diff --git a/okhttp-tests/src/test/java/okhttp3/CallTest.java b/okhttp-tests/src/test/java/okhttp3/CallTest.java
index 3cb960f4b..e2a6d3176 100644
--- a/okhttp-tests/src/test/java/okhttp3/CallTest.java
+++ b/okhttp-tests/src/test/java/okhttp3/CallTest.java
@@ -2197,6 +2197,34 @@ public final class CallTest {
     assertNull(get.getHeader("Proxy-Authorization"));
   }
 
+  /** Confirm that the proxy authenticator works for unencrypted HTTP proxies. */
+  @Test public void httpProxyAuthenticate() throws Exception {
+    server.enqueue(new MockResponse()
+        .setResponseCode(407)
+        .addHeader("Proxy-Authenticate: Basic realm=\"localhost\""));
+    server.enqueue(new MockResponse()
+        .setBody("response body"));
+
+    client = client.newBuilder()
+        .proxy(server.toProxyAddress())
+        .proxyAuthenticator(new RecordingOkAuthenticator("password"))
+        .build();
+
+    Request request = new Request.Builder()
+        .url("http://android.com/foo")
+        .build();
+    Response response = client.newCall(request).execute();
+    assertEquals("response body", response.body().string());
+
+    RecordedRequest get1 = server.takeRequest();
+    assertEquals("GET http://android.com/foo HTTP/1.1", get1.getRequestLine());
+    assertNull(get1.getHeader("Proxy-Authorization"));
+
+    RecordedRequest get2 = server.takeRequest();
+    assertEquals("GET http://android.com/foo HTTP/1.1", get2.getRequestLine());
+    assertEquals("password", get2.getHeader("Proxy-Authorization"));
+  }
+
   /**
    * Confirm that we don't send the Proxy-Authorization header from the request to the proxy server.
    * We used to have that behavior but it is problematic because unrelated requests end up sharing
diff --git a/okhttp-tests/src/test/java/okhttp3/URLConnectionTest.java b/okhttp-tests/src/test/java/okhttp3/URLConnectionTest.java
index 768adf78f..c50838c2f 100644
--- a/okhttp-tests/src/test/java/okhttp3/URLConnectionTest.java
+++ b/okhttp-tests/src/test/java/okhttp3/URLConnectionTest.java
@@ -1596,15 +1596,16 @@ public final class URLConnectionTest {
         .setBody("Please authenticate.");
     server.enqueue(pleaseAuthenticate);
 
-    urlFactory.setClient(urlFactory.client().newBuilder()
-        .authenticator(new JavaNetAuthenticator())
-        .build());
     if (proxy) {
       urlFactory.setClient(urlFactory.client().newBuilder()
           .proxy(server.toProxyAddress())
+          .proxyAuthenticator(new JavaNetAuthenticator())
           .build());
-      connection = urlFactory.open(new URL("http://android.com"));
+      connection = urlFactory.open(new URL("http://android.com/"));
     } else {
+      urlFactory.setClient(urlFactory.client().newBuilder()
+          .authenticator(new JavaNetAuthenticator())
+          .build());
       connection = urlFactory.open(server.url("/").url());
     }
     assertEquals(responseCode, connection.getResponseCode());
diff --git a/okhttp/src/main/java/okhttp3/internal/http/HttpEngine.java b/okhttp/src/main/java/okhttp3/internal/http/HttpEngine.java
index b0ca5dbb3..514ee65eb 100644
--- a/okhttp/src/main/java/okhttp3/internal/http/HttpEngine.java
+++ b/okhttp/src/main/java/okhttp3/internal/http/HttpEngine.java
@@ -891,7 +891,8 @@ public final class HttpEngine {
         if (selectedProxy.type() != Proxy.Type.HTTP) {
           throw new ProtocolException("Received HTTP_PROXY_AUTH (407) code while not using proxy");
         }
-        // fall-through
+        return client.proxyAuthenticator().authenticate(route, userResponse);
+
       case HTTP_UNAUTHORIZED:
         return client.authenticator().authenticate(route, userResponse);