val response =
      Response.Builder()
        .request(request)
        .code(401)
        .header("WWW-Authenticate", "UnsupportedScheme realm=\"User Visible Realm\"")
        .protocol(HTTP_2)
        .message("Unauthorized")
        .build()

    val authRequest = authenticator.authenticate(null, response)
    assertNull(authRequest)
  }

class JavaNetAuthenticator : Authenticator {
  @Throws(IOException::class)
  override fun authenticate(
    route: Route?,
    response: Response,
  ): Request? = JAVA_NET_AUTHENTICATOR.authenticate(route, response)

- Kube-apiserver now reports latency metric for JWT authenticator authenticate token decisions in the `apiserver_authentication_jwt_authenticator_latency_seconds` metric, labeled by jwtIssuer hash and result. ([#123225](https://github.com/kubernetes/kubernetes/pull/123225), [@aramase](https://github.com/aramase))

 * [okhttp3.OkHttpClient.Builder.authenticator] or [okhttp3.OkHttpClient.Builder.proxyAuthenticator].
 */
class JavaNetAuthenticator(private val defaultDns: Dns = Dns.SYSTEM) : okhttp3.Authenticator {
  @Throws(IOException::class)
  override fun authenticate(
    route: Route?,
    response: Response,
  ): Request? {
    val challenges = response.challenges()
    val request = response.request
    val url = request.url

* With this PR, kubectl and other RestClient's using the AuthProvider framework can make OIDC authenticated requests, and, if there is a refresh token present, the tokens will be refreshed as needed. ([#25270](https://github.com/kubernetes/kubernetes/pull/25270), [@bobbyrullo](https://github.com/bobbyrullo))

 * limitations under the License.
 */
package okhttp3.internal

import java.io.IOException
import okhttp3.Authenticator
import okhttp3.Request
import okhttp3.Response
import okhttp3.Route

class RecordingOkAuthenticator(
  val credential: String?,
  val scheme: String?,
) : Authenticator {
  val responses = mutableListOf<Response>()
  val routes = mutableListOf<Route>()

public final class okhttp3/JavaNetAuthenticator : okhttp3/Authenticator {
	public fun <init> ()V
	public fun authenticate (Lokhttp3/Route;Lokhttp3/Response;)Lokhttp3/Request;
}

public final class okhttp3/JavaNetCookieJar : okhttp3/CookieJar {
	public fun <init> (Ljava/net/CookieHandler;)V
	public fun loadForRequest (Lokhttp3/HttpUrl;)Ljava/util/List;
	public fun saveFromResponse (Lokhttp3/HttpUrl;Ljava/util/List;)V

      public Authenticate() {
        client = new OkHttpClient.Builder()
            .authenticator(new Authenticator() {
              @Override public Request authenticate(Route route, Response response) throws IOException {
                if (response.request().header("Authorization") != null) {
                  return null; // Give up, we've already attempted to authenticate.
                }

        if (authenticator != null && fessConfig.getSystemPropertyAsBoolean(SPNEGO_INITIALIZED, false)) {
            return authenticator;
        }
        try {
            // set some System properties
            final SpnegoFilterConfig config = SpnegoFilterConfig.getInstance(new SpengoConfig());

            // pre-authenticate
            authenticator = new org.codelibs.spnego.SpnegoAuthenticator(config);

            }
            try {
                SmbSession.logon(dc, ntlm);
            } catch (SmbAuthException sae) {
                response.setHeader("WWW-Authenticate", "NTLM");
                if (offerBasic) {
                    response.addHeader("WWW-Authenticate", "Basic realm=\"" +
                            realm + "\"");
                }
                response.setHeader("Connection", "close");