Realm makes no sense for HTTP(S) proxy authentication. It is not even set in NSURLAuthenticationChallenge's protection space that is sent for HTTP.
This makes it difficult to use stored credentials for Web Socket, as servers so actually send realms for proxy auth. One solution is to not set realm when creating a ProtectionSpace object for proxy auth. I think it would be even better to treat proxy protection spaces with different realms.
One related data point: it looks like the realm isn't stored in Keychain, even for non-proxy credentials.
Created attachment 43446 [details]
...to treat proxy protection spaces with different realms AS EQUAL
> One related data point: it looks like the realm isn't stored in Keychain, even
> for non-proxy credentials.
That may be a lie - perhaps it's just not displayed in UI. Not sure yet.
Comment on attachment 43446 [details]
> + if (protectionSpace.isProxy())
> + codeCount -= sizeof(UChar);
Should be sizeof(hashCodes) / sizeof(UChar) or some similar expression, not sizeof(UChar).
Created attachment 43472 [details]