HTTPS problem with VPN IP server

MaikuB / flutter_appauth

A Flutter wrapper for AppAuth iOS and Android SDKs

269 stars 239 forks source link

HTTPS problem with VPN IP server #367

Open exonent opened 1 year ago

exonent commented 1 year ago

Hi!

I'm trying to connect to private server HTTPS, using VPN and IP. It works on the web (I have to trust the site, but works), the problem is when I move to mobile app. I created a Flutter project (A button that connect with my OAUTH server). I tried it with auth0.com as an example and works! But when I'm using an untrusted server, I can't use it and the Log gives me the following error: E/CONSCRYPT(10959): ------------------Untrusted chain: ----------------------

So, As you can see from the screenshots, I tried to allow all connections and create a network security config XML file as Android says on their website. But it does not work:

So I downloaded my certificates and added to my project:

But it keeps saying:is not verified, Any idea?

Also, I added the allowInsecureConnections: true but.. meeeeh :( Thanks! Have a good day!

MaikuB commented 1 year ago

It sounds like this PR may solve your issue https://github.com/MaikuB/flutter_appauth/pull/149. As I had no way to verify the PR itself, this is why the PR has been left as is. It is out of date but you can see if it helps solve the problem. If it does then it'd be great if you can to provide details on how to setup a server easily so I can check too.

Also, what happens on iOS? I've not worked with using servers with untrusted/self-signed certs but I would imagine the same issue occurs then. It might be that you'll need to look into a solution for both platforms

exonent commented 1 year ago

Ok, it's solved with:

network_security_config.xml (Android)

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true" />
    <domain-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user"/>
            <certificates src="@raw/root_ca" />
        </trust-anchors>
        <domain includeSubdomains="true">11.111.111.111:8443</domain>
        <domain includeSubdomains="true">11.111.111.111</domain>
    </domain-config>
</network-security-config>

AndroidManifest.xml

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.dev.auth">
   <application
        android:label="auth"
        android:name="${applicationName}"
        android:icon="@mipmap/ic_launcher"
        android:usesCleartextTraffic="true"
        android:networkSecurityConfig="@xml/network_security_config">

And export de .crt file into res/xml folder.

Also added:

AuthorizationTokenRequest(
          AUTH0_CLIENT_ID,
          AUTH0_REDIRECT_URI,
          allowInsecureConnections: true, // <-- here
          discoveryUrl: 'https://$AUTH0_DOMAIN',

Thx and hope that helps :)

exonent commented 1 year ago

Now I'm on iOS, when I finish I will post the result and guide of how to do that.

tungtt1501 commented 1 year ago

Hi @exonent Maybe I got the same issue with you https://github.com/MaikuB/flutter_appauth/issues/386. I've fixed for android version but can't find any solution for IOS version . Any update for this issue?