MaikuB
commented
2 years ago This is something you may need to do your own research on or seek help from others to get guidance on as this not something I can give guidance on. Only suggestion I can give is as this plugin is a wrapper for native Android and iOS SDKs that you start from there. At least the Android docs suggests there's mechanisms for certificate pinning. It may be you need to use a fork with changes done for your own purposes
Our security team is saying the app is not secure as they can intercept B2C or Token calls. Is there a workaround we can avoid this other than wrapping functionality in our API wrapper?
we are using final TokenResponse result = await appAuth.token(tokenRequest);