Closed terrencejames closed 5 years ago
looks related to https://github.com/xamarin/Xamarin.Auth/issues/95 ?
It looks like the WkWebView should have a didReceiveAuthenticationChallenge handler... :P
Er, I meant the WkWebViewNavigationDelegate
I modified the source code to add this in the WkWebViewNavigationDelegate (I defaulted to using WkWebViews)
public override void DidReceiveAuthenticationChallenge(WKWebView webView, NSUrlAuthenticationChallenge challenge, Action<NSUrlSessionAuthChallengeDisposition, NSUrlCredential> completionHandler)
{
completionHandler(
NSUrlSessionAuthChallengeDisposition.UseCredential,
NSUrlCredential.FromTrust(challenge.ProtectionSpace.ServerSecTrust));
return;
}
I'm able to bypass the certificate error and the OAuth dialog shows, but after successfully logging in the app crashes with another certificate problem, but the authentication is shown to be successful. Let me know if you would like a stack trace.
Is there a particular reason you're using a self signed certificate? This is generally considered a bad practice. Perhaps consider using something like letsencrypt to get a trusted signed cert?
Supporting self signed certificates is not currently on our roadmap, sorry.
Is there a way to bypass problems with connecting to a server using a self-signed certificate?
Version
[ ] sample
Steps to reproduce
Expected behaviour
Be able to bypass/trust the self signed certificate; on Android this works fine without adding extra code.
Actual behaviour
No option to bypass/trust the self signed certificate.
Comments
I tried using
ServicePointManager.ServerCertificateValidationCallback
but it does not work. Our app has its own HttpClient and handler for pinning self signed certificates, but I noticed that in the Request class it is using its own HttpClient. If I override this class, I'm not sure where/how the OAuth2Authenticator will utilize my derived instance of Request/OAuth2Request.