final String url = authenticator.buildDefaultRedirectUrl();
        assertEquals("http://localhost:8080/sso/", url);
    }

    @Test
    public void test_logout_returnsNull() {
        assertNull(authenticator.logout(null));
    }

    @Test
    public void test_getResponse_returnsNull() {
        assertNull(authenticator.getResponse(null));
    }

    @Test

    val hostnameVerifier: HostnameVerifier? = address.hostnameVerifier
    val certificatePinner: CertificatePinner? = address.certificatePinner
  }

  @Test
  fun authenticator() {
    var authenticator: Authenticator = Authenticator { route, response -> TODO() }
  }

  @Test
  fun cache() {
    val cache = Cache(File("/cache/"), Integer.MAX_VALUE.toLong())
    cache.initialize()
    cache.delete()

    return copy(retryOnConnectionFailure = retryOnConnectionFailure)
  }

  override fun withAuthenticator(authenticator: Authenticator): Interceptor.Chain {
    check(exchange == null) { "authenticator can't be adjusted in a network interceptor" }

    return copy(authenticator = authenticator)
  }

  override fun withCookieJar(cookieJar: CookieJar): Interceptor.Chain {

    @Test
    public void testMultipleSecureWipes() {
        authenticator = new NtlmPasswordAuthenticator("DOMAIN", "username", "password");

        // Multiple wipes should not cause errors
        authenticator.secureWipePassword();
        authenticator.secureWipePassword();
        authenticator.secureWipePassword();

        assertNull(authenticator.getPassword(), "Password should remain null after multiple wipes");
    }

  * Una cookie.
* `http`: sistemas de autenticación HTTP estándar, incluyendo:
  * `bearer`: un header `Authorization` con un valor de `Bearer ` más un token. Esto se hereda de OAuth2.
  * Autenticación básica HTTP.
  * Digest HTTP, etc.
* `oauth2`: todas las formas de OAuth2 para manejar la seguridad (llamadas "flujos").

    /**
     * Helper method to set defaultSettings on an authenticator instance
     */
    private void setDefaultSettings(SamlAuthenticator authenticator, Map<String, Object> settings) throws Exception {
        Field defaultSettingsField = SamlAuthenticator.class.getDeclaredField("defaultSettings");
        defaultSettingsField.setAccessible(true);
        defaultSettingsField.set(authenticator, settings);
    }

    @Test

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.internal.authenticator

import java.net.Authenticator
import java.net.InetAddress
import junit.framework.TestCase.assertNull
import okhttp3.FakeDns
import okhttp3.Protocol.HTTP_2
import okhttp3.Request
import okhttp3.Response

    }

    object AuthenticatorOverride : Override<Authenticator> {
      override fun Interceptor.Chain.value(): Authenticator = authenticator

      override fun Interceptor.Chain.withOverride(value: Authenticator): Interceptor.Chain = withAuthenticator(value)

      override fun OkHttpClient.Builder.withOverride(value: Authenticator): OkHttpClient.Builder = authenticator(value)

        // Verify that "aad" SSO type resolves to "entraidAuthenticator"
        SsoAuthenticator authenticator = ssoManager.getAuthenticator();
        assertNotNull(authenticator);
        assertEquals(testAuthenticator, authenticator);
    }

    @Test
    public void test_getAuthenticator_entraidDirectAccess() {
        // Register an authenticator with "entraid" name
        ComponentUtil.register(testAuthenticator, "entraidAuthenticator");

* no tienen un header `Content-Type` (p. ej. usando `fetch()` con un body `Blob`)
* y no envían credenciales de autenticación.

Este tipo de ataque es relevante principalmente cuando:

* la aplicación corre localmente (p. ej. en `localhost`) o en una red interna
* y la aplicación no tiene ninguna autenticación, espera que cualquier request de la misma red sea confiable.

## Ejemplo de ataque { #example-attack }