julienbodet
commented
5 years ago Seems related to this issue.
In a debug environment, you can tell AppAuth to bypass SSL cert validation by setting a custom NSURLSession and its delegate like this:
OIDURLSessionProvider.setSession(URLSession(configuration: .default, delegate: self, delegateQueue: nil))Then implement this URLSessionDelegate's function to trust the certificate:
public func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Swift.Void) {
completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
}Also, as you said, you'll need to install and trust the root certificate on your devices/simulators to be able to load the authorization page within the Safari tab.
I hope it helps!
roshandharpure
oguzhanvarsak
This in particular to an issue that we are facing currently. The OAuth Provider's SSL Certificates received is probably ill formed when received by the SDK, as in only the leaf node(domain) that is received after a curl command instead of the entire chain.
However , this setup is in a development environment and the SSL Certs applied on the domain aren't public certs by the Certificate Authority but Internal Bank issued Certs (Root, Intermediate, Domain) that are put in keychain and simulators trust store. My queries are around the following
Im ask particular considering the limited knowledge on SSL Certs and validation within :)