ()Lokhttp3/Handshake;
	public final fun header (Ljava/lang/String;)Ljava/lang/String;

    val response = authenticator.onlyResponse()
    assertThat(
      response.request.url
        .toUrl()
        .path,
    ).isEqualTo("/private")
    assertThat(response.challenges()).isEqualTo(listOf(Challenge("Basic", "protected area")))
  }

  @Test
  fun customTokenAuthenticator() {
    server.enqueue(
      MockResponse(
        code = 401,

	public final fun body ()Lokhttp3/ResponseBody;
	public final fun cacheControl ()Lokhttp3/CacheControl;
	public final fun cacheResponse ()Lokhttp3/Response;
	public final fun challenges ()Ljava/util/List;
	public fun close ()V
	public final fun code ()I
	public final fun handshake ()Lokhttp3/Handshake;
	public final fun header (Ljava/lang/String;)Ljava/lang/String;