During the authentication steps using the Application Password credentials, some redirections might happen as the URL changes between http and https.
Currently, our network request API is not configured to pass forward the request header, making the credentials unavailable and failing the authentication process.
Possible solutions
The solution for this can be achieved from two approaches:
Use a request header forwarding strategy inside the ApplicationPasswordsNetwork by supplying the RequestQueue with the name custom-ssl-custom-redirects. However, this would require deeper research on any potential regressions.
Make changes to how we infer https websites. WCiOS already treats all websites as SSL-ready and displays an error for sites that don't. Android could follow the same approach.
Issue
During the authentication steps using the Application Password credentials, some redirections might happen as the URL changes between http and https.
Currently, our network request API is not configured to pass forward the request header, making the credentials unavailable and failing the authentication process.
Possible solutions
The solution for this can be achieved from two approaches:
Use a request header forwarding strategy inside the ApplicationPasswordsNetwork by supplying the RequestQueue with the name custom-ssl-custom-redirects. However, this would require deeper research on any potential regressions.
Make changes to how we infer https websites. WCiOS already treats all websites as SSL-ready and displays an error for sites that don't. Android could follow the same approach.