Open Excel1 opened 2 weeks ago
Badisi
commented
2 weeks ago While working in a local dev environment, localhost or 127.0.0.1 are usually considered "secured".
So using http://localhost as the redirect should be fine.
You can also activate https with your Vue local dev server:
// vue.config.js
module.exports = {
devServer: {
...
host: '0.0.0.0',
https: true,
...
}
}
Excel1
commented
2 weeks ago @Badisi Correct but if you got multiple server like keycloak oidc running on your local enviroment and mobile device emulator for developing web apps (android studio) you are forced to use hostnames or ips.
Activating https results into mixed-content cause e.g. keycloak isnt running on https.
pamapa
commented
2 weeks ago There is no way going back. We are using browser built-in modules as much as possible. If you control you network you might can use development only proxy and handle what you need there...
You can still use v2.4.0 of this library, which does not use Crypto.subtle but custom code, which does not enforce localhost or https...
Excel1
commented
2 weeks ago I can fully understand why system components are favoured. However, it's just interesting that similarly sized/larger ones take a different path
I am currently working on a Vue WebApp (+ Capacitor) and would like to develop in the private network, but I always get the following error message: "Crypto.subtle is available only in secure contexts (HTTPS).": It occurs as soon as I am redirected back from e.g. paypal in the web browser or with capacitor as soon as I click on the login button. My redirect_uri is http://:.
The security mechanism specifies that you should be in the protected network, which can be done by certificates etc. but is very time-consuming (especially since this is not necessary for almost all other oidc clients). It would be nice to switch off this feature for the develop operation by e.g. a parameter.