OAuth 2.0 - ERR_CERT_AUTHORITY_INVALID

Kong / insomnia

The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.

https://insomnia.rest

Apache License 2.0

34.35k stars 1.93k forks source link

OAuth 2.0 - ERR_CERT_AUTHORITY_INVALID #3045

Open neeleshramputh opened 3 years ago

neeleshramputh commented 3 years ago

Describe the bug

White window open when button "Fetch Tokens" is clicked.

To Reproduce

Uncheck "Validate certificates" in "Preferences"
Configure Authentication with OAuth 2.0 Authorization URL and Access Token URL with self signed https endpoints
Click on Fetch Tokens

Expected behavior Certificates should not be validated when opening Authorization URL and OAuth 2.0 flow to complete as normal.

Screenshots Insomnia White Screen

Devtool Console Error

Desktop (please complete the following information): Version: Insomnia Core 2020.5.2 Release date: 12/9/2020 OS: Windows_NT x64 10.0.18363 Electron: 9.1.1 Node: 12.14.1 V8: 8.3.110.13-electron.0 Architecture: x64 node-libcurl: libcurl/7.69.1-DEV OpenSSL/1.1.1d zlib/1.2.11 WinIDN libssh2/1.9.0_DEV nghttp2/1.40.0

judge2020 commented 3 years ago

Same as https://github.com/Kong/insomnia/issues/2778, I'm also experiencing this.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

judge2020 commented 3 years ago

This is a really big issue when developing/testing oauth clients locally.

kaedros commented 3 years ago

We also experiencing this too. We keep waiting. This feature is vital for using OAuth during the testing process where self-signed certificates are used.

sandercamp commented 3 years ago

Experiencing this issue too. Although I've unchecked the 'Validate certificates' setting I tried manually adding the certifcate as a workaround: does not work either

nathanjwtx commented 3 years ago

I am also having this issue. Verified that I can get back my access token using Postman.

gerethd commented 2 years ago

old issue but still experiencing, the authentication scheme (resource_grant, client_credentials, etc doesn't seem to matter) this breaks most of my requests for local development

jaras commented 2 years ago

I had the same issue but then I found another setting under security where you can disable certificate check during authentication. It's not perfect but it allows for testing auth locally for me.

steveswinsburg commented 1 year ago

There are TWO places to disable the validation of certificates:

Request/Response - for disabling the certificate validation during API requests Security - for disabling the certificate validation during authentication flows, ie getting an OAuth token.

This second one is what needs to be disabled to make the OAuth token flow work when the certification is invalid.