insomnia icon indicating copy to clipboard operation
insomnia copied to clipboard

Published 20 hours ago verified publisher icon Kong

OAuth 2.0 - ERR_CERT_AUTHORITY_INVALID

Open neeleshramputh opened this issue 4 years ago • 9 comments

Describe the bug

White window open when button "Fetch Tokens" is clicked.

To Reproduce

  1. Uncheck "Validate certificates" in "Preferences"
  2. Configure Authentication with OAuth 2.0 Authorization URL and Access Token URL with self signed https endpoints
  3. Click on Fetch Tokens

Expected behavior Certificates should not be validated when opening Authorization URL and OAuth 2.0 flow to complete as normal.

Screenshots Insomnia White Screen

Devtool Console Error

Desktop (please complete the following information): Version: Insomnia Core 2020.5.2 Release date: 12/9/2020 OS: Windows_NT x64 10.0.18363 Electron: 9.1.1 Node: 12.14.1 V8: 8.3.110.13-electron.0 Architecture: x64 node-libcurl: libcurl/7.69.1-DEV OpenSSL/1.1.1d zlib/1.2.11 WinIDN libssh2/1.9.0_DEV nghttp2/1.40.0

neeleshramputh avatar Feb 04 '21 06:02 neeleshramputh

Same as https://github.com/Kong/insomnia/issues/2778, I'm also experiencing this.

judge2020 avatar Feb 11 '21 03:02 judge2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar May 27 '21 20:05 stale[bot]

This is a really big issue when developing/testing oauth clients locally.

judge2020 avatar May 27 '21 20:05 judge2020

We also experiencing this too. We keep waiting. This feature is vital for using OAuth during the testing process where self-signed certificates are used.

kaedros avatar Jun 17 '21 16:06 kaedros

Experiencing this issue too. Although I've unchecked the 'Validate certificates' setting I tried manually adding the certifcate as a workaround: does not work either

sandercamp avatar Jul 15 '21 11:07 sandercamp

I am also having this issue. Verified that I can get back my access token using Postman.

nathanjwtx avatar Aug 08 '21 13:08 nathanjwtx

old issue but still experiencing, the authentication scheme (resource_grant, client_credentials, etc doesn't seem to matter) this breaks most of my requests for local development

gerethd avatar Oct 28 '21 22:10 gerethd

I had the same issue but then I found another setting under security where you can disable certificate check during authentication. It's not perfect but it allows for testing auth locally for me. image

jaras avatar Nov 18 '21 10:11 jaras

There are TWO places to disable the validation of certificates:

Request/Response - for disabling the certificate validation during API requests Security - for disabling the certificate validation during authentication flows, ie getting an OAuth token.

This second one is what needs to be disabled to make the OAuth token flow work when the certification is invalid.

steveswinsburg avatar Jul 12 '23 05:07 steveswinsburg