Local environments set up with self-signed certificates causing issues when used in OAuth 2 requests

musaid · November 13, 2017, 5:12pm

I have a team of developers working on a medium sized application. We have live, staging and development environments set up. Live and staging uses public domains with purchased certificates, and dev instances use self-signed certificates.

Our application consists of an API, App and an OAuth 2.0 server. While using Postman Chrome Plugin, we are able to perform OAuth 2.0 requests once we accept the certificate through the browser. Recently, after we noticed the deprecation messages of chrome plugin, we have switched to the native application.

However, we are unable to perform OAuth 2.0 token requests on dev environments now. The dialog shows a blank page. The Dev Tools and Console does not show any kind of responses. Switching to live environments works though.

Is there any way to find out what’s happening? We have tried importing the certificates to no avail. Also, disabling SSL verification in settings doesn’t seem to fix it either.

kamalaknn · November 15, 2017, 3:03pm

Postman allows you to configure client certificates for your self-signed certificates. Could you try adding certificates for your internal URLs to Postman and retry this.

You can find more information about using client certificates here - https://www.getpostman.com/docs/postman/sending_api_requests/certificates

If that doesn’t help, you should be able to find the token request and errors in the Postman Console(View -> Show Postman Console).

musaid · December 10, 2017, 10:20am

Hi. I have tried adding the certificates as you suggested. It’s failing to work though. I have also tried checking it on v5.5.0. No luck.

Also, Authorize request of the OAuth 2.0 process is not captured by the Dev Console. The Access Token request does show up.