bryanapellanes-okta
commented
3 years ago Correction to the above; apparently adding the android:networkSecurityConfig="@xml/network_security_config" attribute to the application manifest is possible by editing the AndroidManifest.xml file that exists in the Properties folder of your Xamarin Android project.
After extensive investigation into this issue (https://github.com/okta/okta-oidc-xamarin/issues/44) I've determined the root cause. The root certificate authority for the custom domain is not trusted by the android device so, after authentication completes, the Sdk attempts to exchange the authentication code for tokens but the call fails because the root CA is not trusted. See this line of code, https://github.com/okta/okta-oidc-xamarin/blob/release-v3.0.0-dev/Okta.Xamarin/Okta.Xamarin/OidcClient.cs#L489
This issue cannot be corrected using only Xamarin tools, related Xamarin issue here: https://github.com/xamarin/xamarin-android/issues/2176See subsequent comment belowIn order to trust the CA one must use one of the options described here: https://developer.android.com/training/articles/security-config
However, there is no easy intuitive way to add the xml attributeSee subsequent comment belowandroid:networkSecruityConfig="@xml/network_security_config"to the application element of theAndroidManifest.xmlfile. To accomplish this, one must first build the Xamarin Android project, then navigate in the filesystem to the location the Xamarin build tools place temporary files and manually edit the AndroidManifest.xml file directly. In my case the build output went to ./obj/Debug/110/I will modify the Okta Sdk to bring awareness to our developers when this issue arises, by adding an
AuthCodeTokenExchangeFailedevent.Originally posted by @bryanapellanes-okta in https://github.com/okta/okta-oidc-xamarin/issues/44#issuecomment-921959099